Browser problems & strange error messages

Printable View

Show 40 post(s) from this thread on one page

June 16th, 2009, 08:52 AM
jonmy

Browser problems & strange error messages

Hi - I'm getting some problems when browsing or attempting to open a page from a link (its opening sometimes after 3 attempts or not at all) and also getting error pop ups. Also when I try to open some of my files the app crashes (like Word). Any help would be very much appreciated as I am not too savvy with this kind of thing.

I've run a Hijackthis scan

Thnx

Jon

Logfile of HijackThis v1.99.1
Scan saved at 8:31:18 AM, on 6/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\metc\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jonathan\My Documents\Security, Virus & Spyware Protection\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://ajmyers.4java.ca
O15 - Trusted Zone: http://www.coolinvestor.com
O15 - Trusted Zone: http://*.eblackbox.net
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.schaeffersresearch.com/download/CfxIEAx.cab
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} (ChartFX Internet Financial Client 4.0) - http://www.schaeffersresearch.com/Do...4Financial.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: metc-mysql - Unknown owner - C:\metc\mysql\bin\mysqld-nt.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
June 16th, 2009, 09:14 AM
Train

Follow the instructions here.
http://discussions.virtualdr.com/sho...d.php?t=197917
June 16th, 2009, 09:24 AM
jonmy

Ok, thnx, I'll do that. Just one question, i have AVG running, do I stop this or let it continue while doing the other things?
June 16th, 2009, 05:50 PM
Train

Leave it running for now.
June 16th, 2009, 10:09 PM
Broni

Make sure, you use our link to download HJT, since your version is outdated.
June 17th, 2009, 07:34 AM
jonmy

Yes, thnx, will do...
June 22nd, 2009, 01:25 PM
jonmy

RE Browser problems & strange error messages

Hi - I followed the instructions for Superantispyware and Malwarebytes (which found and removed spme things) but had problems with gmer. It ran then when I checked it had finished my system had crashed. And I couldn't get a log. On restarting chkdisk was run automatically (with some things being fixed). Following this problems as before are still there. Also boot takes much longer now.

Any help would be appreciated.

Thnx.

Logs as follows:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/16/2009 at 06:56 PM

Application Version : 4.22.1014

Core Rules Database Version : 3942
Trace Rules Database Version: 1884

Scan type : Complete Scan
Total Scan Time : 02:13:55

Memory items scanned : 148
Memory threats detected : 0
Registry items scanned : 7384
Registry threats detected : 0
File items scanned : 200076
File threats detected : 202

Adware.Tracking Cookie
C:\Documents and Settings\Jonathan\Cookies\jonathan@accountancyage[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@adinterax[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@adrevolver[2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@11627418[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@atdmt[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@pwc[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@statcounter[2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@questionmarket[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@serving-sys[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@kontera[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@zedo[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@apmebf[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@tribalfusion[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@collective-media[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@pwcuk[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@chitika[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@invitemedia[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@tacoda[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@77tracking[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@bristol-ext[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1058016793[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@revsci[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@advertising[2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@5233448[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@adviva[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@lse[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@burstnet[2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@countrycallingcodes[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@media6degrees[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@travelexcom[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@cgi-bin[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@adtech[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@dmtracker[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@trafficmp[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@specificclick[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@32020749[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1071750821[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1044287580[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1064725664[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@mediaplex[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@tradedoubler[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@66651396[2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@cgi-bin[3].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@75452214[2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1069095226[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@hotlog[2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1070571421[2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@intermundomedia[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@azjmp[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1038508577[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@hitbox[2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@travelex[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@interclick[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@cgi-bin[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@S130923[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1072369480[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@casalemedia[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@capemaycountyherald[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@pro-market[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@valueclick[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@doubleclick[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1066705604[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@fastclick[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@insightexpressai[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@xiti[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@36491059[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@bristol[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@specificmedia[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1071060019[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@ak[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@realmedia[2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@adlegend[2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@elitetrader[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1071617997[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1072546229[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1069695406[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@tdstats[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1054028224[2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@************[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@adbrite[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@bravenet[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@trackalyzer[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1065846711[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@adrevolver[3].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1070369589[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1069721519[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1068592129[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@clicket[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@elitechoice[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1071603191[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@27908301[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1040926861[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1072740219[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@1068570593[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@strath-ext[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@strathclyde[1].txt
C:\Documents and Settings\Jonathan\Cookies\[email protected][1].txt
.bs.serving-sys.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\6cpxf44d.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\6cpxf44d.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\6cpxf44d.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\6cpxf44d.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\6cpxf44d.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\6cpxf44d.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\6cpxf44d.default\cookies.txt ]
C:\Documents and Settings\Jonathan\Cookies\jonathan@accounts[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@webstats[1].txt

