Solved: trojan keeps comming back after i scan.

[robpa]

hi, thank goodness i found this website. been reading an u guys/gals do a great job. okay. i got the antivirus2008 virus and along with came a trojan downloader and lot of spyware. i tried to manuly remove all i could. i still have a downloader called conhook.aa i deleat it from my reg but it contiunes to return, thanks in advance.
rob

scan was done in safemode. dont know if it makes a differnce or not.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:23 PM, on 9/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebR...90M7B&application=305&modelID=RC681AA&LF=blue
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\[email protected]\FileUtilities.3\mount.exe /z
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: rgfxmz.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9564 bytes

 

[robpa]

and every time i try to do a online scan, it shuts my pc down.

 

[robpa]

okay i just spent my last 20$ on avg. praying it finds everything.

 

[robpa]

hi. few days ago i downloaded a mpeg editor for some home video we made. well in this package was the vundo.trojan. i ran spynomore and it showed me about 30 trojans and dll that where infected. so i cleaned it with AVG. well later that night my isp was reset and i could not get online. so i said what the heck lets scan again. AVG detected about 20 more trojans and dlls. so i cleaned them. again. well this morning i scaned again and the result was more trojans but this time they where not named vundo. it was named Generic11.AEES. and again some dll. so i cleaned them again. now i cant access the enternet. it will start up really slow, then give me a visual++runtime libary error, or more antivirs popup. then shuts down the IE. here is my HJT log. hope you can help.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:42 AM, on 9/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\arservice.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebR...90M7B&application=305&modelID=RC681AA&LF=blue
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe /P QuickCare
O4 - HKLM\..\Run: [BM0f81b05c] Rundll32.exe "C:\WINDOWS\system32\asqsjirj.dll",s
O4 - HKLM\..\Run: [0cb283c0] rundll32.exe "C:\WINDOWS\system32\ltfjntmk.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\[email protected]\FileUtilities.3\mount.exe /z
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ,avgrsstx.dll qohaly.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
--
End of file - 8769 bytes








okay i scanned again and deleated more trojans. i have also discoverd my browser is infected. when i start IE i get antivirus popup still. AVG keeps tellimg me Threat detected virus found Win32/heur process name: C:\windows\Explorer.EXE.
file name: 207.226.178.149\t655.dll

i have tried scanning once again with no threats. yet my IE keeps crashing with popups, and AVG keeps popping up with alerts. PLEASE HELP. =(

AFTER reading alot of post in this thread i have come to the conclusion that alot of or problems are casued by Zlob/vundo antivirus2008. i researched it and have tried all fixes and updates. so far none have worked.. geez

thanks.



Fixwareout scan
Username "HP_Administrator" - 09/23/2008 14:36:04 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"RTHDCPL"="RTHDCPL.EXE"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"DMAScheduler"="\"c:\\Program Files\\HP DigitalMedia Archive\\DMAScheduler.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"EverioService"="\"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe\""
"SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"QuickCare"="C:\\Program Files\\Qwest\\Quickcare\\bin\\sprtcmd.exe /P QuickCare"
"0cb283c0"="rundll32.exe \"C:\\WINDOWS\\system32\\ujhewqtt.dll\",b"
"BM0f81b05c"="Rundll32.exe \"C:\\WINDOWS\\system32\\xthvtskx.dll\",s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"mount.exe"="C:\\Program Files\\GiPo[email protected]\\FileUtilities.3\\mount.exe /z"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

 

[robpa]

