Virus that won't let me open or run any anti-virus software
Results 1 to 10 of 10

Thread: Virus that won't let me open or run any anti-virus software

  1. #1
    Join Date
    Feb 2009
    Posts
    11

    Exclamation Virus that won't let me open or run any anti-virus software

    Hello, I'm not sure if this is the right place to post this, but here's my problem. I have Windows XP and had a Kaspersky trial, which expired about 2 days ago. Yesterday, something popped up on my screen where it looks like the generic install windows when you install a program. It automatically went "Next" and "Ok" and installed something by itself in about 3 seconds. I caught the name and it was called: BlueRaTech. I Googled this and only found one page that mentioned it was a virus or spyware. It's in my programs folder but only has an Uninstall option. I didn't want to click it just yet in case it might activate something. I installed other virus programs to scan, but it wouldn't load. I tried another antivirus program, but it would not start either. If I go to any anti-virus or spyware website, it blocks it. It gives always says there's a Network Interruption. But any other website is fine and I can visit, but it's just extremely slow.

    I then went in Safe Mode to uninstall it with the Add/Remove. I went in Safe Mode with Networking, but when I tried to go online, I was unable to. And when I tried to run the antivirus, I was still unable to under Safe Mode. I just had my computer fixed (for a hardware problem) 3 weeks ago, so I did not have a save point for a system restore, but I do have a lot of files and programs that I don't want to get rid of. When I restarted in normal mode, and checked my programs, it was still there. I went ahead and did the Uninstall from the submenu and it said it was removed (but I highly doubt that). My computer still is unable to scan and unable to go directly to any anti-virus/spyware websites.

    How can I clean this off my system? Thanks a lot!

  2. #2
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Open Device Manager and on the VIEW Tab, select the Show hidden devices option.
    Go down to non plug and play drivers and see if there is one called TDSSserv and disable it.

    Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebyt...are_d5756.html) to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Make sure that you restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==

  3. #3
    Join Date
    Feb 2009
    Posts
    11
    I tried to run Malwarebytes, but it always closes once it opens. I want to run it in safe mode, but I was thinking it might not catch everything since Safe Mode doesn't run everything. Should I anyway?

    Here's my hijackthis file as of now. It's in multiple parts since the reply has a limited number of characters:

    Part 1:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 6:37:03 PM, on 2/23/2009

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal



    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Nexon\Mabinogi\npkcmsvc.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Documents and Settings\Owner\Application Data\svchost.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\ThreatFire\TFTray.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Documents and Settings\Owner\Application Data\svchost.exe

    C:\Documents and Settings\Owner\Application Data\cogad\cogad.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\Program Files\BigFix\BigFix.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\tvi7vpj2.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\sg15yvf3yk.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\hj1p12io.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\aupoon.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\sqw8ns.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\wawqk8xclqf.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\px88ru8e5emz.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\rgyupt9.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\goavpz386e.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\alrbnlflrfsk.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\nd5w2vg3tkx6.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\c4hxl1v.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\hkhwpxsx7r.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\kiogbclht3k.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\y1ozymnawl3r.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\jd22ac63b.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\yg2mdj9.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\rmelk5kq.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\j3b0rvje.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\ffs70l089scjc.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\b0bq8wq.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\jzspcsnsi3.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\xgislhi5qxvu.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\qyzav4h4.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\q8ykfbjaqxm1.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\efpdntch69.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\hpkgt9.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\x7kfkwbxqx.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\p3c6xsndp3.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\ti8eq0y2.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\amrzpb40c90.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\sdmjp0.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\z7a1iv8m19j3q.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\o3o5ris.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\ofc5bjglya.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\k0v7nk374acm.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\sejqdvtx.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\glv9g4.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\jv9tmkoamg.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\lkvpk04zh.exe

    C:\DOCUME~1\Owner\LOCALS~1\Temp\rz2s6fxj3m.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    Last edited by lunacat; February 23rd, 2009 at 11:40 PM.

  4. #4
    Join Date
    Feb 2009
    Posts
    11
    Part 2:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: C:\WINDOWS\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [*svchostBoot] "C:\Documents and Settings\Owner\Application Data\svchost.exe"

    O4 - HKLM\..\Run: [Tcahabiheb] rundll32.exe "C:\WINDOWS\Hnigumi.dll",e

    O4 - HKLM\..\Run: [Ykotukejubet] rundll32.exe "C:\WINDOWS\uqasivolupufaxaw.dll",e

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

    O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe

    O4 - HKCU\..\Run: [mqzlw4gi0dnwdwhc] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5i4lqjcb2i3.exe

    O4 - HKCU\..\Run: [vaukk260lsgxv8bv9pjsfqn] C:\DOCUME~1\Owner\LOCALS~1\Temp\kkhiqo.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [eztmngr9ba0b6u5s5wye0fqpztl4zi2cerhq] C:\DOCUME~1\Owner\LOCALS~1\Temp\ee0ripqm3hv63.exe

    O4 - HKCU\..\Run: [p3exwxjnz00appbcs43noa23i76x5eqr5eyiq82i4xmhxjmecn] C:\DOCUME~1\Owner\LOCALS~1\Temp\lzfw1irb.exe

    O4 - HKCU\..\Run: [w2nlngwitbrrr6pkwxnskyw05x3ip9xl468e8feyab] C:\DOCUME~1\Owner\LOCALS~1\Temp\ael5d4zbfvtyg.exe

    O4 - HKCU\..\Run: [fdour8ib9rit06xeljajb79utmfxht90pv4pjuw2us] C:\DOCUME~1\Owner\LOCALS~1\Temp\ha22x2zow62vc.exe

    O4 - HKCU\..\Run: [hc9meyx78lwqytw7f2t07ceknwz6b9e7ficd8yytvcfvr] C:\DOCUME~1\Owner\LOCALS~1\Temp\awvtukpyp.exe

    O4 - HKCU\..\Run: [e8bhvrepzouu65] C:\DOCUME~1\Owner\LOCALS~1\Temp\wmxywlhyva.exe

    O4 - HKCU\..\Run: [gfz1as5yd9zdwu4iyxof91569xjol] C:\DOCUME~1\Owner\LOCALS~1\Temp\h5xhjvjvo6i.exe

    O4 - HKCU\..\Run: [n4xr1jhc4ivzvwhx5ig9ja9y8dbfay9] C:\DOCUME~1\Owner\LOCALS~1\Temp\p9fxu7uza.exe

    O4 - HKCU\..\Run: [frhe6wu9l] C:\DOCUME~1\Owner\LOCALS~1\Temp\qjkvlovabx.exe

    O4 - HKCU\..\Run: [oreyk6d5zhn51q1dyfto5mhphvqbv] C:\DOCUME~1\Owner\LOCALS~1\Temp\sjahjnbgmqcbz.exe

    O4 - HKCU\..\Run: [h84t9r73y] C:\DOCUME~1\Owner\LOCALS~1\Temp\z66pgb1zweo.exe

    O4 - HKCU\..\Run: [zjf5fxthfuzmjtjlf3q48upvk56faj] C:\DOCUME~1\Owner\LOCALS~1\Temp\ymyo6h.exe

    O4 - HKCU\..\Run: [epp42tugwq7i2vay3mk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qk444ptnyu22j.exe

    O4 - HKCU\..\Run: [j83buy4gbcv5wqux] C:\DOCUME~1\Owner\LOCALS~1\Temp\vafocv0os.exe

    O4 - HKCU\..\Run: [z5rc4hoczk2qiluythpws55yef0ghdvhb8o] C:\DOCUME~1\Owner\LOCALS~1\Temp\j7708iuf.exe

    O4 - HKCU\..\Run: [jry7r2mbwsz6vb61jjgwogkgcgeoch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\cwdeklv.exe

    O4 - HKCU\..\Run: [eq79azetdoexsvuw6srooy4oqx] C:\DOCUME~1\Owner\LOCALS~1\Temp\p8iob1n.exe

    O4 - HKCU\..\Run: [pbb0hcz5moz2k3fsdf0l2o] C:\DOCUME~1\Owner\LOCALS~1\Temp\xe4j3gqm.exe

    O4 - HKCU\..\Run: [hp56w58a6nmh9hy] C:\DOCUME~1\Owner\LOCALS~1\Temp\b536q1.exe

    O4 - HKCU\..\Run: [oae6ks10u12p9] C:\DOCUME~1\Owner\LOCALS~1\Temp\mueruqmeknclj.exe

    O4 - HKCU\..\Run: [vjz7qevgul9slb15zn6z19c893pv7rw9947olje6h7] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5rcu6o.exe

    O4 - HKCU\..\Run: [ehz7jw7iwwwbzja0e7anjr5c7si2cupyhzfsrryb] C:\DOCUME~1\Owner\LOCALS~1\Temp\zhs23zvck66z.exe

    O4 - HKCU\..\Run: [gs4z9o2w7ektr253n15d04uiwzrlgotwmyev2hb] C:\DOCUME~1\Owner\LOCALS~1\Temp\csktea328i.exe

    O4 - HKCU\..\Run: [txb5mkc6s4doosha1s0] C:\DOCUME~1\Owner\LOCALS~1\Temp\dklz8z72f5.exe

    O4 - HKCU\..\Run: [jkwu7kjle4qk9zlntifch65ar6d3g9] C:\DOCUME~1\Owner\LOCALS~1\Temp\t63qun0ormqwu.exe

    O4 - HKCU\..\Run: [e486kapx4] C:\DOCUME~1\Owner\LOCALS~1\Temp\acmadnjqz1f.exe

    O4 - HKCU\..\Run: [kkzmxx9co9jkamr03d673cu2r5w] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtuhhp1n.exe

    O4 - HKCU\..\Run: [pgxq6ffzgtfn8zjkt7z70dp6k01fp2mbrgx8vb8kwlzfmmvlz4] C:\DOCUME~1\Owner\LOCALS~1\Temp\cuuhr46.exe

    O4 - HKCU\..\Run: [iiyezar9qcfg3t0] C:\DOCUME~1\Owner\LOCALS~1\Temp\rbbylu.exe

    O4 - HKCU\..\Run: [qhofb5bpc1zvwaaexmv2eqx4xc] C:\DOCUME~1\Owner\LOCALS~1\Temp\sd7o4zp21r.exe