Trojan.Unclassified-Packed/Suspicious
C:\PROGRAM FILES\COMMON FILES\SOFTINFORM\************\SEARCHENGINE\PLUGINS\ICQDS.DLL
C:\PROGRAM FILES\COMMON FILES\SOFTINFORM\************\SEARCHENGINE\PLUGINS\MDBDS.DLL
C:\PROGRAM FILES\COMMON FILES\SOFTINFORM\************\SEARCHENGINE\PLUGINS\QIPDS.DLL
C:\PROGRAM FILES\COMMON FILES\SOFTINFORM\************\SEARCHENGINE\PLUGINS\TRILLIANDS.DLL
C:\PROGRAM FILES\COMMON FILES\SOFTINFORM\************\SEARCHENGINE\PLUGINS\YAHOODS.DLL

Malwarebytes' Anti-Malware 1.37
Database version: 2290
Windows 5.1.2600 Service Pack 2

6/17/2009 6:01:44 AM
mbam-log-2009-06-17 (06-01-44).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 381071
Time elapsed: 2 hour(s), 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Jonathan\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
c:\documents and settings\Jonathan\application data\funwebproducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
c:\documents and settings\Jonathan\application data\funwebproducts\Data\Jonathan (Adware.MyWay) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Jonathan\application data\funwebproducts\Data\Jonathan\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\f49f4daa.dat (Worm.Koobface) -> Quarantined and deleted successfully.
June 22nd, 2009, 01:26 PM
jonmy

HJT log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:01 PM, on 6/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\metc\mysql\bin\mysqld-nt.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jonathan\My Documents\Security, Virus & Spyware Protection\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://ajmyers.4java.ca
O15 - Trusted Zone: http://www.coolinvestor.com
O15 - Trusted Zone: http://*.eblackbox.net
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.schaeffersresearch.com/download/CfxIEAx.cab
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} (ChartFX Internet Financial Client 4.0) - http://www.schaeffersresearch.com/Do...4Financial.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: metc-mysql - Unknown owner - C:\metc\mysql\bin\mysqld-nt.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) - http://www.psychonomics.com/bg1e2.jpg
O24 - Desktop Component 1: (no name) - http://static11.digitallook.com/dlme...erplots_sm.gif

--
End of file - 9826 bytes
June 22nd, 2009, 06:05 PM
Broni
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  - Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  - Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  - Close any open browsers.
  - WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  - Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  - If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.
June 23rd, 2009, 07:30 PM
jonmy

Thanks for the info, and I ran the program..

Here are the logs

ComboFix 09-06-22.0E - Jonathan 06/23/2009 18:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.446 [GMT -4:00]
Running from: c:\documents and settings\Jonathan\My Documents\Security, Virus & Spyware Protection\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LOGICAL_DISK_MANAGER_(DMSERVER)_

((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-12 17:35 . 2009-06-12 17:35 -------- d-----w- c:\program files\Mentat Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 22:56 . 2007-10-25 23:01 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Skype
2009-06-23 21:09 . 2009-05-04 15:31 117760 ----a-w- c:\documents and settings\Jonathan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-22 18:33 . 2009-04-26 16:29 -------- d-----w- c:\documents and settings\Jonathan\Application Data\HPAppData
2009-06-16 23:41 . 2008-12-07 14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 23:41 . 2009-01-10 23:49 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-16 23:29 . 2008-12-07 12:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-12 17:13 . 2009-04-22 21:51 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-26 17:20 . 2008-12-07 14:42 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2008-12-07 14:42 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-10 12:28 . 2009-05-07 22:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-10 12:28 . 2009-05-07 22:26 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-10 12:28 . 2007-09-06 22:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-10 12:28 . 2009-05-07 22:26 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 22:26 . 2009-05-07 22:26 -------- d-----w- c:\program files\AVG
2009-05-07 22:26 . 2009-05-07 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-07 15:44 . 2004-08-05 04:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 16:39 . 2008-01-16 18:49 -------- d-----w- c:\program files\EditURLs
2009-04-30 16:17 . 2009-04-26 13:45 -------- d-----w- c:\program files\Visual Web Spider
2009-04-29 04:52 . 2004-08-05 04:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2004-08-05 04:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 16:14 . 2007-04-20 17:06 -------- d-----w- c:\documents and settings\Jonathan\Application Data\HP
2009-04-26 16:10 . 2009-04-26 15:43 179886 ----a-w- c:\windows\hpwins14.dat
2009-04-26 16:02 . 2009-04-26 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-26 16:02 . 2007-04-20 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-04-26 15:59 . 2009-04-26 15:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-04-26 15:51 . 2009-04-26 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-19 12:41 . 2009-04-19 12:41 2238 ----a-r- c:\documents and settings\Jonathan\Application Data\Microsoft\Installer\{E13E39B1-15C3-438C-AEF0-F139D76885CD}\_E7BE53D81FD1CDFA64EE50.exe
2009-04-19 12:41 . 2009-04-19 12:41 2238 ----a-r- c:\documents and settings\Jonathan\Application Data\Microsoft\Installer\{E13E39B1-15C3-438C-AEF0-F139D76885CD}\_6FEFF9B68218417F98F549.exe
2009-04-19 12:41 . 2009-04-19 12:41 2238 ----a-r- c:\documents and settings\Jonathan\Application Data\Microsoft\Installer\{E13E39B1-15C3-438C-AEF0-F139D76885CD}\_5AEBB092279F0AFC2F2325.exe
2009-04-19 12:41 . 2009-04-19 12:41 2238 ----a-r- c:\documents and settings\Jonathan\Application Data\Microsoft\Installer\{E13E39B1-15C3-438C-AEF0-F139D76885CD}\_16B213D934B8D13B1A05BA.exe
2009-04-17 09:58 . 2004-08-05 04:00 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-05 04:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-06 22:19 . 2007-04-20 08:23 74416 ----a-w- c:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 22:18 . 2009-04-06 21:30 154408 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2008-03-09 01:58 . 2007-09-03 18:37 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-03-09 01:58 . 2007-09-03 18:37 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-03-09 01:58 . 2007-09-03 18:37 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-03-09 01:58 . 2007-09-03 18:37 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-03-09 01:58 . 2007-09-03 18:37 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"EnGraph QuickTimeKiller"="c:\program files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe" [2005-03-20 45056]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-10 1947928]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 12:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=c:\windows\pss\eFax 4.3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=c:\documents and settings\Jonathan\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jonathan^Start Menu^Programs^StartUp^WordWeb.lnk]
path=c:\documents and settings\Jonathan\Start Menu\Programs\StartUp\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\ws_ftp95.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/6/2008 5:14 PM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/7/2009 6:26 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/7/2009 6:26 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/17/2008 4:11 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 4:11 PM 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/7/2009 6:26 PM 298776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/10/2008 12:58 PM 210216]
R2 metc-mysql;metc-mysql;c:\metc\mysql\bin\mysqld-nt.exe metc-mysql --> c:\metc\mysql\bin\mysqld-nt.exe metc-mysql [?]
S3 PAC7311;CamMaestro 1.0.2.4 Build 390P;c:\windows\system32\drivers\PA707UCM.sys [6/19/2006 5:56 PM 156416]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 4:11 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: 4java.ca\ajmyers
Trusted Zone: coolinvestor.com\www
Trusted Zone: eblackbox.net
Trusted Zone: psychonomics.com\www
DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} - hxxp://www.schaeffersresearch.com/Download/Cfx4Financial.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 18:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3140)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\WebCam Companion\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\metc\mysql\bin\mysqld-nt.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\PAStiSvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-06-23 18:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-23 22:59