combo fix report

ComboFix 08-09-22.05 - HP_Administrator 2008-09-23 14:20:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.417 [GMT -6:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\tmp1.tmp
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\tmp2.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\HP_Administrator\Application Data\Adobe\crc.dat
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\BM0f81b05c.txt
C:\WINDOWS\BM0f81b05c.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\fccyvVNH.dll
C:\WINDOWS\system32\GgjSsCcf.ini
C:\WINDOWS\system32\hgGvSMcD.dll
C:\WINDOWS\system32\iifcBSIx.dll
C:\WINDOWS\system32\IjkTwGgh.ini
C:\WINDOWS\system32\kmtnjftl.ini
C:\WINDOWS\system32\ndfyishh.ini
C:\WINDOWS\system32\pXGMnqss.ini
C:\WINDOWS\system32\pXGMnqss.ini2
C:\WINDOWS\system32\qoMgeBUL.dll
C:\WINDOWS\system32\ssqnMGXp.dll
C:\WINDOWS\system32\ttqwehju.ini
C:\WINDOWS\system32\uhurkysa.ini
D:\Autorun.inf
----- BITS: Possible infected sites -----
http://78.157.143.163
.
((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.
2008-09-23 13:47 . 2008-09-23 13:47 1,124 --a------ C:\WINDOWS\system32\twojyjir.dll
2008-09-23 13:32 . 2008-09-23 13:32 1,124 --a------ C:\WINDOWS\system32\inylfrho.dll
2008-09-23 13:29 . 2008-09-23 13:29 89,600 --a------ C:\WINDOWS\system32\ujhewqtt.dll
2008-09-23 13:29 . 2008-09-23 13:29 1,124 --a------ C:\WINDOWS\system32\avwduqsw.dll
2008-09-23 13:26 . 2008-09-23 13:26 111,616 --a------ C:\WINDOWS\system32\tfabpitd.dll
2008-09-23 13:26 . 2008-09-23 13:26 111,616 --a------ C:\WINDOWS\system32\jknnbs.dll
2008-09-23 13:23 . 2008-09-23 13:23 1,124 --a------ C:\WINDOWS\system32\vktbeugi.dll
2008-09-23 13:20 . 2008-09-23 13:20 1,124 --a------ C:\WINDOWS\system32\yobiixnq.dll
2008-09-23 13:18 . 2008-09-23 13:18 1,124 --a------ C:\WINDOWS\system32\jcelbcjf.dll
2008-09-23 13:17 . 2008-09-23 13:17 97,280 --a------ C:\WINDOWS\system32\xthvtskx.dll
2008-09-23 11:01 . 2008-09-23 11:01 5,556 --a------ C:\WINDOWS\system32\wcygymxr.dll
2008-09-23 10:57 . 2008-09-23 10:57 89,600 --a------ C:\WINDOWS\system32\ltfjntmk.dll
2008-09-23 10:54 . 2008-09-23 10:54 111,616 --a------ C:\WINDOWS\system32\qohaly.dll
2008-09-23 10:54 . 2008-09-23 10:54 111,616 --a------ C:\WINDOWS\system32\lghvltaf.dll
2008-09-23 10:51 . 2008-09-23 10:51 97,280 --a------ C:\WINDOWS\system32\asqsjirj.dll
2008-09-23 10:44 . 2008-09-23 10:44 <DIR> d-------- C:\Program Files\Qwest
2008-09-23 10:44 . 2008-09-23 10:44 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-09-23 10:44 . 2008-09-23 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-09-22 04:29 . 2008-09-22 04:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\CyberLink
2008-09-22 04:27 . 2008-09-22 04:27 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-22 04:21 . 2008-09-22 04:21 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-22 01:56 . 2008-09-22 02:08 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\muvee Technologies
2008-09-22 01:56 . 2008-09-22 01:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-09-22 01:47 . 2008-09-22 01:47 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-09-22 01:47 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-09-22 01:47 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-09-22 00:21 . 2008-09-22 00:21 <DIR> d-------- C:\Program Files\VideoReDoPlus
2008-09-22 00:21 . 2008-09-22 00:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\VideoReDoPlus
2008-09-22 00:19 . 2008-09-22 00:19 5,556 --a------ C:\WINDOWS\system32\kaasoogq.dll
2008-09-22 00:16 . 2008-09-22 00:16 113,152 --a------ C:\WINDOWS\system32\vgmvubot.dll
2008-09-22 00:16 . 2008-09-22 00:16 113,152 --a------ C:\WINDOWS\system32\qdodai.dll
2008-09-22 00:13 . 2008-09-22 00:13 5,556 --a------ C:\WINDOWS\system32\uuxsgysu.dll
2008-09-22 00:07 . 2008-09-22 00:07 5,556 --a------ C:\WINDOWS\system32\hyrwvoms.dll
2008-09-22 00:04 . 2008-09-22 00:04 5,556 --a------ C:\WINDOWS\system32\ypkpungs.dll
2008-09-22 00:01 . 2008-09-23 13:08 889,405 --ahs---- C:\WINDOWS\system32\IjkTwGgh.ini2
2008-09-21 23:02 . 2008-09-21 23:02 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Netscape
2008-09-21 22:22 . 2008-09-21 22:22 113,152 --a------ C:\WINDOWS\system32\vasbnc.dll
2008-09-21 22:22 . 2008-09-21 22:22 113,152 --a------ C:\WINDOWS\system32\hbntqtmq.dll
2008-09-21 22:18 . 2008-09-21 22:18 5,556 --a------ C:\WINDOWS\system32\hedrfsom.dll
2008-09-21 22:18 . 2008-09-21 22:18 5,556 --a------ C:\WINDOWS\system32\faaajyhp.dll
2008-09-21 22:16 . 2008-09-21 22:16 97,792 --a------ C:\WINDOWS\system32\nomxsccp.dll
2008-09-21 22:16 . 2008-09-21 22:16 5,556 --a------ C:\WINDOWS\system32\wcwrgowr.dll
2008-09-21 22:09 . 2008-09-23 13:12 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-21 22:06 . 2008-09-23 10:48 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-21 22:06 . 2008-09-21 22:06 <DIR> d-------- C:\Program Files\AVG
2008-09-21 22:06 . 2008-09-21 23:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-09-21 22:06 . 2008-09-21 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-21 22:06 . 2008-09-21 22:06 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-21 22:06 . 2008-09-21 22:06 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-21 22:06 . 2008-09-21 22:06 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-09-21 22:06 . 2008-09-21 22:06 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-21 21:27 . 2008-09-21 22:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-21 20:35 . 2008-09-21 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-21 20:33 . 2008-09-21 20:33 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-09-21 20:33 . 2008-09-21 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-21 20:06 . 2008-09-21 03:46 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-21 19:46 . 2008-09-21 19:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-21 19:32 . 2008-09-21 19:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-21 19:11 . 2008-09-21 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-21 18:40 . 2008-09-21 18:40 <DIR> d-------- C:\Program Files\[email protected]
2008-09-21 18:40 . 2008-09-21 18:40 <DIR> d-------- C:\Program Files\Common Files\Gibinsoft Shared
2008-09-21 18:39 . 2008-09-21 18:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-21 16:15 . 2008-09-21 16:15 113,152 --a------ C:\WINDOWS\system32\rgfxmz.dll
2008-09-21 16:15 . 2008-09-21 16:15 113,152 --a------ C:\WINDOWS\system32\ouelkqot.dll
2008-09-21 16:14 . 2008-09-21 22:49 849,165 --ahs---- C:\WINDOWS\system32\GgjSsCcf.ini2
2008-09-21 16:01 . 2008-09-21 16:01 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-09-21 16:00 . 2008-09-21 16:15 <DIR> d-------- C:\Program Files\SpyNoMore
2008-09-21 16:00 . 2008-09-21 16:00 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-09-21 03:45 . 2008-09-21 20:47 <DIR> d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6
2008-09-21 03:00 . 2008-09-22 01:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-21 02:32 . 2008-09-21 02:32 <DIR> d-------- C:\Program Files\uTorrent
2008-09-21 02:32 . 2008-09-21 23:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2008-09-20 21:16 . 2008-09-22 04:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\CyberLink
2008-09-20 20:56 . 2008-09-20 20:56 <DIR> d-------- C:\Program Files\Digital Photo Navigator 1.5
2008-09-20 20:56 . 2008-09-20 21:03 <DIR> d-------- C:\Program Files\CyberLink
2008-09-20 20:56 . 2008-09-23 10:31 <DIR> d-------- C:\MyWorks
2008-09-20 20:52 . 2008-09-20 20:52 <DIR> d-------- C:\ev hdd
2008-09-20 20:46 . 2008-09-20 20:46 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Jasc Software Inc
2008-09-18 17:23 . 2008-09-18 17:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sonic
2008-09-18 17:23 . 2008-09-18 17:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
2008-09-17 06:33 . 2008-09-17 06:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-12 19:12 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-09-12 19:12 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-09-12 18:49 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-09-12 18:49 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-09-10 03:09 . 2008-09-10 03:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-08 23:29 . 2008-09-08 23:29 <DIR> d-------- C:\Program Files\AssaultCube
2008-09-08 23:29 . 2008-09-10 03:08 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-09-08 00:01 . 2008-09-08 00:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
2008-09-04 08:19 . 2008-09-05 14:32 <DIR> d-------- C:\Program Files\Google
2008-09-04 08:19 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-03 18:30 . 2008-09-03 18:30 <DIR> d-------- C:\WINDOWS\Sun
2008-09-03 17:30 . 2008-09-03 17:30 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-03 17:30 . 2008-09-03 17:30 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-03 17:30 . 2008-09-03 17:30 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-03 17:30 . 2008-09-03 17:30 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-03 17:27 . 2008-09-03 17:31 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-03 16:25 . 2008-09-04 00:31 <DIR> d-------- C:\Silkroad
2008-09-03 16:22 . 2008-09-03 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-03 16:14 . 2008-04-13 18:12 1,737,856 --a------ C:\WINDOWS\system32\mtxparhd.dll
2008-09-03 16:13 . 2008-04-13 18:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-09-03 16:10 . 2006-12-18 17:33 356,352 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-09-03 16:10 . 2006-04-14 15:00 208,896 --a------ C:\WINDOWS\system32\nvuide.exe
2008-09-03 16:10 . 2006-02-20 14:00 1,864 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-09-03 16:10 . 2006-02-20 14:00 1,570 --a------ C:\WINDOWS\system32\nvide.nvu
2008-09-03 16:06 . 2006-12-18 17:33 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2008-09-03 16:06 . 2006-02-20 14:00 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu
2008-09-03 16:03 . 2008-09-03 16:03 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
2008-09-03 15:50 . 2006-05-09 16:50 7,311,360 --a------ C:\WINDOWS\system32\OLD64.tmp
2008-09-03 15:50 . 2006-05-09 16:50 3,955,200 --a------ C:\WINDOWS\system32\OLD66.tmp
2008-09-03 15:50 . 2006-05-09 16:50 35,840 --a------ C:\WINDOWS\system32\OLD63.tmp
2008-09-03 15:49 . 2008-09-03 15:49 <DIR> d-------- C:\NVIDIA
2008-09-03 15:49 . 2008-05-16 12:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-03 15:44 . 2008-09-03 15:44 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-09-03 15:05 . 2008-09-03 15:05 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-03 14:11 . 2008-04-11 13:04 691,712 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-03 14:09 . 2008-06-13 05:05 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-09-03 14:09 . 2008-06-13 05:05 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-03 14:08 . 2008-05-08 08:02 203,136 --a------ C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-03 13:57 . 2006-03-20 21:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-09-03 13:40 . 2008-09-03 13:40 <DIR> d--hs---- C:\Documents and Settings\HP_Administrator\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 05:04 --------- d-----w C:\Program Files\Quicken
2008-09-22 04:03 --------- d-----w C:\Program Files\Symantec
2008-09-22 04:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-22 04:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-21 03:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-21 03:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 14:19 --------- d-----w C:\Program Files\Java
2008-09-03 23:29 --------- d-----w C:\Program Files\Yahoo!
2008-09-03 23:29 --------- d-----w C:\Program Files\WildTangent
2008-09-03 23:29 --------- d-----w C:\Program Files\HP Games
2008-09-03 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-09-03 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
2008-08-22 18:14 1,901 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_RC681AA-ABA s7612n_YC_0Pavi_QMXF649_E64NAemMPA4_48_IPyrite_SASUSTek Computer INC._V1.02_B3.05_T061101_WXP2_L409_M959_J200_7AMD_8Athlon 64 X2 Dual Core_92_#080822_N_Z14F12F20_G10DE0241.MRK
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dab8c2ae-4c37-4275-b1f6-62aeeb7d9674}]
2008-09-23 13:26 111616 --a------ C:\WINDOWS\system32\jknnbs.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
"mount.exe"="C:\Program Files\[email protected]\FileUtilities.3\mount.exe" [2008-04-11 374272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 7311360]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2008-09-21 1064400]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-21 1235736]
"QuickCare"="C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe" [2008-05-31 202016]
"0cb283c0"="C:\WINDOWS\system32\ujhewqtt.dll" [2008-09-23 89600]
"BM0f81b05c"="C:\WINDOWS\system32\xthvtskx.dll" [2008-09-23 97280]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 C:\WINDOWS\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-05-09 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=,avgrsstx.dll jknnbs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
--a------ 2004-06-07 15:05 106496 C:\WINDOWS\system32\ftutil2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Silkroad\\ag\\nuConnector76.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-21 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-21 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-21 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-21 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-21 76040]
.
- - - - ORPHANS REMOVED - - - -
BHO-{1F5FDA83-4379-4C6A-94AD-CC7BC688505A} - C:\WINDOWS\system32\qoMgeBUL.dll
BHO-{63B07D49-4D04-46AE-A23B-83BF490384B0} - C:\WINDOWS\system32\ssqnMGXp.dll
BHO-{698AED7D-D8BD-4E51-91A5-4273310C0C0C} - C:\WINDOWS\system32\fcCsSjgG.dll
BHO-{882576CA-5B5B-4FDD-B0A0-47EC2C563AE0} - C:\WINDOWS\system32\hgGwTkjI.dll
Toolbar-SITEguard - (no file)
ShellExecuteHooks-{1F5FDA83-4379-4C6A-94AD-CC7BC688505A} - C:\WINDOWS\system32\qoMgeBUL.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=029&gwCountry=US&language=en&PURCH_DT_MONTH=08&PURCH_DT_DAY=22&PURCH_DT_YEAR=2008&PROD_SERIAL_ID=MXF6490M7B&application=305&modelID=RC681AA&LF=blue
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 14:25:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

C:\WINDOWS\system32\ttqwehju.ini 898158 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\ComboFix\pv.cfexe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-09-23 14:32:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-23 20:32:09
Pre-Run: 165,166,702,592 bytes free
Post-Run: 165,146,288,128 bytes free
288 --- E O F --- 2008-09-10 09:02:19


after runnng these 2 programs. i havnt not gotten a popup YET. but the microsoft visual C++ debug error keeps crashing my IE. any ideals?

okay i scaned 1 more time and i stil have vundo trojan. im bout to give up. avg is not detecting it anymore. i am using trial version of SpyNoMore to manuly remove strings from regestry. but they keep comming back

ran malwarebytes and deleated 25 vundo trojans and dlls. ran it again with 0 results BUT when i run spynomore i get trojan/bitfrost and downloader/conhook.aa

 

[cybertech]

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Click Exit on the Main menu to close the program.




Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply with a new hijackthis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

[robpa]

hi ty for the response. here is HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38, on 2008-09-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe /P QuickCare
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll jknnbs.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
--
End of file - 8353 bytes


malewarebytes

Malwarebytes' Anti-Malware 1.28
Database version: 1200
Windows 5.1.2600 Service Pack 3
2008-09-24 20:36:49
mbam-log-2008-09-24 (20-36-49).txt
Scan type: Quick Scan
Objects scanned: 45757
Time elapsed: 4 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

 

[cybertech]

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

1. Close any open browsers.
2. If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
3. Open the OTScanit folder and double-click on OTScanit.exe to start the program.
4. In Additional Scans section put a check in BotCheck and Disabled MS Config Items and EventViewer Errors/Warnings
5. Now click the Run Scan button on the toolbar.
6. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
7. When the scan is complete Notepad will open with the report file loaded in it.
8. Save that notepad file

If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.

 

[robpa]

File uploaded

 

[cybertech]

Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Internet Connection Help]
[Files/Folders - Created Within 30 days]
NY -> cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty
NY -> netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img
NY -> 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> faaajyhp.dll -> %SystemRoot%\System32\faaajyhp.dll
NY -> GgjSsCcf.ini2 -> %SystemRoot%\System32\GgjSsCcf.ini2
NY -> hyrwvoms.dll -> %SystemRoot%\System32\hyrwvoms.dll
NY -> IjkTwGgh.ini2 -> %SystemRoot%\System32\IjkTwGgh.ini2
NY -> jcelbcjf.dll -> %SystemRoot%\System32\jcelbcjf.dll
NY -> kaasoogq.dll -> %SystemRoot%\System32\kaasoogq.dll
NY -> twojyjir.dll -> %SystemRoot%\System32\twojyjir.dll
NY -> uuxsgysu.dll -> %SystemRoot%\System32\uuxsgysu.dll
NY -> vktbeugi.dll -> %SystemRoot%\System32\vktbeugi.dll
NY -> wcwrgowr.dll -> %SystemRoot%\System32\wcwrgowr.dll
NY -> wcygymxr.dll -> %SystemRoot%\System32\wcygymxr.dll
NY -> ypkpungs.dll -> %SystemRoot%\System32\ypkpungs.dll
NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanIt scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

 

[robpa]

so far my pc is doing okay. no popups i scan with 0 infections. only issue i have right now is my pc will turn off. with out reason. no bluescreen of death, no shutting down windows. just turn off. but even that is not constent. has happend 3 times since i ran the scans. which s alot better than every 20- 30 min as it did b4. so far you have been really helpful. and i plan on donating as soon as i scrap up ome extra cash


Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ not found.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\drivers\cxthsfs2.cty moved successfully.
C:\WINDOWS\System32\drivers\netwlan5.img moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\faaajyhp.dll
C:\WINDOWS\System32\faaajyhp.dll NOT unregistered.
C:\WINDOWS\System32\faaajyhp.dll moved successfully.
C:\WINDOWS\System32\GgjSsCcf.ini2 moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\hyrwvoms.dll
C:\WINDOWS\System32\hyrwvoms.dll NOT unregistered.
C:\WINDOWS\System32\hyrwvoms.dll moved successfully.
C:\WINDOWS\System32\IjkTwGgh.ini2 moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\jcelbcjf.dll
C:\WINDOWS\System32\jcelbcjf.dll NOT unregistered.
C:\WINDOWS\System32\jcelbcjf.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\kaasoogq.dll
C:\WINDOWS\System32\kaasoogq.dll NOT unregistered.
C:\WINDOWS\System32\kaasoogq.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\twojyjir.dll
C:\WINDOWS\System32\twojyjir.dll NOT unregistered.
C:\WINDOWS\System32\twojyjir.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\uuxsgysu.dll
C:\WINDOWS\System32\uuxsgysu.dll NOT unregistered.
C:\WINDOWS\System32\uuxsgysu.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\vktbeugi.dll
C:\WINDOWS\System32\vktbeugi.dll NOT unregistered.
C:\WINDOWS\System32\vktbeugi.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\wcwrgowr.dll
C:\WINDOWS\System32\wcwrgowr.dll NOT unregistered.
C:\WINDOWS\System32\wcwrgowr.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\wcygymxr.dll
C:\WINDOWS\System32\wcygymxr.dll NOT unregistered.
C:\WINDOWS\System32\wcygymxr.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\ypkpungs.dll
C:\WINDOWS\System32\ypkpungs.dll NOT unregistered.
C:\WINDOWS\System32\ypkpungs.dll moved successfully.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 09262008_151255
Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.

 

[cybertech]

only issue i have right now is my pc will turn off. with out reason. no bluescreen of death, no shutting down windows. just turn off. b

That sounds like it could be overheating. Ask in the hardware forum how to check for that.

Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says Paste fix here and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> jknnbs.dll -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
[Files/Folders - Created Within 30 days]
NY -> yobiixnq.dll -> %SystemRoot%\System32\yobiixnq.dll
[Files/Folders - Modified Within 30 days]
NY -> avwduqsw.dll -> %SystemRoot%\System32\avwduqsw.dll
NY -> hedrfsom.dll -> %SystemRoot%\System32\hedrfsom.dll
NY -> inylfrho.dll -> %SystemRoot%\System32\inylfrho.dll

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
Post that information back here.

I will review the information when it comes back in.

 

[robpa]

[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:jknnbs.dll deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\yobiixnq.dll moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\System32\avwduqsw.dll moved successfully.
C:\WINDOWS\System32\hedrfsom.dll moved successfully.
C:\WINDOWS\System32\inylfrho.dll moved successfully.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 09272008_130247

 

[cybertech]

Please post your hijackthis log again and let me know if you are still having problems.

 

[robpa]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:56 PM, on 2008-09-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wscntfy.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe /P QuickCare
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
--
End of file - 8007 bytes