1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: trojan keeps comming back after i scan.

Discussion in 'Virus & Other Malware Removal' started by robpa, Sep 21, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. robpa

    robpa Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    16
    hi, thank goodness i found this website. been reading an u guys/gals do a great job. okay. i got the antivirus2008 virus and along with came a trojan downloader and lot of spyware. i tried to manuly remove all i could. i still have a downloader called conhook.aa i deleat it from my reg but it contiunes to return, thanks in advance.
    rob

    scan was done in safemode. dont know if it makes a differnce or not.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:46:23 PM, on 9/21/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
    C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebR...90M7B&application=305&modelID=RC681AA&LF=blue
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [mount.exe] C:\Program Files\[email protected]\FileUtilities.3\mount.exe /z
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: rgfxmz.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    --
    End of file - 9564 bytes
     
  2. robpa

    robpa Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    16
    and every time i try to do a online scan, it shuts my pc down.
     
  3. robpa

    robpa Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    16
    okay i just spent my last 20$ on avg. praying it finds everything.
     
  4. robpa

    robpa Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    16
    hi. few days ago i downloaded a mpeg editor for some home video we made. well in this package was the vundo.trojan. i ran spynomore and it showed me about 30 trojans and dll that where infected. so i cleaned it with AVG. well later that night my isp was reset and i could not get online. so i said what the heck lets scan again. AVG detected about 20 more trojans and dlls. so i cleaned them. again. well this morning i scaned again and the result was more trojans but this time they where not named vundo. it was named Generic11.AEES. and again some dll. so i cleaned them again. now i cant access the enternet. it will start up really slow, then give me a visual++runtime libary error, or more antivirs popup. then shuts down the IE. here is my HJT log. hope you can help.




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:03:42 AM, on 9/23/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebR...90M7B&application=305&modelID=RC681AA&LF=blue
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe /P QuickCare
    O4 - HKLM\..\Run: [BM0f81b05c] Rundll32.exe "C:\WINDOWS\system32\asqsjirj.dll",s
    O4 - HKLM\..\Run: [0cb283c0] rundll32.exe "C:\WINDOWS\system32\ltfjntmk.dll",b
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [mount.exe] C:\Program Files\[email protected]\FileUtilities.3\mount.exe /z
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: ,avgrsstx.dll qohaly.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
    --
    End of file - 8769 bytes








    okay i scanned again and deleated more trojans. i have also discoverd my browser is infected. when i start IE i get antivirus popup still. AVG keeps tellimg me Threat detected virus found Win32/heur process name: C:\windows\Explorer.EXE.
    file name: 207.226.178.149\t655.dll

    i have tried scanning once again with no threats. yet my IE keeps crashing with popups, and AVG keeps popping up with alerts. PLEASE HELP. =(

    AFTER reading alot of post in this thread i have come to the conclusion that alot of or problems are casued by Zlob/vundo antivirus2008. i researched it and have tried all fixes and updates. so far none have worked.. geez

    thanks.



    Fixwareout scan
    Username "HP_Administrator" - 09/23/2008 14:36:04 [Fixwareout edited 9/01/2007]
    ~~~~~ Prerun check
    Successfully flushed the DNS Resolver Cache.

    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....
    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "RTHDCPL"="RTHDCPL.EXE"
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "DMAScheduler"="\"c:\\Program Files\\HP DigitalMedia Archive\\DMAScheduler.exe\""
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
    "HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
    48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
    75,53,63,68,64,32,2e,65,78,65,00
    "Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
    "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
    "EverioService"="\"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe\""
    "SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"
    "AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
    "QuickCare"="C:\\Program Files\\Qwest\\Quickcare\\bin\\sprtcmd.exe /P QuickCare"
    "0cb283c0"="rundll32.exe \"C:\\WINDOWS\\system32\\ujhewqtt.dll\",b"
    "BM0f81b05c"="Rundll32.exe \"C:\\WINDOWS\\system32\\xthvtskx.dll\",s"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
    "mount.exe"="C:\\Program Files\\[email protected]\\FileUtilities.3\\mount.exe /z"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~
     
  5. robpa

    robpa Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    16
    combo fix report