Pre-Run: 36,894,081,024 bytes free
Post-Run: 38,455,644,160 bytes free

203 --- E O F --- 2009-06-16 13:10
June 23rd, 2009, 07:31 PM
jonmy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:33 PM, on 6/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\metc\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jonathan\My Documents\Security, Virus & Spyware Protection\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://ajmyers.4java.ca
O15 - Trusted Zone: http://www.coolinvestor.com
O15 - Trusted Zone: http://*.eblackbox.net
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.schaeffersresearch.com/download/CfxIEAx.cab
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} (ChartFX Internet Financial Client 4.0) - http://www.schaeffersresearch.com/Do...4Financial.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: metc-mysql - Unknown owner - C:\metc\mysql\bin\mysqld-nt.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) - http://www.psychonomics.com/bg1e2.jpg
O24 - Desktop Component 1: (no name) - http://static11.digitallook.com/dlme...erplots_sm.gif

--
End of file - 9991 bytes
June 23rd, 2009, 07:43 PM
Broni

Uninstall Combofix:

Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u"
Restart computer.

=================================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

none

4. You may also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
- O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
- O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
- O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
- O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.
June 24th, 2009, 04:36 PM
jonmy

Carried out those instructions but still having problems...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:57 PM, on 6/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\metc\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Jonathan\My Documents\Security, Virus & Spyware Protection\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: http://ajmyers.4java.ca
O15 - Trusted Zone: http://www.coolinvestor.com
O15 - Trusted Zone: http://*.eblackbox.net
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.schaeffersresearch.com/download/CfxIEAx.cab
O16 - DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} (ChartFX Internet Financial Client 4.0) - http://www.schaeffersresearch.com/Do...4Financial.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: metc-mysql - Unknown owner - C:\metc\mysql\bin\mysqld-nt.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) - http://www.psychonomics.com/bg1e2.jpg
O24 - Desktop Component 1: (no name) - http://static11.digitallook.com/dlme...erplots_sm.gif

--
End of file - 9062 bytes
June 24th, 2009, 04:44 PM
Broni

Quote:

still having problems...

...which are?
June 24th, 2009, 04:59 PM
jonmy

documents won't open - and crash the program eg sometimes if I try to open a Word doc, everything freezes, with then the desktop items disappearing. They then reappear after a few seconds. It happens with other document types as well.

Links in emails won't open

Sometimes browser (I use Google) won't open - after clicking several times it opens

Error messages flash - usually when closing a browser screen. But also when shutting down (An 'end program..' type of UI with a blue progress bar )

Show 40 post(s) from this thread on one page