    O4 - HKCU\..\Run: [bepumlo9qka3d7rqrcc8hqdjwujsahsrfqr] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3ykig0etk.exe

    O4 - HKCU\..\Run: [cnejyb6ynafpeqjn4swmt] C:\DOCUME~1\Owner\LOCALS~1\Temp\tf6do12c5j.exe

    O4 - HKCU\..\Run: [f038bd8biwd] C:\DOCUME~1\Owner\LOCALS~1\Temp\x3o23e.exe

    O4 - HKCU\..\Run: [iyowwrssch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4l84a2qz3.exe

    O4 - HKCU\..\Run: [njijfz0fg8fulo6vh4ck455hinto7dk1a1gvtlm] C:\DOCUME~1\Owner\LOCALS~1\Temp\g8m190.exe

    O4 - HKCU\..\Run: [ptmiouyvp9y1g2kjzb25ufqsl2lldnafz4xy] C:\DOCUME~1\Owner\LOCALS~1\Temp\nikxkh5.exe

    O4 - HKCU\..\Run: [ct06q89w89lii12] C:\DOCUME~1\Owner\LOCALS~1\Temp\xcba6ycc.exe

    O4 - HKCU\..\Run: [dxz1150usto61f3oqrwdnspjl27rljuarob2yg] C:\DOCUME~1\Owner\LOCALS~1\Temp\ig48kbpkd0.exe

    O4 - HKCU\..\Run: [r59has6jsv0zug8c] C:\DOCUME~1\Owner\LOCALS~1\Temp\arsss7.exe

    O4 - HKCU\..\Run: [cqpzp546i1ohpgwgxxbccouilmxh7i123zdw4tx623jxrb7m4b] C:\DOCUME~1\Owner\LOCALS~1\Temp\d89a5p4q.exe

    O4 - HKCU\..\Run: [yxgf3kpymc0b03vytxdci] C:\DOCUME~1\Owner\LOCALS~1\Temp\ixt4zhk05.exe

    O4 - HKCU\..\Run: [bd6sy0mrn9pm] C:\DOCUME~1\Owner\LOCALS~1\Temp\tkq0dg.exe

    O4 - HKCU\..\Run: [hkkuz9ifzq] C:\DOCUME~1\Owner\LOCALS~1\Temp\t0xr63isaoeg.exe

    O4 - HKCU\..\Run: [ny774bw7j4fz9w90gp39b7a4vfffk9idk7mw6zixkdwuo41z4n] C:\DOCUME~1\Owner\LOCALS~1\Temp\cs0igxdc.exe

    O4 - HKCU\..\Run: [edlim34jbt35iu4qfxsdehcdrhe] C:\DOCUME~1\Owner\LOCALS~1\Temp\wiuvt54aq.exe

    O4 - HKCU\..\Run: [rcxcvw7x99sq] C:\DOCUME~1\Owner\LOCALS~1\Temp\frn6whd.exe

    O4 - HKCU\..\Run: [sg3r3d6dnnkwjiae4w7crldcdor1ihm7t97cu9s6n7p] C:\DOCUME~1\Owner\LOCALS~1\Temp\qtnpjrfo.exe

    O4 - HKCU\..\Run: [rj5cfmsm0p5iqh3mn8vq0n6j02dr518] C:\DOCUME~1\Owner\LOCALS~1\Temp\a9u9ylwi.exe

    O4 - HKCU\..\Run: [abznzraa4mpozjv1] C:\DOCUME~1\Owner\LOCALS~1\Temp\p4o6v3cz.exe

    O4 - HKCU\..\Run: [qjv35oi6xbv723fqkp9deidj8c9e0njitc4pwo24f] C:\DOCUME~1\Owner\LOCALS~1\Temp\b3p99u6.exe

    O4 - HKCU\..\Run: [w5fvvk4wjv2or6a9seexehi6hlsa9frqzk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qaek4z.exe

    O4 - HKCU\..\Run: [v87d0yr34m40zpka9n1py750lsnpmqhxnhnsvh] C:\DOCUME~1\Owner\LOCALS~1\Temp\aw4vs0yecyy1.exe

    O4 - HKCU\..\Run: [wf2544at5otn8suocjcci0tshgztve] C:\DOCUME~1\Owner\LOCALS~1\Temp\q49adqgwaaty.exe

    O4 - HKCU\..\Run: [cml4x676kjoo] C:\DOCUME~1\Owner\LOCALS~1\Temp\en9swi5.exe

    O4 - HKCU\..\Run: [trjqf0e73pkf] C:\DOCUME~1\Owner\LOCALS~1\Temp\teiobka81n.exe

    O4 - HKCU\..\Run: [lv6ioiawblw05v4b4b0goxxjs7do6n2sb3hssapn1ekv3dpqb] C:\DOCUME~1\Owner\LOCALS~1\Temp\lczn1svxlzy.exe

    O4 - HKCU\..\Run: [vmm16n6gg0nq2ejc49nu71dh19cr0y] C:\DOCUME~1\Owner\LOCALS~1\Temp\gikolagbd.exe

    O4 - HKCU\..\Run: [xdwyfqmmbmi] C:\DOCUME~1\Owner\LOCALS~1\Temp\gku3tda9v7.exe

    O4 - HKCU\..\Run: [tmj8tjefio560] C:\DOCUME~1\Owner\LOCALS~1\Temp\xguqgchr.exe

    O4 - HKCU\..\Run: [bwn08bnugmz6kxk9m7] C:\DOCUME~1\Owner\LOCALS~1\Temp\wd1vwt4.exe

    O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Owner\Application Data\cogad\cogad.exe" 61A847B5BBF72813329D31466188719AB689201522886B092CBD44BD8689220221DD3257

    O4 - HKCU\..\Run: [fj859nt9bm9hzfg2p7itn8hctqvm5xf3rfzruev] C:\DOCUME~1\Owner\LOCALS~1\Temp\i0osvfy76.exe

    O4 - HKCU\..\Run: [idztkg3sylkowdax71vkie8gnt0diiqdwb96] C:\DOCUME~1\Owner\LOCALS~1\Temp\v8d7u0.exe

    O4 - HKCU\..\Run: [acxupptdjewbgz7qdfxi9u8iik4p9jh0psazd90] C:\DOCUME~1\Owner\LOCALS~1\Temp\oep65c1.exe

    O4 - HKCU\..\Run: [gzzffsvvf85a5ecka6rixyyi6hr0nrashdw] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryftwi4.exe

    O4 - HKCU\..\Run: [p1qs8wozhuy809xv7ctjagu3py7je2mho9] C:\DOCUME~1\Owner\LOCALS~1\Temp\cc3cmtu2cbw.exe

    O4 - HKCU\..\Run: [gfp7sfoxrr] C:\DOCUME~1\Owner\LOCALS~1\Temp\rfmdp0xn9.exe

    O4 - HKCU\..\Run: [c5n002t21pjoxzk1x5qe5u8tq9fdggkhp4gkq7gsxm7] C:\DOCUME~1\Owner\LOCALS~1\Temp\u4vkauji.exe

    O4 - HKCU\..\Run: [zew782pfozd1v3ryh883z9rrluci0h0joeopoyas08lc7zv] C:\DOCUME~1\Owner\LOCALS~1\Temp\fne3g4lbh.exe

    O4 - HKCU\..\Run: [n69wasr5hrz7xn517fayhp6c5ggpb3j91jsfble55vsjcm] C:\DOCUME~1\Owner\LOCALS~1\Temp\wez9e9g.exe

    O4 - HKCU\..\Run: [u64oc0bvi6dv1rlyo3fejtg0laznq9twlphfepph1baouki] C:\DOCUME~1\Owner\LOCALS~1\Temp\lruunw078.exe

    O4 - HKCU\..\Run: [k6ybzzpu94upahtupx12c9g] C:\DOCUME~1\Owner\LOCALS~1\Temp\lwhnrlqt.exe

    O4 - HKCU\..\Run: [ikxeoi1me4] C:\DOCUME~1\Owner\LOCALS~1\Temp\dn8ywjksyiz.exe

    O4 - HKCU\..\Run: [t7vyfzaewm9fdw4f5w3u6z5ipv1hxre8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\n153kaqoj6.exe

    O4 - HKCU\..\Run: [gt0x8l10iwmse6ie7um7fiy4rjgcuwl] C:\DOCUME~1\Owner\LOCALS~1\Temp\hymjzwl14oc1.exe

    O4 - HKCU\..\Run: [q9wos6cd1xu51q8rcxo0qty2809ue5hiv] C:\DOCUME~1\Owner\LOCALS~1\Temp\gt05hd643u.exe

    O4 - HKCU\..\Run: [gido7tdsmmeiqtgevi9itxleron75l6] C:\DOCUME~1\Owner\LOCALS~1\Temp\u5v8t3p.exe

    O4 - HKCU\..\Run: [my2g2w4o9r8u7m2oksy1binz4rdpj5] C:\DOCUME~1\Owner\LOCALS~1\Temp\xplvoz6.exe

    O4 - HKCU\..\Run: [j7751seccyxv7du7o94mngsj8wav] C:\DOCUME~1\Owner\LOCALS~1\Temp\yzqtfgqn.exe

    O4 - HKCU\..\Run: [ar2pmy3ougefig95czc8yqmg1u3h8f] C:\DOCUME~1\Owner\LOCALS~1\Temp\begw1vjqr.exe

    O4 - HKCU\..\Run: [f9pytm4pmbhaio8iayao5vcxk6tuii89soyujjp0xa4oj] C:\DOCUME~1\Owner\LOCALS~1\Temp\aed29c.exe

    O4 - HKCU\..\Run: [pno89zwtxohg] C:\DOCUME~1\Owner\LOCALS~1\Temp\iuu1dp6dx.exe

    O4 - HKCU\..\Run: [x39brjs8fna2kuz] C:\DOCUME~1\Owner\LOCALS~1\Temp\wbk45ekqmje.exe

    O4 - HKCU\..\Run: [bdbpjpj25gapcmkkis805qyqxwm3i4w7dgvoka0pv6k7q7gqw] C:\DOCUME~1\Owner\LOCALS~1\Temp\jnswb7xd.exe