    ComboFix 08-09-22.05 - HP_Administrator 2008-09-23 14:20:38.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.417 [GMT -6:00]
    Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\tmp1.tmp
    C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\tmp2.tmp
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\HP_Administrator\Application Data\Adobe\crc.dat
    C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\WINDOWS\BM0f81b05c.txt
    C:\WINDOWS\BM0f81b05c.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\fccyvVNH.dll
    C:\WINDOWS\system32\GgjSsCcf.ini
    C:\WINDOWS\system32\hgGvSMcD.dll
    C:\WINDOWS\system32\iifcBSIx.dll
    C:\WINDOWS\system32\IjkTwGgh.ini
    C:\WINDOWS\system32\kmtnjftl.ini
    C:\WINDOWS\system32\ndfyishh.ini
    C:\WINDOWS\system32\pXGMnqss.ini
    C:\WINDOWS\system32\pXGMnqss.ini2
    C:\WINDOWS\system32\qoMgeBUL.dll
    C:\WINDOWS\system32\ssqnMGXp.dll
    C:\WINDOWS\system32\ttqwehju.ini
    C:\WINDOWS\system32\uhurkysa.ini
    D:\Autorun.inf
    ----- BITS: Possible infected sites -----
    http://78.157.143.163
    .
    ((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
    .
    2008-09-23 13:47 . 2008-09-23 13:47 1,124 --a------ C:\WINDOWS\system32\twojyjir.dll
    2008-09-23 13:32 . 2008-09-23 13:32 1,124 --a------ C:\WINDOWS\system32\inylfrho.dll
    2008-09-23 13:29 . 2008-09-23 13:29 89,600 --a------ C:\WINDOWS\system32\ujhewqtt.dll
    2008-09-23 13:29 . 2008-09-23 13:29 1,124 --a------ C:\WINDOWS\system32\avwduqsw.dll
    2008-09-23 13:26 . 2008-09-23 13:26 111,616 --a------ C:\WINDOWS\system32\tfabpitd.dll
    2008-09-23 13:26 . 2008-09-23 13:26 111,616 --a------ C:\WINDOWS\system32\jknnbs.dll
    2008-09-23 13:23 . 2008-09-23 13:23 1,124 --a------ C:\WINDOWS\system32\vktbeugi.dll
    2008-09-23 13:20 . 2008-09-23 13:20 1,124 --a------ C:\WINDOWS\system32\yobiixnq.dll
    2008-09-23 13:18 . 2008-09-23 13:18 1,124 --a------ C:\WINDOWS\system32\jcelbcjf.dll
    2008-09-23 13:17 . 2008-09-23 13:17 97,280 --a------ C:\WINDOWS\system32\xthvtskx.dll
    2008-09-23 11:01 . 2008-09-23 11:01 5,556 --a------ C:\WINDOWS\system32\wcygymxr.dll
    2008-09-23 10:57 . 2008-09-23 10:57 89,600 --a------ C:\WINDOWS\system32\ltfjntmk.dll
    2008-09-23 10:54 . 2008-09-23 10:54 111,616 --a------ C:\WINDOWS\system32\qohaly.dll
    2008-09-23 10:54 . 2008-09-23 10:54 111,616 --a------ C:\WINDOWS\system32\lghvltaf.dll
    2008-09-23 10:51 . 2008-09-23 10:51 97,280 --a------ C:\WINDOWS\system32\asqsjirj.dll
    2008-09-23 10:44 . 2008-09-23 10:44 <DIR> d-------- C:\Program Files\Qwest
    2008-09-23 10:44 . 2008-09-23 10:44 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
    2008-09-23 10:44 . 2008-09-23 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2008-09-22 04:29 . 2008-09-22 04:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\CyberLink
    2008-09-22 04:27 . 2008-09-22 04:27 <DIR> d--h----- C:\WINDOWS\PIF
    2008-09-22 04:21 . 2008-09-22 04:21 <DIR> d-------- C:\Program Files\VideoLAN
    2008-09-22 01:56 . 2008-09-22 02:08 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\muvee Technologies
    2008-09-22 01:56 . 2008-09-22 01:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    2008-09-22 01:47 . 2008-09-22 01:47 <DIR> d-------- C:\Program Files\Alcohol Soft
    2008-09-22 01:47 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
    2008-09-22 01:47 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
    2008-09-22 00:21 . 2008-09-22 00:21 <DIR> d-------- C:\Program Files\VideoReDoPlus
    2008-09-22 00:21 . 2008-09-22 00:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\VideoReDoPlus
    2008-09-22 00:19 . 2008-09-22 00:19 5,556 --a------ C:\WINDOWS\system32\kaasoogq.dll
    2008-09-22 00:16 . 2008-09-22 00:16 113,152 --a------ C:\WINDOWS\system32\vgmvubot.dll
    2008-09-22 00:16 . 2008-09-22 00:16 113,152 --a------ C:\WINDOWS\system32\qdodai.dll
    2008-09-22 00:13 . 2008-09-22 00:13 5,556 --a------ C:\WINDOWS\system32\uuxsgysu.dll
    2008-09-22 00:07 . 2008-09-22 00:07 5,556 --a------ C:\WINDOWS\system32\hyrwvoms.dll
    2008-09-22 00:04 . 2008-09-22 00:04 5,556 --a------ C:\WINDOWS\system32\ypkpungs.dll
    2008-09-22 00:01 . 2008-09-23 13:08 889,405 --ahs---- C:\WINDOWS\system32\IjkTwGgh.ini2
    2008-09-21 23:02 . 2008-09-21 23:02 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Netscape
    2008-09-21 22:22 . 2008-09-21 22:22 113,152 --a------ C:\WINDOWS\system32\vasbnc.dll
    2008-09-21 22:22 . 2008-09-21 22:22 113,152 --a------ C:\WINDOWS\system32\hbntqtmq.dll
    2008-09-21 22:18 . 2008-09-21 22:18 5,556 --a------ C:\WINDOWS\system32\hedrfsom.dll
    2008-09-21 22:18 . 2008-09-21 22:18 5,556 --a------ C:\WINDOWS\system32\faaajyhp.dll
    2008-09-21 22:16 . 2008-09-21 22:16 97,792 --a------ C:\WINDOWS\system32\nomxsccp.dll
    2008-09-21 22:16 . 2008-09-21 22:16 5,556 --a------ C:\WINDOWS\system32\wcwrgowr.dll
    2008-09-21 22:09 . 2008-09-23 13:12 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-09-21 22:06 . 2008-09-23 10:48 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-09-21 22:06 . 2008-09-21 22:06 <DIR> d-------- C:\Program Files\AVG
    2008-09-21 22:06 . 2008-09-21 23:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
    2008-09-21 22:06 . 2008-09-21 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-21 22:06 . 2008-09-21 22:06 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-09-21 22:06 . 2008-09-21 22:06 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-09-21 22:06 . 2008-09-21 22:06 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-09-21 22:06 . 2008-09-21 22:06 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-09-21 21:27 . 2008-09-21 22:03 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
    2008-09-21 20:35 . 2008-09-21 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
    2008-09-21 20:33 . 2008-09-21 20:33 <DIR> d-------- C:\Program Files\Common Files\iS3
    2008-09-21 20:33 . 2008-09-21 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    2008-09-21 20:06 . 2008-09-21 03:46 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-09-21 19:46 . 2008-09-21 19:46 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-21 19:32 . 2008-09-21 19:32 <DIR> d-------- C:\Program Files\Lavasoft
    2008-09-21 19:11 . 2008-09-21 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-21 18:40 . 2008-09-21 18:40 <DIR> d-------- C:\Program Files\[email protected]
    2008-09-21 18:40 . 2008-09-21 18:40 <DIR> d-------- C:\Program Files\Common Files\Gibinsoft Shared
    2008-09-21 18:39 . 2008-09-21 18:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2008-09-21 16:15 . 2008-09-21 16:15 113,152 --a------ C:\WINDOWS\system32\rgfxmz.dll
    2008-09-21 16:15 . 2008-09-21 16:15 113,152 --a------ C:\WINDOWS\system32\ouelkqot.dll
    2008-09-21 16:14 . 2008-09-21 22:49 849,165 --ahs---- C:\WINDOWS\system32\GgjSsCcf.ini2
    2008-09-21 16:01 . 2008-09-21 16:01 1,152 --a------ C:\WINDOWS\system32\windrv.sys
    2008-09-21 16:00 . 2008-09-21 16:15 <DIR> d-------- C:\Program Files\SpyNoMore
    2008-09-21 16:00 . 2008-09-21 16:00 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-09-21 03:45 . 2008-09-21 20:47 <DIR> d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6
    2008-09-21 03:00 . 2008-09-22 01:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-21 02:32 . 2008-09-21 02:32 <DIR> d-------- C:\Program Files\uTorrent
    2008-09-21 02:32 . 2008-09-21 23:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
    2008-09-20 21:16 . 2008-09-22 04:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\CyberLink
    2008-09-20 20:56 . 2008-09-20 20:56 <DIR> d-------- C:\Program Files\Digital Photo Navigator 1.5
    2008-09-20 20:56 . 2008-09-20 21:03 <DIR> d-------- C:\Program Files\CyberLink
    2008-09-20 20:56 . 2008-09-23 10:31 <DIR> d-------- C:\MyWorks
    2008-09-20 20:52 . 2008-09-20 20:52 <DIR> d-------- C:\ev hdd
    2008-09-20 20:46 . 2008-09-20 20:46 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Jasc Software Inc
    2008-09-18 17:23 . 2008-09-18 17:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sonic
    2008-09-18 17:23 . 2008-09-18 17:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
    2008-09-17 06:33 . 2008-09-17 06:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2008-09-12 19:12 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-09-12 19:12 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
    2008-09-12 18:49 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-09-12 18:49 . 2008-04-13 11:45 10,368 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-09-10 03:09 . 2008-09-10 03:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-09-08 23:29 . 2008-09-08 23:29 <DIR> d-------- C:\Program Files\AssaultCube
    2008-09-08 23:29 . 2008-09-10 03:08 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
    2008-09-08 00:01 . 2008-09-08 00:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
    2008-09-04 08:19 . 2008-09-05 14:32 <DIR> d-------- C:\Program Files\Google
    2008-09-04 08:19 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-09-03 18:30 . 2008-09-03 18:30 <DIR> d-------- C:\WINDOWS\Sun
    2008-09-03 17:30 . 2008-09-03 17:30 <DIR> d-------- C:\WINDOWS\system32\scripting
    2008-09-03 17:30 . 2008-09-03 17:30 <DIR> d-------- C:\WINDOWS\system32\en
    2008-09-03 17:30 . 2008-09-03 17:30 <DIR> d-------- C:\WINDOWS\system32\bits
    2008-09-03 17:30 . 2008-09-03 17:30 <DIR> d-------- C:\WINDOWS\l2schemas
    2008-09-03 17:27 . 2008-09-03 17:31 <DIR> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-03 16:25 . 2008-09-04 00:31 <DIR> d-------- C:\Silkroad
    2008-09-03 16:22 . 2008-09-03 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-09-03 16:14 . 2008-04-13 18:12 1,737,856 --a------ C:\WINDOWS\system32\mtxparhd.dll
    2008-09-03 16:13 . 2008-04-13 18:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
    2008-09-03 16:10 . 2006-12-18 17:33 356,352 --a------ C:\WINDOWS\system32\nvusmb.exe
    2008-09-03 16:10 . 2006-04-14 15:00 208,896 --a------ C:\WINDOWS\system32\nvuide.exe
    2008-09-03 16:10 . 2006-02-20 14:00 1,864 --a------ C:\WINDOWS\system32\nvsmb.nvu
    2008-09-03 16:10 . 2006-02-20 14:00 1,570 --a------ C:\WINDOWS\system32\nvide.nvu
    2008-09-03 16:06 . 2006-12-18 17:33 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
    2008-09-03 16:06 . 2006-02-20 14:00 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu
    2008-09-03 16:03 . 2008-09-03 16:03 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
    2008-09-03 15:50 . 2006-05-09 16:50 7,311,360 --a------ C:\WINDOWS\system32\OLD64.tmp
    2008-09-03 15:50 . 2006-05-09 16:50 3,955,200 --a------ C:\WINDOWS\system32\OLD66.tmp
    2008-09-03 15:50 . 2006-05-09 16:50 35,840 --a------ C:\WINDOWS\system32\OLD63.tmp
    2008-09-03 15:49 . 2008-09-03 15:49 <DIR> d-------- C:\NVIDIA
    2008-09-03 15:49 . 2008-05-16 12:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2008-09-03 15:44 . 2008-09-03 15:44 <DIR> d-------- C:\Program Files\SystemRequirementsLab
    2008-09-03 15:05 . 2008-09-03 15:05 <DIR> d-------- C:\Program Files\MSXML 4.0
    2008-09-03 14:11 . 2008-04-11 13:04 691,712 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-09-03 14:09 . 2008-06-13 05:05 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
    2008-09-03 14:09 . 2008-06-13 05:05 272,128 --a------ C:\WINDOWS\system32\dllcache\bthport.sys
    2008-09-03 14:08 . 2008-05-08 08:02 203,136 --a------ C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-09-03 13:57 . 2006-03-20 21:23 23,040 --------- C:\WINDOWS\kb913800.exe
    2008-09-03 13:40 . 2008-09-03 13:40 <DIR> d--hs---- C:\Documents and Settings\HP_Administrator\UserData
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-22 05:04 --------- d-----w C:\Program Files\Quicken
    2008-09-22 04:03 --------- d-----w C:\Program Files\Symantec
    2008-09-22 04:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-09-22 04:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-09-21 03:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-09-21 03:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-04 14:19 --------- d-----w C:\Program Files\Java
    2008-09-03 23:29 --------- d-----w C:\Program Files\Yahoo!
    2008-09-03 23:29 --------- d-----w C:\Program Files\WildTangent
    2008-09-03 23:29 --------- d-----w C:\Program Files\HP Games
    2008-09-03 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
    2008-09-03 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
    2008-08-22 18:14 1,901 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_RC681AA-ABA s7612n_YC_0Pavi_QMXF649_E64NAemMPA4_48_IPyrite_SASUSTek Computer INC._V1.02_B3.05_T061101_WXP2_L409_M959_J200_7AMD_8Athlon 64 X2 Dual Core_92_#080822_N_Z14F12F20_G10DE0241.MRK
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dab8c2ae-4c37-4275-b1f6-62aeeb7d9674}]
    2008-09-23 13:26 111616 --a------ C:\WINDOWS\system32\jknnbs.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-04 171448]
    "mount.exe"="C:\Program Files\[email protected]\FileUtilities.3\mount.exe" [2008-04-11 374272]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 7311360]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
    "EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
    "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2008-09-21 1064400]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-21 1235736]
    "QuickCare"="C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe" [2008-05-31 202016]
    "0cb283c0"="C:\WINDOWS\system32\ujhewqtt.dll" [2008-09-23 89600]
    "BM0f81b05c"="C:\WINDOWS\system32\xthvtskx.dll" [2008-09-23 97280]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-13 C:\WINDOWS\RTHDCPL.EXE]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 C:\WINDOWS\arpwrmsg.exe]
    "nwiz"="nwiz.exe" [2006-05-09 C:\WINDOWS\system32\nwiz.exe]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-13 C:\WINDOWS\system32\narrator.exe]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=,avgrsstx.dll jknnbs.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
    --a------ 2004-06-07 15:05 106496 C:\WINDOWS\system32\ftutil2.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Silkroad\\ag\\nuConnector76.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-09-21 12936]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-21 97928]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-21 875288]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-21 231704]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-21 76040]
    .
    - - - - ORPHANS REMOVED - - - -
    BHO-{1F5FDA83-4379-4C6A-94AD-CC7BC688505A} - C:\WINDOWS\system32\qoMgeBUL.dll
    BHO-{63B07D49-4D04-46AE-A23B-83BF490384B0} - C:\WINDOWS\system32\ssqnMGXp.dll
    BHO-{698AED7D-D8BD-4E51-91A5-4273310C0C0C} - C:\WINDOWS\system32\fcCsSjgG.dll
    BHO-{882576CA-5B5B-4FDD-B0A0-47EC2C563AE0} - C:\WINDOWS\system32\hgGwTkjI.dll
    Toolbar-SITEguard - (no file)
    ShellExecuteHooks-{1F5FDA83-4379-4C6A-94AD-CC7BC688505A} - C:\WINDOWS\system32\qoMgeBUL.dll

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
    R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=029&gwCountry=US&language=en&PURCH_DT_MONTH=08&PURCH_DT_DAY=22&PURCH_DT_YEAR=2008&PROD_SERIAL_ID=MXF6490M7B&application=305&modelID=RC681AA&LF=blue
    O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
    C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-23 14:25:02
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...

    C:\WINDOWS\system32\ttqwehju.ini 898158 bytes
    scan completed successfully
    hidden files: 1
    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\ComboFix\pv.cfexe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    .
    **************************************************************************
    .
    Completion time: 2008-09-23 14:32:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-23 20:32:09
    Pre-Run: 165,166,702,592 bytes free
    Post-Run: 165,146,288,128 bytes free
    288 --- E O F --- 2008-09-10 09:02:19


    after runnng these 2 programs. i havnt not gotten a popup YET. but the microsoft visual C++ debug error keeps crashing my IE. any ideals?

    okay i scaned 1 more time and i stil have vundo trojan. im bout to give up. avg is not detecting it anymore. i am using trial version of SpyNoMore to manuly remove strings from regestry. but they keep comming back :(

    ran malwarebytes and deleated 25 vundo trojans and dlls. ran it again with 0 results BUT when i run spynomore i get trojan/bitfrost and downloader/conhook.aa
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.




    Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply with a new hijackthis log.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
     
  7. robpa

    robpa Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    16
    hi ty for the response. here is HJT log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:38, on 2008-09-24
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\arservice.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe /P QuickCare
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll jknnbs.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
    --
    End of file - 8353 bytes


    malewarebytes

    Malwarebytes' Anti-Malware 1.28
    Database version: 1200
    Windows 5.1.2600 Service Pack 3

    2008-09-24 20:36:49
    mbam-log-2008-09-24 (20-36-49).txt

    Scan type: Quick Scan
    Objects scanned: 45757
    Time elapsed: 4 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    3. Open the OTScanit folder and double-click on OTScanit.exe to start the program.
    4. In Additional Scans section put a check in BotCheck and Disabled MS Config Items and EventViewer Errors/Warnings
    5. Now click the Run Scan button on the toolbar.
    6. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    7. When the scan is complete Notepad will open with the report file loaded in it.
    8. Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  9. robpa

    robpa Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    16
    File uploaded
     

    Attached Files:

  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


    Code:
    [Kill Explorer]
    [Unregister Dlls]
    [Registry - Non-Microsoft Only]
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
    YN -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar]
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    YN -> {E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Internet Connection Help]
    [Files/Folders - Created Within 30 days]
    NY -> cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty
    NY -> netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img
    NY -> 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY -> faaajyhp.dll -> %SystemRoot%\System32\faaajyhp.dll
    NY -> GgjSsCcf.ini2 -> %SystemRoot%\System32\GgjSsCcf.ini2
    NY -> hyrwvoms.dll -> %SystemRoot%\System32\hyrwvoms.dll
    NY -> IjkTwGgh.ini2 -> %SystemRoot%\System32\IjkTwGgh.ini2
    NY -> jcelbcjf.dll -> %SystemRoot%\System32\jcelbcjf.dll
    NY -> kaasoogq.dll -> %SystemRoot%\System32\kaasoogq.dll
    NY -> twojyjir.dll -> %SystemRoot%\System32\twojyjir.dll
    NY -> uuxsgysu.dll -> %SystemRoot%\System32\uuxsgysu.dll
    NY -> vktbeugi.dll -> %SystemRoot%\System32\vktbeugi.dll
    NY -> wcwrgowr.dll -> %SystemRoot%\System32\wcwrgowr.dll
    NY -> wcygymxr.dll -> %SystemRoot%\System32\wcygymxr.dll
    NY -> ypkpungs.dll -> %SystemRoot%\System32\ypkpungs.dll
    NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    [Empty Temp Folders]
    [Start Explorer]
    [Reboot]
    

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanIt scan.

    I will review the information when it comes back in.

    Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
     
  11. robpa

    robpa Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    16
    so far my pc is doing okay. no popups i scan with 0 infections. only issue i have right now is my pc will turn off. with out reason. no bluescreen of death, no shutting down windows. just turn off. but even that is not constent. has happend 3 times since i ran the scans. which s alot better than every 20- 30 min as it did b4. so far you have been really helpful. and i plan on donating as soon as i scrap up ome extra cash :)


    Explorer killed successfully
    [Registry - Non-Microsoft Only]
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ not found.
    [Files/Folders - Created Within 30 days]
    C:\WINDOWS\System32\drivers\cxthsfs2.cty moved successfully.
    C:\WINDOWS\System32\drivers\netwlan5.img moved successfully.
    LoadLibrary failed for C:\WINDOWS\System32\faaajyhp.dll
    C:\WINDOWS\System32\faaajyhp.dll NOT unregistered.
    C:\WINDOWS\System32\faaajyhp.dll moved successfully.
    C:\WINDOWS\System32\GgjSsCcf.ini2 moved successfully.
    LoadLibrary failed for C:\WINDOWS\System32\hyrwvoms.dll
    C:\WINDOWS\System32\hyrwvoms.dll NOT unregistered.
    C:\WINDOWS\System32\hyrwvoms.dll moved successfully.
    C:\WINDOWS\System32\IjkTwGgh.ini2 moved successfully.
    LoadLibrary failed for C:\WINDOWS\System32\jcelbcjf.dll
    C:\WINDOWS\System32\jcelbcjf.dll NOT unregistered.
    C:\WINDOWS\System32\jcelbcjf.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\System32\kaasoogq.dll
    C:\WINDOWS\System32\kaasoogq.dll NOT unregistered.
    C:\WINDOWS\System32\kaasoogq.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\System32\twojyjir.dll
    C:\WINDOWS\System32\twojyjir.dll NOT unregistered.
    C:\WINDOWS\System32\twojyjir.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\System32\uuxsgysu.dll
    C:\WINDOWS\System32\uuxsgysu.dll NOT unregistered.
    C:\WINDOWS\System32\uuxsgysu.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\System32\vktbeugi.dll
    C:\WINDOWS\System32\vktbeugi.dll NOT unregistered.
    C:\WINDOWS\System32\vktbeugi.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\System32\wcwrgowr.dll
    C:\WINDOWS\System32\wcwrgowr.dll NOT unregistered.
    C:\WINDOWS\System32\wcwrgowr.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\System32\wcygymxr.dll
    C:\WINDOWS\System32\wcygymxr.dll NOT unregistered.
    C:\WINDOWS\System32\wcygymxr.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\System32\ypkpungs.dll
    C:\WINDOWS\System32\ypkpungs.dll NOT unregistered.
    C:\WINDOWS\System32\ypkpungs.dll moved successfully.
    [Empty Temp Folders]
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    RecycleBin -> emptied.
    Explorer started successfully
    < End of fix log >
    OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 09262008_151255
    Files moved on Reboot...
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
     

    Attached Files:

  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    That sounds like it could be overheating. Ask in the hardware forum how to check for that.

    Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says Paste fix here and then click the Run Fix button.


    Code:
    [Registry - Non-Microsoft Only]
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
    YN -> jknnbs.dll -> 
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    [Files/Folders - Created Within 30 days]
    NY -> yobiixnq.dll -> %SystemRoot%\System32\yobiixnq.dll
    [Files/Folders - Modified Within 30 days]
    NY -> avwduqsw.dll -> %SystemRoot%\System32\avwduqsw.dll
    NY -> hedrfsom.dll -> %SystemRoot%\System32\hedrfsom.dll
    NY -> inylfrho.dll -> %SystemRoot%\System32\inylfrho.dll
    

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
    Post that information back here.

    I will review the information when it comes back in.
     
  13. robpa

    robpa Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    16
    [Registry - Non-Microsoft Only]
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:jknnbs.dll deleted successfully.
    [Files/Folders - Created Within 30 days]
    C:\WINDOWS\System32\yobiixnq.dll moved successfully.
    [Files/Folders - Modified Within 30 days]
    C:\WINDOWS\System32\avwduqsw.dll moved successfully.
    C:\WINDOWS\System32\hedrfsom.dll moved successfully.
    C:\WINDOWS\System32\inylfrho.dll moved successfully.
    < End of fix log >
    OTScanIt by OldTimer - Version 1.0.19.0 fix logfile created on 09272008_130247
     
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please post your hijackthis log again and let me know if you are still having problems.
     
  15. robpa

    robpa Thread Starter

    Joined:
    Sep 21, 2008
    Messages:
    16
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:34:56 PM, on 2008-09-27
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\arservice.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\wscntfy.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe /P QuickCare
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
    --
    End of file - 8007 bytes
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/752615

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice