[Ihaveproblems]

Here is my MBAM, AVG and spybot logs with my hijack log. Main prob seems to be cryptor virus and Trojan.TDSS - can quarantine and delete but it always comes back. I have run all these anti/mal/virus in safe mode and regular mode many times and can't get rid or these.


AVG SCAN RESULT "C:\WINDOWS\system32\winlogon.exe (220)";"Virus identified Win32/Cryptor";"Infected" "C:\WINDOWS\system32\svchost.exe (604)";"Virus identified Win32/Cryptor";"Infected" "C:\WINDOWS\system32\services.exe (268)";"Virus identified Win32/Cryptor";"Infected" "C:\WINDOWS\system32\lsass.exe (280)";"Virus identified Win32/Cryptor";"" "C:\WINDOWS\explorer.exe (848)";"Virus identified Win32/Cryptor";"" "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (1132)";"Virus identified Win32/Cryptor";"Infected" "C:\Program Files\AVG\AVG8\avgtray.exe (1020)";"Virus identified Win32/Cryptor";"Infected" "C:\Program Files\AVG\AVG8\avgscanx.exe (1220)";"Virus identified Win32/Cryptor";"Infected" "C:\Program Files\AVG\AVG8\avgcsrvx.exe (1244)";"Virus identified Win32/Cryptor";"Infected" "\\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll";"Vir us identified Win32/Cryptor";"Moved to Virus Vault" "\\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll";"Vir us identified Win32/Cryptor";"Infected" "\\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll";"Vir us identified Win32/Cryptor";"Infected" "\\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll";"Vir us identified Win32/Cryptor";"Infected" "\\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll";"Vir us identified Win32/Cryptor";"Moved to Virus Vault" "\\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll";"Vir us identified Win32/Cryptor";"Infected" "\\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll";"Vir us identified Win32/Cryptor";"Infected" "\\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll";"Vir us identified Win32/Cryptor";"Infected" "\\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll";"Vir us identified Win32/Cryptor";"Infected"


Malwarebytes' Anti-Malware 1.40 Database version: 2556 Windows 5.1.2600 Service Pack 3 04/08/2009 01:07:58 mbam-log-2009-08-04 (01-07-57).txt Scan type: Quick Scan Objects scanned: 113539 Time elapsed: 13 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 28 Registry Values Infected: 17 Registry Data Items Infected: 7 Folders Infected: 1 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: \\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll (Trojan.TDSS) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{57561aee-f112-4fc9-83b0-aa6044a94910} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{57561aee-f112-4fc9-83b0-aa6044a94910} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{18b0e5c0-4fcb-11cf-aax5-004016608512} (Generic.Bot.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567 edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{191 27ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43b f8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\KSD2Service (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pcmstub (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\15502964 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explo rer\Run\exec (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe before1main) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advan ced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully. Files Infected: \\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Quarantined and deleted successfully. C:\Documents and Settings\Alexis\Local Settings\Temporary Internet Files\Content.IE5\TEF9AEE0\setup[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\0.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\strt_1246648464.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\strt_1246749553.exe (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\0101120101465749.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.40 Database version: 2577 Windows 5.1.2600 Service Pack 3 07/08/2009 20:22:58 mbam-log-2009-08-07 (20-22-58).txt Scan type: Quick Scan Objects scanned: 102981 Time elapsed: 6 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: \\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll (Trojan.TDSS) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: \\?\globalroot\systemroot\system32\hjgruinjxyjlqm.dll (Trojan.TDSS) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:31:41, on 07/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe C:\DOCUME~1\Alexis\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Alexis\Desktop\tools.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...=1008&m=aoa150 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O1 - Hosts: ::1 localhost O1 - Hosts: 209.44.111.62 antispy.microsoft.com O1 - Hosts: 209.44.111.62 antiaware-pro.com O1 - Hosts: 209.44.111.62 www.antiaware-pro.com O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing) O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\hikovoke.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe (file missing) O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing) O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe O23 - Service: crd - Unknown owner - C:\DOCUME~1\Andrew\LOCALS~1\Temp\IXP001.TMP\poststp.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9fcf6448b558a) (gupdate1c9fcf6448b558a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Secondary Logon seclogonxmlprov (seclogonxmlprov) - Unknown owner - C:\WINDOWS\system32\acodek.exe (file missing) -- End of file - 10523 bytes