    O4 - HKCU\..\Run: [pw5vpf0oxa8el] C:\DOCUME~1\Owner\LOCALS~1\Temp\tfnhqhfv.exe

    O4 - HKCU\..\Run: [ac74e653a1] C:\DOCUME~1\Owner\LOCALS~1\Temp\o2w55k.exe

    O4 - HKCU\..\Run: [vkmtlmvhdbudwin91p5xpccirla6dynnb] C:\DOCUME~1\Owner\LOCALS~1\Temp\qc4xo3a8zl.exe

    O4 - HKCU\..\Run: [ej35eim0d9motvuorji4nd] C:\DOCUME~1\Owner\LOCALS~1\Temp\xg6inegnndm96.exe

    O4 - HKCU\..\Run: [zm28d7bbdpn02bh2qtztd45efqsuxijm92pj1n0h2e964i2a] C:\DOCUME~1\Owner\LOCALS~1\Temp\ucuv2ua3.exe

    O4 - HKCU\..\Run: [z3dbsfhunn66rs] C:\DOCUME~1\Owner\LOCALS~1\Temp\pjh1tm4.exe

    O4 - HKCU\..\Run: [cfcpwejtyvlir] C:\DOCUME~1\Owner\LOCALS~1\Temp\s3qooil.exe

    O4 - HKCU\..\Run: [fp8umyfol5xd1pqks6ha91i87gswcdx046lnhm] C:\DOCUME~1\Owner\LOCALS~1\Temp\zel9rv3h.exe

    O4 - HKCU\..\Run: [o3zvxm8i2k2u604hv6h48dpu5gn3fxrb24auro8q2katm5] C:\DOCUME~1\Owner\LOCALS~1\Temp\o0eq13drb9su.exe

    O4 - HKCU\..\Run: [xuufkr1whzen0n1xj3qd65qlnn4lztba33zt1s4g] C:\DOCUME~1\Owner\LOCALS~1\Temp\j6gu6olz.exe

    O4 - HKCU\..\Run: [ohxtkbc016m0tqm0mgkvreran4rtigun4seb3i7txcmw] C:\DOCUME~1\Owner\LOCALS~1\Temp\yodio9tfw.exe

    O4 - HKCU\..\Run: [yqwqkvogp4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jqw1f99zk4.exe

    O4 - HKCU\..\Run: [fizu0k6l8s0gat42z030npgr08s8t5vdlae] C:\DOCUME~1\Owner\LOCALS~1\Temp\m0rl0z.exe

    O4 - HKCU\..\Run: [c0h6qhwxfvix7or2fd0hradugmr4z5p2g55kwnjkn] C:\DOCUME~1\Owner\LOCALS~1\Temp\ay5r26jw7s.exe

    O4 - HKCU\..\Run: [v0v2u14yd2vn] C:\DOCUME~1\Owner\LOCALS~1\Temp\h27t1hpbgakg7.exe

    O4 - HKCU\..\Run: [q4z8ps4crvd5uhqbe2pb1er7hysaovudc2qtm6n49a2rlo] C:\DOCUME~1\Owner\LOCALS~1\Temp\dievxjhut4.exe

    O4 - HKCU\..\Run: [i6pac2b1hmax3c1ik4hahm1nppqeq96xgyfgj53kouefc9wep] C:\DOCUME~1\Owner\LOCALS~1\Temp\kwz3vsgklmt.exe

    O4 - HKCU\..\Run: [e2xr3glmmz9529575iivn5ab1u7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\ln41ms0cmgop.exe

    O4 - HKCU\..\Run: [a5ppuh1zu0uznj3sjy4dndmf28] C:\DOCUME~1\Owner\LOCALS~1\Temp\c9do4f0mua6u0.exe

    O4 - HKCU\..\Run: [efrpoe8zs9nj969nnlaql0jibhp81z5gud9sls] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpx4m6cfahgbv.exe

    O4 - HKCU\..\Run: [ubbbzpbj2nqthuzh269htdootorpn5d0jilthmdt6ijemxzp9] C:\DOCUME~1\Owner\LOCALS~1\Temp\iz22dn.exe

    O4 - HKCU\..\Run: [jcivfsp3mmnj] C:\DOCUME~1\Owner\LOCALS~1\Temp\s1sqywvp65.exe

    O4 - HKCU\..\Run: [zb2ghamaiptudpbw5vrd4fnqhet3y7j] C:\DOCUME~1\Owner\LOCALS~1\Temp\txg8fuke7i.exe

    O4 - HKCU\..\Run: [hhbitzasfkmpqqkgom46h0fa8s4wpkn0] C:\DOCUME~1\Owner\LOCALS~1\Temp\z51vqpd.exe

    O4 - HKCU\..\Run: [dofhjsvvffbh0b1ff3734tsyngjyzged8mdeiu88glk6] C:\DOCUME~1\Owner\LOCALS~1\Temp\rn8zfb.exe

    O4 - HKCU\..\Run: [a6zpsz5hbmpq3hljr0xs6ae67bwz0b1cyw6zxvd5f] C:\DOCUME~1\Owner\LOCALS~1\Temp\h9ubr1m.exe

    O4 - HKCU\..\Run: [hfv26hse0y91dgf3h3tr4j7xbk0]

  5. #5
    Join Date
    Feb 2009
    Posts
    11
    Part 2:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: C:\WINDOWS\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [*svchostBoot] "C:\Documents and Settings\Owner\Application Data\svchost.exe"

    O4 - HKLM\..\Run: [Tcahabiheb] rundll32.exe "C:\WINDOWS\Hnigumi.dll",e

    O4 - HKLM\..\Run: [Ykotukejubet] rundll32.exe "C:\WINDOWS\uqasivolupufaxaw.dll",e

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

    O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe

    O4 - HKCU\..\Run: [mqzlw4gi0dnwdwhc] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5i4lqjcb2i3.exe

    O4 - HKCU\..\Run: [vaukk260lsgxv8bv9pjsfqn] C:\DOCUME~1\Owner\LOCALS~1\Temp\kkhiqo.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [eztmngr9ba0b6u5s5wye0fqpztl4zi2cerhq] C:\DOCUME~1\Owner\LOCALS~1\Temp\ee0ripqm3hv63.exe

    O4 - HKCU\..\Run: [p3exwxjnz00appbcs43noa23i76x5eqr5eyiq82i4xmhxjmecn] C:\DOCUME~1\Owner\LOCALS~1\Temp\lzfw1irb.exe

    O4 - HKCU\..\Run: [w2nlngwitbrrr6pkwxnskyw05x3ip9xl468e8feyab] C:\DOCUME~1\Owner\LOCALS~1\Temp\ael5d4zbfvtyg.exe

    O4 - HKCU\..\Run: [fdour8ib9rit06xeljajb79utmfxht90pv4pjuw2us] C:\DOCUME~1\Owner\LOCALS~1\Temp\ha22x2zow62vc.exe

    O4 - HKCU\..\Run: [hc9meyx78lwqytw7f2t07ceknwz6b9e7ficd8yytvcfvr] C:\DOCUME~1\Owner\LOCALS~1\Temp\awvtukpyp.exe

    O4 - HKCU\..\Run: [e8bhvrepzouu65] C:\DOCUME~1\Owner\LOCALS~1\Temp\wmxywlhyva.exe

    O4 - HKCU\..\Run: [gfz1as5yd9zdwu4iyxof91569xjol] C:\DOCUME~1\Owner\LOCALS~1\Temp\h5xhjvjvo6i.exe

    O4 - HKCU\..\Run: [n4xr1jhc4ivzvwhx5ig9ja9y8dbfay9] C:\DOCUME~1\Owner\LOCALS~1\Temp\p9fxu7uza.exe

    O4 - HKCU\..\Run: [frhe6wu9l] C:\DOCUME~1\Owner\LOCALS~1\Temp\qjkvlovabx.exe

    O4 - HKCU\..\Run: [oreyk6d5zhn51q1dyfto5mhphvqbv] C:\DOCUME~1\Owner\LOCALS~1\Temp\sjahjnbgmqcbz.exe

    O4 - HKCU\..\Run: [h84t9r73y] C:\DOCUME~1\Owner\LOCALS~1\Temp\z66pgb1zweo.exe

    O4 - HKCU\..\Run: [zjf5fxthfuzmjtjlf3q48upvk56faj] C:\DOCUME~1\Owner\LOCALS~1\Temp\ymyo6h.exe

    O4 - HKCU\..\Run: [epp42tugwq7i2vay3mk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qk444ptnyu22j.exe

    O4 - HKCU\..\Run: [j83buy4gbcv5wqux] C:\DOCUME~1\Owner\LOCALS~1\Temp\vafocv0os.exe

    O4 - HKCU\..\Run: [z5rc4hoczk2qiluythpws55yef0ghdvhb8o] C:\DOCUME~1\Owner\LOCALS~1\Temp\j7708iuf.exe

    O4 - HKCU\..\Run: [jry7r2mbwsz6vb61jjgwogkgcgeoch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\cwdeklv.exe

    O4 - HKCU\..\Run: [eq79azetdoexsvuw6srooy4oqx] C:\DOCUME~1\Owner\LOCALS~1\Temp\p8iob1n.exe

    O4 - HKCU\..\Run: [pbb0hcz5moz2k3fsdf0l2o] C:\DOCUME~1\Owner\LOCALS~1\Temp\xe4j3gqm.exe

    O4 - HKCU\..\Run: [hp56w58a6nmh9hy] C:\DOCUME~1\Owner\LOCALS~1\Temp\b536q1.exe

    O4 - HKCU\..\Run: [oae6ks10u12p9] C:\DOCUME~1\Owner\LOCALS~1\Temp\mueruqmeknclj.exe

    O4 - HKCU\..\Run: [vjz7qevgul9slb15zn6z19c893pv7rw9947olje6h7] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5rcu6o.exe

    O4 - HKCU\..\Run: [ehz7jw7iwwwbzja0e7anjr5c7si2cupyhzfsrryb] C:\DOCUME~1\Owner\LOCALS~1\Temp\zhs23zvck66z.exe

    O4 - HKCU\..\Run: [gs4z9o2w7ektr253n15d04uiwzrlgotwmyev2hb] C:\DOCUME~1\Owner\LOCALS~1\Temp\csktea328i.exe

    O4 - HKCU\..\Run: [txb5mkc6s4doosha1s0] C:\DOCUME~1\Owner\LOCALS~1\Temp\dklz8z72f5.exe

    O4 - HKCU\..\Run: [jkwu7kjle4qk9zlntifch65ar6d3g9] C:\DOCUME~1\Owner\LOCALS~1\Temp\t63qun0ormqwu.exe

    O4 - HKCU\..\Run: [e486kapx4] C:\DOCUME~1\Owner\LOCALS~1\Temp\acmadnjqz1f.exe

    O4 - HKCU\..\Run: [kkzmxx9co9jkamr03d673cu2r5w] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtuhhp1n.exe

    O4 - HKCU\..\Run: [pgxq6ffzgtfn8zjkt7z70dp6k01fp2mbrgx8vb8kwlzfmmvlz4] C:\DOCUME~1\Owner\LOCALS~1\Temp\cuuhr46.exe

    O4 - HKCU\..\Run: [iiyezar9qcfg3t0] C:\DOCUME~1\Owner\LOCALS~1\Temp\rbbylu.exe

    O4 - HKCU\..\Run: [qhofb5bpc1zvwaaexmv2eqx4xc] C:\DOCUME~1\Owner\LOCALS~1\Temp\sd7o4zp21r.exe

    O4 - HKCU\..\Run: [bepumlo9qka3d7rqrcc8hqdjwujsahsrfqr] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3ykig0etk.exe

    O4 - HKCU\..\Run: [cnejyb6ynafpeqjn4swmt] C:\DOCUME~1\Owner\LOCALS~1\Temp\tf6do12c5j.exe

    O4 - HKCU\..\Run: [f038bd8biwd] C:\DOCUME~1\Owner\LOCALS~1\Temp\x3o23e.exe

    O4 - HKCU\..\Run: [iyowwrssch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4l84a2qz3.exe

    O4 - HKCU\..\Run: [njijfz0fg8fulo6vh4ck455hinto7dk1a1gvtlm] C:\DOCUME~1\Owner\LOCALS~1\Temp\g8m190.exe

    O4 - HKCU\..\Run: [ptmiouyvp9y1g2kjzb25ufqsl2lldnafz4xy] C:\DOCUME~1\Owner\LOCALS~1\Temp\nikxkh5.exe

    O4 - HKCU\..\Run: [ct06q89w89lii12] C:\DOCUME~1\Owner\LOCALS~1\Temp\xcba6ycc.exe

    O4 - HKCU\..\Run: [dxz1150usto61f3oqrwdnspjl27rljuarob2yg] C:\DOCUME~1\Owner\LOCALS~1\Temp\ig48kbpkd0.exe

    O4 - HKCU\..\Run: [r59has6jsv0zug8c] C:\DOCUME~1\Owner\LOCALS~1\Temp\arsss7.exe

    O4 - HKCU\..\Run: [cqpzp546i1ohpgwgxxbccouilmxh7i123zdw4tx623jxrb7m4b] C:\DOCUME~1\Owner\LOCALS~1\Temp\d89a5p4q.exe

    O4 - HKCU\..\Run: [yxgf3kpymc0b03vytxdci] C:\DOCUME~1\Owner\LOCALS~1\Temp\ixt4zhk05.exe

    O4 - HKCU\..\Run: [bd6sy0mrn9pm] C:\DOCUME~1\Owner\LOCALS~1\Temp\tkq0dg.exe

    O4 - HKCU\..\Run: [hkkuz9ifzq] C:\DOCUME~1\Owner\LOCALS~1\Temp\t0xr63isaoeg.exe

    O4 - HKCU\..\Run: [ny774bw7j4fz9w90gp39b7a4vfffk9idk7mw6zixkdwuo41z4n] C:\DOCUME~1\Owner\LOCALS~1\Temp\cs0igxdc.exe

    O4 - HKCU\..\Run: [edlim34jbt35iu4qfxsdehcdrhe] C:\DOCUME~1\Owner\LOCALS~1\Temp\wiuvt54aq.exe

    O4 - HKCU\..\Run: [rcxcvw7x99sq] C:\DOCUME~1\Owner\LOCALS~1\Temp\frn6whd.exe

    O4 - HKCU\..\Run: [sg3r3d6dnnkwjiae4w7crldcdor1ihm7t97cu9s6n7p] C:\DOCUME~1\Owner\LOCALS~1\Temp\qtnpjrfo.exe

    O4 - HKCU\..\Run: [rj5cfmsm0p5iqh3mn8vq0n6j02dr518] C:\DOCUME~1\Owner\LOCALS~1\Temp\a9u9ylwi.exe

    O4 - HKCU\..\Run: [abznzraa4mpozjv1] C:\DOCUME~1\Owner\LOCALS~1\Temp\p4o6v3cz.exe

    O4 - HKCU\..\Run: [qjv35oi6xbv723fqkp9deidj8c9e0njitc4pwo24f] C:\DOCUME~1\Owner\LOCALS~1\Temp\b3p99u6.exe

    O4 - HKCU\..\Run: [w5fvvk4wjv2or6a9seexehi6hlsa9frqzk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qaek4z.exe

    O4 - HKCU\..\Run: [v87d0yr34m40zpka9n1py750lsnpmqhxnhnsvh] C:\DOCUME~1\Owner\LOCALS~1\Temp\aw4vs0yecyy1.exe

    O4 - HKCU\..\Run: [wf2544at5otn8suocjcci0tshgztve] C:\DOCUME~1\Owner\LOCALS~1\Temp\q49adqgwaaty.exe

    O4 - HKCU\..\Run: [cml4x676kjoo] C:\DOCUME~1\Owner\LOCALS~1\Temp\en9swi5.exe

    O4 - HKCU\..\Run: [trjqf0e73pkf] C:\DOCUME~1\Owner\LOCALS~1\Temp\teiobka81n.exe

    O4 - HKCU\..\Run: [lv6ioiawblw05v4b4b0goxxjs7do6n2sb3hssapn1ekv3dpqb] C:\DOCUME~1\Owner\LOCALS~1\Temp\lczn1svxlzy.exe

    O4 - HKCU\..\Run: [vmm16n6gg0nq2ejc49nu71dh19cr0y] C:\DOCUME~1\Owner\LOCALS~1\Temp\gikolagbd.exe

    O4 - HKCU\..\Run: [xdwyfqmmbmi] C:\DOCUME~1\Owner\LOCALS~1\Temp\gku3tda9v7.exe

    O4 - HKCU\..\Run: [tmj8tjefio560] C:\DOCUME~1\Owner\LOCALS~1\Temp\xguqgchr.exe

    O4 - HKCU\..\Run: [bwn08bnugmz6kxk9m7] C:\DOCUME~1\Owner\LOCALS~1\Temp\wd1vwt4.exe

    O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Owner\Application Data\cogad\cogad.exe" 61A847B5BBF72813329D31466188719AB689201522886B092CBD44BD8689220221DD3257

    O4 - HKCU\..\Run: [fj859nt9bm9hzfg2p7itn8hctqvm5xf3rfzruev] C:\DOCUME~1\Owner\LOCALS~1\Temp\i0osvfy76.exe

    O4 - HKCU\..\Run: [idztkg3sylkowdax71vkie8gnt0diiqdwb96] C:\DOCUME~1\Owner\LOCALS~1\Temp\v8d7u0.exe

    O4 - HKCU\..\Run: [acxupptdjewbgz7qdfxi9u8iik4p9jh0psazd90] C:\DOCUME~1\Owner\LOCALS~1\Temp\oep65c1.exe

    O4 - HKCU\..\Run: [gzzffsvvf85a5ecka6rixyyi6hr0nrashdw] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryftwi4.exe

    O4 - HKCU\..\Run: [p1qs8wozhuy809xv7ctjagu3py7je2mho9] C:\DOCUME~1\Owner\LOCALS~1\Temp\cc3cmtu2cbw.exe

    O4 - HKCU\..\Run: [gfp7sfoxrr] C:\DOCUME~1\Owner\LOCALS~1\Temp\rfmdp0xn9.exe

    O4 - HKCU\..\Run: [c5n002t21pjoxzk1x5qe5u8tq9fdggkhp4gkq7gsxm7] C:\DOCUME~1\Owner\LOCALS~1\Temp\u4vkauji.exe

    O4 - HKCU\..\Run: [zew782pfozd1v3ryh883z9rrluci0h0joeopoyas08lc7zv] C:\DOCUME~1\Owner\LOCALS~1\Temp\fne3g4lbh.exe

    O4 - HKCU\..\Run: [n69wasr5hrz7xn517fayhp6c5ggpb3j91jsfble55vsjcm] C:\DOCUME~1\Owner\LOCALS~1\Temp\wez9e9g.exe

    O4 - HKCU\..\Run: [u64oc0bvi6dv1rlyo3fejtg0laznq9twlphfepph1baouki] C:\DOCUME~1\Owner\LOCALS~1\Temp\lruunw078.exe

    O4 - HKCU\..\Run: [k6ybzzpu94upahtupx12c9g] C:\DOCUME~1\Owner\LOCALS~1\Temp\lwhnrlqt.exe

    O4 - HKCU\..\Run: [ikxeoi1me4] C:\DOCUME~1\Owner\LOCALS~1\Temp\dn8ywjksyiz.exe

    O4 - HKCU\..\Run: [t7vyfzaewm9fdw4f5w3u6z5ipv1hxre8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\n153kaqoj6.exe

    O4 - HKCU\..\Run: [gt0x8l10iwmse6ie7um7fiy4rjgcuwl] C:\DOCUME~1\Owner\LOCALS~1\Temp\hymjzwl14oc1.exe

    O4 - HKCU\..\Run: [q9wos6cd1xu51q8rcxo0qty2809ue5hiv] C:\DOCUME~1\Owner\LOCALS~1\Temp\gt05hd643u.exe

    O4 - HKCU\..\Run: [gido7tdsmmeiqtgevi9itxleron75l6] C:\DOCUME~1\Owner\LOCALS~1\Temp\u5v8t3p.exe

    O4 - HKCU\..\Run: [my2g2w4o9r8u7m2oksy1binz4rdpj5] C:\DOCUME~1\Owner\LOCALS~1\Temp\xplvoz6.exe

    O4 - HKCU\..\Run: [j7751seccyxv7du7o94mngsj8wav] C:\DOCUME~1\Owner\LOCALS~1\Temp\yzqtfgqn.exe

    O4 - HKCU\..\Run: [ar2pmy3ougefig95czc8yqmg1u3h8f] C:\DOCUME~1\Owner\LOCALS~1\Temp\begw1vjqr.exe

    O4 - HKCU\..\Run: [f9pytm4pmbhaio8iayao5vcxk6tuii89soyujjp0xa4oj] C:\DOCUME~1\Owner\LOCALS~1\Temp\aed29c.exe

    O4 - HKCU\..\Run: [pno89zwtxohg] C:\DOCUME~1\Owner\LOCALS~1\Temp\iuu1dp6dx.exe

    O4 - HKCU\..\Run: [x39brjs8fna2kuz] C:\DOCUME~1\Owner\LOCALS~1\Temp\wbk45ekqmje.exe

    O4 - HKCU\..\Run: [bdbpjpj25gapcmkkis805qyqxwm3i4w7dgvoka0pv6k7q7gqw] C:\DOCUME~1\Owner\LOCALS~1\Temp\jnswb7xd.exe

    O4 - HKCU\..\Run: [pw5vpf0oxa8el] C:\DOCUME~1\Owner\LOCALS~1\Temp\tfnhqhfv.exe

    O4 - HKCU\..\Run: [ac74e653a1] C:\DOCUME~1\Owner\LOCALS~1\Temp\o2w55k.exe

    O4 - HKCU\..\Run: [vkmtlmvhdbudwin91p5xpccirla6dynnb] C:\DOCUME~1\Owner\LOCALS~1\Temp\qc4xo3a8zl.exe

    O4 - HKCU\..\Run: [ej35eim0d9motvuorji4nd] C:\DOCUME~1\Owner\LOCALS~1\Temp\xg6inegnndm96.exe

    O4 - HKCU\..\Run: [zm28d7bbdpn02bh2qtztd45efqsuxijm92pj1n0h2e964i2a] C:\DOCUME~1\Owner\LOCALS~1\Temp\ucuv2ua3.exe

    O4 - HKCU\..\Run: [z3dbsfhunn66rs] C:\DOCUME~1\Owner\LOCALS~1\Temp\pjh1tm4.exe

    O4 - HKCU\..\Run: [cfcpwejtyvlir] C:\DOCUME~1\Owner\LOCALS~1\Temp\s3qooil.exe

    O4 - HKCU\..\Run: [fp8umyfol5xd1pqks6ha91i87gswcdx046lnhm] C:\DOCUME~1\Owner\LOCALS~1\Temp\zel9rv3h.exe

    O4 - HKCU\..\Run: [o3zvxm8i2k2u604hv6h48dpu5gn3fxrb24auro8q2katm5] C:\DOCUME~1\Owner\LOCALS~1\Temp\o0eq13drb9su.exe

    O4 - HKCU\..\Run: [xuufkr1whzen0n1xj3qd65qlnn4lztba33zt1s4g] C:\DOCUME~1\Owner\LOCALS~1\Temp\j6gu6olz.exe

    O4 - HKCU\..\Run: [ohxtkbc016m0tqm0mgkvreran4rtigun4seb3i7txcmw] C:\DOCUME~1\Owner\LOCALS~1\Temp\yodio9tfw.exe

    O4 - HKCU\..\Run: [yqwqkvogp4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jqw1f99zk4.exe

    O4 - HKCU\..\Run: [fizu0k6l8s0gat42z030npgr08s8t5vdlae] C:\DOCUME~1\Owner\LOCALS~1\Temp\m0rl0z.exe

    O4 - HKCU\..\Run: [c0h6qhwxfvix7or2fd0hradugmr4z5p2g55kwnjkn] C:\DOCUME~1\Owner\LOCALS~1\Temp\ay5r26jw7s.exe

    O4 - HKCU\..\Run: [v0v2u14yd2vn] C:\DOCUME~1\Owner\LOCALS~1\Temp\h27t1hpbgakg7.exe

    O4 - HKCU\..\Run: [q4z8ps4crvd5uhqbe2pb1er7hysaovudc2qtm6n49a2rlo] C:\DOCUME~1\Owner\LOCALS~1\Temp\dievxjhut4.exe

    O4 - HKCU\..\Run: [i6pac2b1hmax3c1ik4hahm1nppqeq96xgyfgj53kouefc9wep] C:\DOCUME~1\Owner\LOCALS~1\Temp\kwz3vsgklmt.exe

    O4 - HKCU\..\Run: [e2xr3glmmz9529575iivn5ab1u7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\ln41ms0cmgop.exe

    O4 - HKCU\..\Run: [a5ppuh1zu0uznj3sjy4dndmf28] C:\DOCUME~1\Owner\LOCALS~1\Temp\c9do4f0mua6u0.exe

    O4 - HKCU\..\Run: [efrpoe8zs9nj969nnlaql0jibhp81z5gud9sls] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpx4m6cfahgbv.exe

    O4 - HKCU\..\Run: [ubbbzpbj2nqthuzh269htdootorpn5d0jilthmdt6ijemxzp9] C:\DOCUME~1\Owner\LOCALS~1\Temp\iz22dn.exe

    O4 - HKCU\..\Run: [jcivfsp3mmnj] C:\DOCUME~1\Owner\LOCALS~1\Temp\s1sqywvp65.exe

    O4 - HKCU\..\Run: [zb2ghamaiptudpbw5vrd4fnqhet3y7j] C:\DOCUME~1\Owner\LOCALS~1\Temp\txg8fuke7i.exe

    O4 - HKCU\..\Run: [hhbitzasfkmpqqkgom46h0fa8s4wpkn0] C:\DOCUME~1\Owner\LOCALS~1\Temp\z51vqpd.exe

    O4 - HKCU\..\Run: [dofhjsvvffbh0b1ff3734tsyngjyzged8mdeiu88glk6] C:\DOCUME~1\Owner\LOCALS~1\Temp\rn8zfb.exe

    O4 - HKCU\..\Run: [a6zpsz5hbmpq3hljr0xs6ae67bwz0b1cyw6zxvd5f] C:\DOCUME~1\Owner\LOCALS~1\Temp\h9ubr1m.exe

    O4 - HKCU\..\Run: [hfv26hse0y91dgf3h3tr4j7xbk0]

  6. #6
    Join Date
    Feb 2009
    Posts
    11
    Part 3:

    C:\DOCUME~1\Owner\LOCALS~1\Temp\o81wawg02if4l.exe

    O4 - HKCU\..\Run: [zo5tv0j5iw73gmus4bgwksoce0wu8s1p8xt9hurbvoi9tdyr] C:\DOCUME~1\Owner\LOCALS~1\Temp\sxdxnst.exe

    O4 - HKCU\..\Run: [y2jkfw24p62rns7e3qmi54yvaonun70vas77rl9qi] C:\DOCUME~1\Owner\LOCALS~1\Temp\c1fz53zty6.exe

    O4 - HKCU\..\Run: [s3byyptq1mkqer5345t9zawlyeggz24mj] C:\DOCUME~1\Owner\LOCALS~1\Temp\odkgjulx2i2y.exe

    O4 - HKCU\..\Run: [ri2w4s477jtsqvlo8y] C:\DOCUME~1\Owner\LOCALS~1\Temp\ko8y6y82fc.exe

    O4 - HKCU\..\Run: [ts06ll5yxs97p482he49q8uaj2dci] C:\DOCUME~1\Owner\LOCALS~1\Temp\rwy6nkz5.exe

    O4 - HKCU\..\Run: [yvez4yuaw4993fmf] C:\DOCUME~1\Owner\LOCALS~1\Temp\tvi7vpj2.exe

    O4 - HKCU\..\Run: [vvztg88k886cp6zr2vho3cpg12] C:\DOCUME~1\Owner\LOCALS~1\Temp\sg15yvf3yk.exe

    O4 - HKCU\..\Run: [l8widd8ow1w3x3mhdw2xf5vj4zoj44n56wcw20g19t5hxs] C:\DOCUME~1\Owner\LOCALS~1\Temp\aupoon.exe

    O4 - HKCU\..\Run: [urqb6xpc75u0fqvgac7ntg238wwda87bivkaj] C:\DOCUME~1\Owner\LOCALS~1\Temp\sqw8ns.exe

    O4 - HKCU\..\Run: [up2nmv37q4jr] C:\DOCUME~1\Owner\LOCALS~1\Temp\hj1p12io.exe

    O4 - HKCU\..\Run: [go82hy46uk95i5r7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\wawqk8xclqf.exe

    O4 - HKCU\..\Run: [i9jhe68max] C:\DOCUME~1\Owner\LOCALS~1\Temp\px88ru8e5emz.exe

    O4 - HKCU\..\Run: [bhl7tqtjzzw3fhfzzce43hj0mwo1mgt4i] C:\DOCUME~1\Owner\LOCALS~1\Temp\rgyupt9.exe

    O4 - HKCU\..\Run: [qjz939qhg26t2] C:\DOCUME~1\Owner\LOCALS~1\Temp\goavpz386e.exe

    O4 - HKCU\..\Run: [ino7oolzf64ub8chxc3c2edf69fsonm3bo6x28z3wkyacmfim] C:\DOCUME~1\Owner\LOCALS~1\Temp\alrbnlflrfsk.exe

    O4 - HKCU\..\Run: [g67n57z2bjfohfil] C:\DOCUME~1\Owner\LOCALS~1\Temp\nd5w2vg3tkx6.exe

    O4 - HKCU\..\Run: [p8nmgftspsz6c4ldytdeyh9hir] C:\DOCUME~1\Owner\LOCALS~1\Temp\c4hxl1v.exe

    O4 - HKCU\..\Run: [g1ju5r45c5c40cco0qqyhyimems26d3] C:\DOCUME~1\Owner\LOCALS~1\Temp\hkhwpxsx7r.exe

    O4 - HKCU\..\Run: [loopig1v7kq1ofjrrv4imqt21sozn3333p0h67q15pujja4] C:\DOCUME~1\Owner\LOCALS~1\Temp\kiogbclht3k.exe

    O4 - HKCU\..\Run: [huhmu0w3jd5k] C:\DOCUME~1\Owner\LOCALS~1\Temp\y1ozymnawl3r.exe

    O4 - HKCU\..\Run: [y32d8ezru4hmxa45k7of2j4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jd22ac63b.exe

    O4 - HKCU\..\Run: [krzbmyl4mvzwjv3cohy3qyttumqnfjryrx4tvpa1o] C:\DOCUME~1\Owner\LOCALS~1\Temp\yg2mdj9.exe

    O4 - HKCU\..\Run: [hn9h5m2mb1yb4rj] C:\DOCUME~1\Owner\LOCALS~1\Temp\rmelk5kq.exe

    O4 - HKCU\..\Run: [pe2z1kt8ttube1g2istadc4xotonhqf1gp] C:\DOCUME~1\Owner\LOCALS~1\Temp\j3b0rvje.exe

    O4 - HKCU\..\Run: [djllfosnwl9txqjx] C:\DOCUME~1\Owner\LOCALS~1\Temp\ffs70l089scjc.exe

    O4 - HKCU\..\Run: [q3ypqxn3x3erj9bzhx72fnn3yj7e5b1cxxc4sry] C:\DOCUME~1\Owner\LOCALS~1\Temp\b0bq8wq.exe

    O4 - HKCU\..\Run: [fb17gzfkxchbmvgmel4x9umfie86vkwao5rla032h2] C:\DOCUME~1\Owner\LOCALS~1\Temp\jzspcsnsi3.exe

    O4 - HKCU\..\Run: [benlq4emlzrkwbag2gypjb93az62] C:\DOCUME~1\Owner\LOCALS~1\Temp\xgislhi5qxvu.exe

    O4 - HKCU\..\Run: [rzy4oeejvkoie9id] C:\DOCUME~1\Owner\LOCALS~1\Temp\qyzav4h4.exe

    O4 - HKCU\..\Run: [ag0eqxlwrzlinp8vqshnacu8rqmj4] C:\DOCUME~1\Owner\LOCALS~1\Temp\efpdntch69.exe

    O4 - HKCU\..\Run: [ycfwz37egeejoxqclbjfs8oa1mf20ta6vt9klmdh5] C:\DOCUME~1\Owner\LOCALS~1\Temp\q8ykfbjaqxm1.exe

    O4 - HKCU\..\Run: [azfkxi9xyb7vfham8r9dqsdm3z55j] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpkgt9.exe

    O4 - HKCU\..\Run: [fyc86gdd3zji9y56xqsmv9rnn3oeeqiwdk7twr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ti8eq0y2.exe

    O4 - HKCU\..\Run: [xz1noqb87ex4wgqank0f350mrbyc] C:\DOCUME~1\Owner\LOCALS~1\Temp\x7kfkwbxqx.exe

    O4 - HKCU\..\Run: [uji7okdhgq3b7hb3sdly1hgte] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3c6xsndp3.exe

    O4 - HKCU\..\Run: [bpynr9d58pe0dtoisp3kdl24d9jgegm8497hoox3chts] C:\DOCUME~1\Owner\LOCALS~1\Temp\amrzpb40c90.exe

    O4 - HKCU\..\Run: [hoi1bq267858ytr4uxc272zofx2p585] C:\DOCUME~1\Owner\LOCALS~1\Temp\z7a1iv8m19j3q.exe

    O4 - HKCU\..\Run: [slxq1lrbm1hdsbwvy4kwu6cw96boep362xfh] C:\DOCUME~1\Owner\LOCALS~1\Temp\sdmjp0.exe

    O4 - HKCU\..\Run: [ngwdkgv2v9kkb4g8p] C:\DOCUME~1\Owner\LOCALS~1\Temp\o3o5ris.exe

    O4 - HKCU\..\Run: [p6k3brt5f8xl9m0] C:\DOCUME~1\Owner\LOCALS~1\Temp\ofc5bjglya.exe

    O4 - HKCU\..\Run: [inthnot9y0is] C:\DOCUME~1\Owner\LOCALS~1\Temp\k0v7nk374acm.exe

    O4 - HKCU\..\Run: [raav0srr92iahofcf08fzygc3dxi6j1d7dp64f9bow] C:\DOCUME~1\Owner\LOCALS~1\Temp\glv9g4.exe

    O4 - HKCU\..\Run: [a9fioaoleelpeorp1kg] C:\DOCUME~1\Owner\LOCALS~1\Temp\sejqdvtx.exe

    O4 - HKCU\..\Run: [vddz10cf53t1rh5ss1qqs] C:\DOCUME~1\Owner\LOCALS~1\Temp\lkvpk04zh.exe

    O4 - HKCU\..\Run: [daj5pc6t6jvh3qulc8u74] C:\DOCUME~1\Owner\LOCALS~1\Temp\rz2s6fxj3m.exe

    O4 - HKCU\..\Run: [nu0a0g4q56lgwxlk5u4fbi4h0fcyqaxc98lbnc45d3yo] C:\DOCUME~1\Owner\LOCALS~1\Temp\jv9tmkoamg.exe

    O4 - HKCU\..\Run: [ynb3ohteij31cfpqfivntr0db5k6iu1f] C:\DOCUME~1\Owner\LOCALS~1\Temp\y4slhy.exe

    O4 - HKCU\..\Run: [kcf14y15dlnwuiqvynheyami3e01uh02lpf103v8] C:\DOCUME~1\Owner\LOCALS~1\Temp\p6c22w0200hr.exe

    O4 - HKCU\..\Run: [elc4r21quk8d3rxpby8umye4p0jgq5yzf2rkxt6enio21zo8dx] C:\DOCUME~1\Owner\LOCALS~1\Temp\iocktjz1.exe

    O4 - HKCU\..\Run: [m6dsdj32imx1l8bujf964k7cedw82vkzuui8kb] C:\DOCUME~1\Owner\LOCALS~1\Temp\slqpytm.exe

    O4 - HKCU\..\Run: [owjsq9b50w207yyfwx2u1cs5uqqwb0zo] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4984koq.exe

    O4 - HKCU\..\Run: [yaoef3sevm0wztwjztheyps] C:\DOCUME~1\Owner\LOCALS~1\Temp\o69rauq2i.exe

    O4 - HKCU\..\Run: [h4ry7yrvn3m53ttv0wqlqptfg76kzmh2k] C:\DOCUME~1\Owner\LOCALS~1\Temp\oixruvegp0tg.exe

    O4 - HKCU\..\Run: [is22mvqiw2j24atfm] C:\DOCUME~1\Owner\LOCALS~1\Temp\ge4sa05q8umq.exe

    O4 - HKCU\..\Run: [ddl1jj52jdy27foq7xv0agz2frrwtqawwyfciipqaoi329] C:\DOCUME~1\Owner\LOCALS~1\Temp\hastayuf9748.exe

    O4 - HKCU\..\Run: [ddoxi6h102h5kkg5jbrrahdeo8q69sn6serprsfvq1yotw95] C:\DOCUME~1\Owner\LOCALS~1\Temp\scbcx8f8cpnz8.exe

    O4 - HKCU\..\Run: [bosvf54rzzearfrc3woznnhyd36axe0s6fuxfsr5d50dovk] C:\DOCUME~1\Owner\LOCALS~1\Temp\k8zdwd6zv0zs9.exe

    O4 - HKCU\..\Run: [czwtcnr0ydufhtj2n04qhalijfmxlhde1zx53s3f096bxl] C:\DOCUME~1\Owner\LOCALS~1\Temp\c46xc1xqeuslt.exe

    O4 - HKCU\..\Run: [nu9b8dzgnffhz608pfmpd7i1k0hzsli5jof6iftrztsz6ysza] C:\DOCUME~1\Owner\LOCALS~1\Temp\zbixzk9kb13.exe

    O4 - HKCU\..\Run: [fo4uxg55zy] C:\DOCUME~1\Owner\LOCALS~1\Temp\cqphlz24xuff.exe

    O4 - HKCU\..\Run: [g7cl3ksj5zy454jjmx] C:\DOCUME~1\Owner\LOCALS~1\Temp\zldh50q.exe

    O4 - HKCU\..\Run: [qamacj5cqvkzettu6gd] C:\DOCUME~1\Owner\LOCALS~1\Temp\j8w24uwgdp.exe

    O4 - HKCU\..\Run: [z7vlnyl7smhw2bal5e6e8t51c6l2vc0n9i4zn84zs] C:\DOCUME~1\Owner\LOCALS~1\Temp\urflapon7s3.exe

    O4 - HKCU\..\Run: [dbtdcdhrgck] C:\DOCUME~1\Owner\LOCALS~1\Temp\ygr3n0u43d4ag.exe

    O4 - HKCU\..\Run: [mjbz72u1g7dg5zr6] C:\DOCUME~1\Owner\LOCALS~1\Temp\f5340w7.exe

    O4 - HKCU\..\Run: [bvxzdxi3hk6hmmu1i0t7i96cqxz3ak41xbz5] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryrlena3u.exe

    O4 - HKCU\..\Run: [da4lrpy5ozdjbh0pimkzdidhpuw4ngeelke] C:\DOCUME~1\Owner\LOCALS~1\Temp\e0hqzwsl8p3ok.exe

    O4 - HKCU\..\Run: [a91ywwtuwf6cfz18v5y8qyaqi8rmj482sif6] C:\DOCUME~1\Owner\LOCALS~1\Temp\uihp9jr1z.exe

    O4 - HKCU\..\Run: [tr8yvjuct4jvsmta2jlkgz2czscm5b] C:\DOCUME~1\Owner\LOCALS~1\Temp\i99f0nfp7.exe

    O4 - HKCU\..\Run: [p3odhdsv6slgcsm0k0bibdlg421wg] C:\DOCUME~1\Owner\LOCALS~1\Temp\bwlx7sqrrp.exe

    O4 - HKCU\..\Run: [ip1k3ad3i6knox] C:\DOCUME~1\Owner\LOCALS~1\Temp\zmd5o9.exe

    O4 - HKCU\..\Run: [hgvhnvrwtuqmaljyn8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\hlu4s5t3w.exe

    O4 - HKCU\..\Run: [db277de06wu51aj0o19vq] C:\DOCUME~1\Owner\LOCALS~1\Temp\nawrk0.exe

    O4 - HKCU\..\Run: [e1yi1jypbbt5r] C:\DOCUME~1\Owner\LOCALS~1\Temp\s9w7odjtz.exe

    O4 - HKCU\..\Run: [qr76txq5jr1onlutr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ka3bdzfy.exe

    O4 - HKCU\..\Run: [m3h7alk9ho0bwkr9w0] C:\DOCUME~1\Owner\LOCALS~1\Temp\c6acc46p.exe

    O4 - HKCU\..\Run: [dy2h3isxq23mr] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtmuj9hrl.exe

    O4 - HKCU\..\Run: [pjdp3t7po4s2odhth] C:\DOCUME~1\Owner\LOCALS~1\Temp\gvmd6jjksm.exe

    O4 - HKCU\..\Run: [rvapfrr5ru2sk118les0rjnndx18kpqj57] C:\DOCUME~1\Owner\LOCALS~1\Temp\ziycw5umrkh.exe

    O4 - HKCU\..\Run: [of2l9ryldmfb4oq3g9t9yfesrusb4gto9uowhf] C:\DOCUME~1\Owner\LOCALS~1\Temp\g7ad9k7heqoc3.exe

    O4 - HKCU\..\Run: [su59f82jhy5ctp8puo36phywuh2] C:\DOCUME~1\Owner\LOCALS~1\Temp\y80yy6mmxknz.exe

    O4 - HKCU\..\Run: [m80rl22powjn57nurju] C:\DOCUME~1\Owner\LOCALS~1\Temp\bn71klf6jwzj8.exe

    O4 - HKCU\..\Run: [m2p83cq68a20] C:\DOCUME~1\Owner\LOCALS~1\Temp\fcjjxhs.exe

    O4 - HKCU\..\Run: [yqah7gedk9kvo] C:\DOCUME~1\Owner\LOCALS~1\Temp\ex2lq1w6c.exe

    O4 - HKCU\..\Run: [hjh0lwq3p9pw0e0zqwkmcderf2zaqwk77t1gy9vktbgav4w4mb] C:\DOCUME~1\Owner\LOCALS~1\Temp\bxla27waab.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{A25B1D89-4DD8-464A-8CE0-ECDCBFD07200}: NameServer = 85.255.112.39,85.255.112.40

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

    O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS



    --

    End of file - 27749 bytes

  7. #7
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Did you look for TDSS as requested?

    Why does your hijackthis have spaces in between each entry?

    MBA-M can be run in safe mode.

    Your pc looks like it has been completely taken over. Do not be surprised if we cannot clean it up and you end up reformatting.

    ==

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

    ==

    Please re-run hijackthis again, select Do a system scan and save a logfile. When notepad opens, go to the Format Tab and de-select Word Wrap.
    Highlight the entire text and post the log back here.

  8. #8
    Join Date
    Feb 2009
    Posts
    11
    Part 3:

    C:\DOCUME~1\Owner\LOCALS~1\Temp\o81wawg02if4l.exe

    O4 - HKCU\..\Run: [zo5tv0j5iw73gmus4bgwksoce0wu8s1p8xt9hurbvoi9tdyr] C:\DOCUME~1\Owner\LOCALS~1\Temp\sxdxnst.exe

    O4 - HKCU\..\Run: [y2jkfw24p62rns7e3qmi54yvaonun70vas77rl9qi] C:\DOCUME~1\Owner\LOCALS~1\Temp\c1fz53zty6.exe

    O4 - HKCU\..\Run: [s3byyptq1mkqer5345t9zawlyeggz24mj] C:\DOCUME~1\Owner\LOCALS~1\Temp\odkgjulx2i2y.exe

    O4 - HKCU\..\Run: [ri2w4s477jtsqvlo8y] C:\DOCUME~1\Owner\LOCALS~1\Temp\ko8y6y82fc.exe

    O4 - HKCU\..\Run: [ts06ll5yxs97p482he49q8uaj2dci] C:\DOCUME~1\Owner\LOCALS~1\Temp\rwy6nkz5.exe

    O4 - HKCU\..\Run: [yvez4yuaw4993fmf] C:\DOCUME~1\Owner\LOCALS~1\Temp\tvi7vpj2.exe

    O4 - HKCU\..\Run: [vvztg88k886cp6zr2vho3cpg12] C:\DOCUME~1\Owner\LOCALS~1\Temp\sg15yvf3yk.exe

    O4 - HKCU\..\Run: [l8widd8ow1w3x3mhdw2xf5vj4zoj44n56wcw20g19t5hxs] C:\DOCUME~1\Owner\LOCALS~1\Temp\aupoon.exe

    O4 - HKCU\..\Run: [urqb6xpc75u0fqvgac7ntg238wwda87bivkaj] C:\DOCUME~1\Owner\LOCALS~1\Temp\sqw8ns.exe

    O4 - HKCU\..\Run: [up2nmv37q4jr] C:\DOCUME~1\Owner\LOCALS~1\Temp\hj1p12io.exe

    O4 - HKCU\..\Run: [go82hy46uk95i5r7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\wawqk8xclqf.exe

    O4 - HKCU\..\Run: [i9jhe68max] C:\DOCUME~1\Owner\LOCALS~1\Temp\px88ru8e5emz.exe

    O4 - HKCU\..\Run: [bhl7tqtjzzw3fhfzzce43hj0mwo1mgt4i] C:\DOCUME~1\Owner\LOCALS~1\Temp\rgyupt9.exe

    O4 - HKCU\..\Run: [qjz939qhg26t2] C:\DOCUME~1\Owner\LOCALS~1\Temp\goavpz386e.exe

    O4 - HKCU\..\Run: [ino7oolzf64ub8chxc3c2edf69fsonm3bo6x28z3wkyacmfim] C:\DOCUME~1\Owner\LOCALS~1\Temp\alrbnlflrfsk.exe

    O4 - HKCU\..\Run: [g67n57z2bjfohfil] C:\DOCUME~1\Owner\LOCALS~1\Temp\nd5w2vg3tkx6.exe

    O4 - HKCU\..\Run: [p8nmgftspsz6c4ldytdeyh9hir] C:\DOCUME~1\Owner\LOCALS~1\Temp\c4hxl1v.exe

    O4 - HKCU\..\Run: [g1ju5r45c5c40cco0qqyhyimems26d3] C:\DOCUME~1\Owner\LOCALS~1\Temp\hkhwpxsx7r.exe

    O4 - HKCU\..\Run: [loopig1v7kq1ofjrrv4imqt21sozn3333p0h67q15pujja4] C:\DOCUME~1\Owner\LOCALS~1\Temp\kiogbclht3k.exe

    O4 - HKCU\..\Run: [huhmu0w3jd5k] C:\DOCUME~1\Owner\LOCALS~1\Temp\y1ozymnawl3r.exe

    O4 - HKCU\..\Run: [y32d8ezru4hmxa45k7of2j4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jd22ac63b.exe

    O4 - HKCU\..\Run: [krzbmyl4mvzwjv3cohy3qyttumqnfjryrx4tvpa1o] C:\DOCUME~1\Owner\LOCALS~1\Temp\yg2mdj9.exe

    O4 - HKCU\..\Run: [hn9h5m2mb1yb4rj] C:\DOCUME~1\Owner\LOCALS~1\Temp\rmelk5kq.exe

    O4 - HKCU\..\Run: [pe2z1kt8ttube1g2istadc4xotonhqf1gp] C:\DOCUME~1\Owner\LOCALS~1\Temp\j3b0rvje.exe

    O4 - HKCU\..\Run: [djllfosnwl9txqjx] C:\DOCUME~1\Owner\LOCALS~1\Temp\ffs70l089scjc.exe

    O4 - HKCU\..\Run: [q3ypqxn3x3erj9bzhx72fnn3yj7e5b1cxxc4sry] C:\DOCUME~1\Owner\LOCALS~1\Temp\b0bq8wq.exe

    O4 - HKCU\..\Run: [fb17gzfkxchbmvgmel4x9umfie86vkwao5rla032h2] C:\DOCUME~1\Owner\LOCALS~1\Temp\jzspcsnsi3.exe

    O4 - HKCU\..\Run: [benlq4emlzrkwbag2gypjb93az62] C:\DOCUME~1\Owner\LOCALS~1\Temp\xgislhi5qxvu.exe

    O4 - HKCU\..\Run: [rzy4oeejvkoie9id] C:\DOCUME~1\Owner\LOCALS~1\Temp\qyzav4h4.exe

    O4 - HKCU\..\Run: [ag0eqxlwrzlinp8vqshnacu8rqmj4] C:\DOCUME~1\Owner\LOCALS~1\Temp\efpdntch69.exe

    O4 - HKCU\..\Run: [ycfwz37egeejoxqclbjfs8oa1mf20ta6vt9klmdh5] C:\DOCUME~1\Owner\LOCALS~1\Temp\q8ykfbjaqxm1.exe

    O4 - HKCU\..\Run: [azfkxi9xyb7vfham8r9dqsdm3z55j] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpkgt9.exe

    O4 - HKCU\..\Run: [fyc86gdd3zji9y56xqsmv9rnn3oeeqiwdk7twr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ti8eq0y2.exe

    O4 - HKCU\..\Run: [xz1noqb87ex4wgqank0f350mrbyc] C:\DOCUME~1\Owner\LOCALS~1\Temp\x7kfkwbxqx.exe

    O4 - HKCU\..\Run: [uji7okdhgq3b7hb3sdly1hgte] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3c6xsndp3.exe

    O4 - HKCU\..\Run: [bpynr9d58pe0dtoisp3kdl24d9jgegm8497hoox3chts] C:\DOCUME~1\Owner\LOCALS~1\Temp\amrzpb40c90.exe

    O4 - HKCU\..\Run: [hoi1bq267858ytr4uxc272zofx2p585] C:\DOCUME~1\Owner\LOCALS~1\Temp\z7a1iv8m19j3q.exe

    O4 - HKCU\..\Run: [slxq1lrbm1hdsbwvy4kwu6cw96boep362xfh] C:\DOCUME~1\Owner\LOCALS~1\Temp\sdmjp0.exe

    O4 - HKCU\..\Run: [ngwdkgv2v9kkb4g8p] C:\DOCUME~1\Owner\LOCALS~1\Temp\o3o5ris.exe

    O4 - HKCU\..\Run: [p6k3brt5f8xl9m0] C:\DOCUME~1\Owner\LOCALS~1\Temp\ofc5bjglya.exe

    O4 - HKCU\..\Run: [inthnot9y0is] C:\DOCUME~1\Owner\LOCALS~1\Temp\k0v7nk374acm.exe

    O4 - HKCU\..\Run: [raav0srr92iahofcf08fzygc3dxi6j1d7dp64f9bow] C:\DOCUME~1\Owner\LOCALS~1\Temp\glv9g4.exe

    O4 - HKCU\..\Run: [a9fioaoleelpeorp1kg] C:\DOCUME~1\Owner\LOCALS~1\Temp\sejqdvtx.exe

    O4 - HKCU\..\Run: [vddz10cf53t1rh5ss1qqs] C:\DOCUME~1\Owner\LOCALS~1\Temp\lkvpk04zh.exe

    O4 - HKCU\..\Run: [daj5pc6t6jvh3qulc8u74] C:\DOCUME~1\Owner\LOCALS~1\Temp\rz2s6fxj3m.exe

    O4 - HKCU\..\Run: [nu0a0g4q56lgwxlk5u4fbi4h0fcyqaxc98lbnc45d3yo] C:\DOCUME~1\Owner\LOCALS~1\Temp\jv9tmkoamg.exe

    O4 - HKCU\..\Run: [ynb3ohteij31cfpqfivntr0db5k6iu1f] C:\DOCUME~1\Owner\LOCALS~1\Temp\y4slhy.exe

    O4 - HKCU\..\Run: [kcf14y15dlnwuiqvynheyami3e01uh02lpf103v8] C:\DOCUME~1\Owner\LOCALS~1\Temp\p6c22w0200hr.exe

    O4 - HKCU\..\Run: [elc4r21quk8d3rxpby8umye4p0jgq5yzf2rkxt6enio21zo8dx] C:\DOCUME~1\Owner\LOCALS~1\Temp\iocktjz1.exe

    O4 - HKCU\..\Run: [m6dsdj32imx1l8bujf964k7cedw82vkzuui8kb] C:\DOCUME~1\Owner\LOCALS~1\Temp\slqpytm.exe

    O4 - HKCU\..\Run: [owjsq9b50w207yyfwx2u1cs5uqqwb0zo] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4984koq.exe

    O4 - HKCU\..\Run: [yaoef3sevm0wztwjztheyps] C:\DOCUME~1\Owner\LOCALS~1\Temp\o69rauq2i.exe

    O4 - HKCU\..\Run: [h4ry7yrvn3m53ttv0wqlqptfg76kzmh2k] C:\DOCUME~1\Owner\LOCALS~1\Temp\oixruvegp0tg.exe

    O4 - HKCU\..\Run: [is22mvqiw2j24atfm] C:\DOCUME~1\Owner\LOCALS~1\Temp\ge4sa05q8umq.exe

    O4 - HKCU\..\Run: [ddl1jj52jdy27foq7xv0agz2frrwtqawwyfciipqaoi329] C:\DOCUME~1\Owner\LOCALS~1\Temp\hastayuf9748.exe

    O4 - HKCU\..\Run: [ddoxi6h102h5kkg5jbrrahdeo8q69sn6serprsfvq1yotw95] C:\DOCUME~1\Owner\LOCALS~1\Temp\scbcx8f8cpnz8.exe

    O4 - HKCU\..\Run: [bosvf54rzzearfrc3woznnhyd36axe0s6fuxfsr5d50dovk] C:\DOCUME~1\Owner\LOCALS~1\Temp\k8zdwd6zv0zs9.exe

    O4 - HKCU\..\Run: [czwtcnr0ydufhtj2n04qhalijfmxlhde1zx53s3f096bxl] C:\DOCUME~1\Owner\LOCALS~1\Temp\c46xc1xqeuslt.exe

    O4 - HKCU\..\Run: [nu9b8dzgnffhz608pfmpd7i1k0hzsli5jof6iftrztsz6ysza] C:\DOCUME~1\Owner\LOCALS~1\Temp\zbixzk9kb13.exe

    O4 - HKCU\..\Run: [fo4uxg55zy] C:\DOCUME~1\Owner\LOCALS~1\Temp\cqphlz24xuff.exe

    O4 - HKCU\..\Run: [g7cl3ksj5zy454jjmx] C:\DOCUME~1\Owner\LOCALS~1\Temp\zldh50q.exe

    O4 - HKCU\..\Run: [qamacj5cqvkzettu6gd] C:\DOCUME~1\Owner\LOCALS~1\Temp\j8w24uwgdp.exe

    O4 - HKCU\..\Run: [z7vlnyl7smhw2bal5e6e8t51c6l2vc0n9i4zn84zs] C:\DOCUME~1\Owner\LOCALS~1\Temp\urflapon7s3.exe

    O4 - HKCU\..\Run: [dbtdcdhrgck] C:\DOCUME~1\Owner\LOCALS~1\Temp\ygr3n0u43d4ag.exe

    O4 - HKCU\..\Run: [mjbz72u1g7dg5zr6] C:\DOCUME~1\Owner\LOCALS~1\Temp\f5340w7.exe

    O4 - HKCU\..\Run: [bvxzdxi3hk6hmmu1i0t7i96cqxz3ak41xbz5] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryrlena3u.exe

    O4 - HKCU\..\Run: [da4lrpy5ozdjbh0pimkzdidhpuw4ngeelke] C:\DOCUME~1\Owner\LOCALS~1\Temp\e0hqzwsl8p3ok.exe

    O4 - HKCU\..\Run: [a91ywwtuwf6cfz18v5y8qyaqi8rmj482sif6] C:\DOCUME~1\Owner\LOCALS~1\Temp\uihp9jr1z.exe

    O4 - HKCU\..\Run: [tr8yvjuct4jvsmta2jlkgz2czscm5b] C:\DOCUME~1\Owner\LOCALS~1\Temp\i99f0nfp7.exe

    O4 - HKCU\..\Run: [p3odhdsv6slgcsm0k0bibdlg421wg] C:\DOCUME~1\Owner\LOCALS~1\Temp\bwlx7sqrrp.exe

    O4 - HKCU\..\Run: [ip1k3ad3i6knox] C:\DOCUME~1\Owner\LOCALS~1\Temp\zmd5o9.exe

    O4 - HKCU\..\Run: [hgvhnvrwtuqmaljyn8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\hlu4s5t3w.exe

    O4 - HKCU\..\Run: [db277de06wu51aj0o19vq] C:\DOCUME~1\Owner\LOCALS~1\Temp\nawrk0.exe

    O4 - HKCU\..\Run: [e1yi1jypbbt5r] C:\DOCUME~1\Owner\LOCALS~1\Temp\s9w7odjtz.exe

    O4 - HKCU\..\Run: [qr76txq5jr1onlutr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ka3bdzfy.exe

    O4 - HKCU\..\Run: [m3h7alk9ho0bwkr9w0] C:\DOCUME~1\Owner\LOCALS~1\Temp\c6acc46p.exe

    O4 - HKCU\..\Run: [dy2h3isxq23mr] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtmuj9hrl.exe

    O4 - HKCU\..\Run: [pjdp3t7po4s2odhth] C:\DOCUME~1\Owner\LOCALS~1\Temp\gvmd6jjksm.exe

    O4 - HKCU\..\Run: [rvapfrr5ru2sk118les0rjnndx18kpqj57] C:\DOCUME~1\Owner\LOCALS~1\Temp\ziycw5umrkh.exe

    O4 - HKCU\..\Run: [of2l9ryldmfb4oq3g9t9yfesrusb4gto9uowhf] C:\DOCUME~1\Owner\LOCALS~1\Temp\g7ad9k7heqoc3.exe

    O4 - HKCU\..\Run: [su59f82jhy5ctp8puo36phywuh2] C:\DOCUME~1\Owner\LOCALS~1\Temp\y80yy6mmxknz.exe

    O4 - HKCU\..\Run: [m80rl22powjn57nurju] C:\DOCUME~1\Owner\LOCALS~1\Temp\bn71klf6jwzj8.exe

    O4 - HKCU\..\Run: [m2p83cq68a20] C:\DOCUME~1\Owner\LOCALS~1\Temp\fcjjxhs.exe

    O4 - HKCU\..\Run: [yqah7gedk9kvo] C:\DOCUME~1\Owner\LOCALS~1\Temp\ex2lq1w6c.exe

    O4 - HKCU\..\Run: [hjh0lwq3p9pw0e0zqwkmcderf2zaqwk77t1gy9vktbgav4w4mb] C:\DOCUME~1\Owner\LOCALS~1\Temp\bxla27waab.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{A25B1D89-4DD8-464A-8CE0-ECDCBFD07200}: NameServer = 85.255.112.39,85.255.112.40

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

    O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS



    --

    End of file - 27749 bytes

  9. #9
    Join Date
    Feb 2009
    Posts
    11
    I checked and I don't have any TDSSserv.

    I don't know why there are spaces when I post, but on the log there's no spaces. Here is my current hijackthis file:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 8:35:04 PM, on 2/23/2009

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal



    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\userinit.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\ThreatFire\TFTray.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\Program Files\BigFix\BigFix.exe

    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Nexon\Mabinogi\npkcmsvc.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\WINDOWS\system32\svchost.exe



    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

    O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS



    --

    End of file - 5140 bytes

  10. #10
    Join Date
    Feb 2004
    Location
    Mandurah, Western Australia
    Posts
    10,157
    Quote Originally Posted by crunchie View Post

    MBA-M can be run in safe mode.
    Did you try and run it?

    ==

    Quote Originally Posted by crunchie View Post

    Please re-run hijackthis again, select Do a system scan and save a logfile. When notepad opens, go to the Format Tab and de-select Word Wrap.
    Highlight the entire text and post the log back here.
    Did you try this? It should fix the formatting.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •