-
February 23rd, 2009, 06:14 PM
#1
Virus that won't let me open or run any anti-virus software
Hello, I'm not sure if this is the right place to post this, but here's my problem. I have Windows XP and had a Kaspersky trial, which expired about 2 days ago. Yesterday, something popped up on my screen where it looks like the generic install windows when you install a program. It automatically went "Next" and "Ok" and installed something by itself in about 3 seconds. I caught the name and it was called: BlueRaTech. I Googled this and only found one page that mentioned it was a virus or spyware. It's in my programs folder but only has an Uninstall option. I didn't want to click it just yet in case it might activate something. I installed other virus programs to scan, but it wouldn't load. I tried another antivirus program, but it would not start either. If I go to any anti-virus or spyware website, it blocks it. It gives always says there's a Network Interruption. But any other website is fine and I can visit, but it's just extremely slow.
I then went in Safe Mode to uninstall it with the Add/Remove. I went in Safe Mode with Networking, but when I tried to go online, I was unable to. And when I tried to run the antivirus, I was still unable to under Safe Mode. I just had my computer fixed (for a hardware problem) 3 weeks ago, so I did not have a save point for a system restore, but I do have a lot of files and programs that I don't want to get rid of. When I restarted in normal mode, and checked my programs, it was still there. I went ahead and did the Uninstall from the submenu and it said it was removed (but I highly doubt that). My computer still is unable to scan and unable to go directly to any anti-virus/spyware websites.
How can I clean this off my system? Thanks a lot!
-
February 23rd, 2009, 06:49 PM
#2
Open Device Manager and on the VIEW Tab, select the Show hidden devices option.
Go down to non plug and play drivers and see if there is one called TDSSserv and disable it.
Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebyt...are_d5756.html) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Make sure that you restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
==
-
February 23rd, 2009, 11:34 PM
#3
I tried to run Malwarebytes, but it always closes once it opens. I want to run it in safe mode, but I was thinking it might not catch everything since Safe Mode doesn't run everything. Should I anyway?
Here's my hijackthis file as of now. It's in multiple parts since the reply has a limited number of characters:
Part 1:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:03 PM, on 2/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Application Data\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Application Data\svchost.exe
C:\Documents and Settings\Owner\Application Data\cogad\cogad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\tvi7vpj2.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sg15yvf3yk.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\hj1p12io.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\aupoon.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sqw8ns.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\wawqk8xclqf.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\px88ru8e5emz.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\rgyupt9.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\goavpz386e.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\alrbnlflrfsk.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\nd5w2vg3tkx6.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\c4hxl1v.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\hkhwpxsx7r.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\kiogbclht3k.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\y1ozymnawl3r.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\jd22ac63b.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\yg2mdj9.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\rmelk5kq.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\j3b0rvje.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\ffs70l089scjc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\b0bq8wq.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\jzspcsnsi3.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\xgislhi5qxvu.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\qyzav4h4.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\q8ykfbjaqxm1.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\efpdntch69.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\hpkgt9.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\x7kfkwbxqx.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\p3c6xsndp3.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\ti8eq0y2.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\amrzpb40c90.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sdmjp0.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\z7a1iv8m19j3q.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\o3o5ris.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\ofc5bjglya.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\k0v7nk374acm.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sejqdvtx.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\glv9g4.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\jv9tmkoamg.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\lkvpk04zh.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\rz2s6fxj3m.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Last edited by lunacat; February 23rd, 2009 at 11:40 PM.
-
February 23rd, 2009, 11:41 PM
#4
Part 2:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: C:\WINDOWS\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [*svchostBoot] "C:\Documents and Settings\Owner\Application Data\svchost.exe"
O4 - HKLM\..\Run: [Tcahabiheb] rundll32.exe "C:\WINDOWS\Hnigumi.dll",e
O4 - HKLM\..\Run: [Ykotukejubet] rundll32.exe "C:\WINDOWS\uqasivolupufaxaw.dll",e
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [mqzlw4gi0dnwdwhc] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5i4lqjcb2i3.exe
O4 - HKCU\..\Run: [vaukk260lsgxv8bv9pjsfqn] C:\DOCUME~1\Owner\LOCALS~1\Temp\kkhiqo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eztmngr9ba0b6u5s5wye0fqpztl4zi2cerhq] C:\DOCUME~1\Owner\LOCALS~1\Temp\ee0ripqm3hv63.exe
O4 - HKCU\..\Run: [p3exwxjnz00appbcs43noa23i76x5eqr5eyiq82i4xmhxjmecn] C:\DOCUME~1\Owner\LOCALS~1\Temp\lzfw1irb.exe
O4 - HKCU\..\Run: [w2nlngwitbrrr6pkwxnskyw05x3ip9xl468e8feyab] C:\DOCUME~1\Owner\LOCALS~1\Temp\ael5d4zbfvtyg.exe
O4 - HKCU\..\Run: [fdour8ib9rit06xeljajb79utmfxht90pv4pjuw2us] C:\DOCUME~1\Owner\LOCALS~1\Temp\ha22x2zow62vc.exe
O4 - HKCU\..\Run: [hc9meyx78lwqytw7f2t07ceknwz6b9e7ficd8yytvcfvr] C:\DOCUME~1\Owner\LOCALS~1\Temp\awvtukpyp.exe
O4 - HKCU\..\Run: [e8bhvrepzouu65] C:\DOCUME~1\Owner\LOCALS~1\Temp\wmxywlhyva.exe
O4 - HKCU\..\Run: [gfz1as5yd9zdwu4iyxof91569xjol] C:\DOCUME~1\Owner\LOCALS~1\Temp\h5xhjvjvo6i.exe
O4 - HKCU\..\Run: [n4xr1jhc4ivzvwhx5ig9ja9y8dbfay9] C:\DOCUME~1\Owner\LOCALS~1\Temp\p9fxu7uza.exe
O4 - HKCU\..\Run: [frhe6wu9l] C:\DOCUME~1\Owner\LOCALS~1\Temp\qjkvlovabx.exe
O4 - HKCU\..\Run: [oreyk6d5zhn51q1dyfto5mhphvqbv] C:\DOCUME~1\Owner\LOCALS~1\Temp\sjahjnbgmqcbz.exe
O4 - HKCU\..\Run: [h84t9r73y] C:\DOCUME~1\Owner\LOCALS~1\Temp\z66pgb1zweo.exe
O4 - HKCU\..\Run: [zjf5fxthfuzmjtjlf3q48upvk56faj] C:\DOCUME~1\Owner\LOCALS~1\Temp\ymyo6h.exe
O4 - HKCU\..\Run: [epp42tugwq7i2vay3mk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qk444ptnyu22j.exe
O4 - HKCU\..\Run: [j83buy4gbcv5wqux] C:\DOCUME~1\Owner\LOCALS~1\Temp\vafocv0os.exe
O4 - HKCU\..\Run: [z5rc4hoczk2qiluythpws55yef0ghdvhb8o] C:\DOCUME~1\Owner\LOCALS~1\Temp\j7708iuf.exe
O4 - HKCU\..\Run: [jry7r2mbwsz6vb61jjgwogkgcgeoch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\cwdeklv.exe
O4 - HKCU\..\Run: [eq79azetdoexsvuw6srooy4oqx] C:\DOCUME~1\Owner\LOCALS~1\Temp\p8iob1n.exe
O4 - HKCU\..\Run: [pbb0hcz5moz2k3fsdf0l2o] C:\DOCUME~1\Owner\LOCALS~1\Temp\xe4j3gqm.exe
O4 - HKCU\..\Run: [hp56w58a6nmh9hy] C:\DOCUME~1\Owner\LOCALS~1\Temp\b536q1.exe
O4 - HKCU\..\Run: [oae6ks10u12p9] C:\DOCUME~1\Owner\LOCALS~1\Temp\mueruqmeknclj.exe
O4 - HKCU\..\Run: [vjz7qevgul9slb15zn6z19c893pv7rw9947olje6h7] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5rcu6o.exe
O4 - HKCU\..\Run: [ehz7jw7iwwwbzja0e7anjr5c7si2cupyhzfsrryb] C:\DOCUME~1\Owner\LOCALS~1\Temp\zhs23zvck66z.exe
O4 - HKCU\..\Run: [gs4z9o2w7ektr253n15d04uiwzrlgotwmyev2hb] C:\DOCUME~1\Owner\LOCALS~1\Temp\csktea328i.exe
O4 - HKCU\..\Run: [txb5mkc6s4doosha1s0] C:\DOCUME~1\Owner\LOCALS~1\Temp\dklz8z72f5.exe
O4 - HKCU\..\Run: [jkwu7kjle4qk9zlntifch65ar6d3g9] C:\DOCUME~1\Owner\LOCALS~1\Temp\t63qun0ormqwu.exe
O4 - HKCU\..\Run: [e486kapx4] C:\DOCUME~1\Owner\LOCALS~1\Temp\acmadnjqz1f.exe
O4 - HKCU\..\Run: [kkzmxx9co9jkamr03d673cu2r5w] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtuhhp1n.exe
O4 - HKCU\..\Run: [pgxq6ffzgtfn8zjkt7z70dp6k01fp2mbrgx8vb8kwlzfmmvlz4] C:\DOCUME~1\Owner\LOCALS~1\Temp\cuuhr46.exe
O4 - HKCU\..\Run: [iiyezar9qcfg3t0] C:\DOCUME~1\Owner\LOCALS~1\Temp\rbbylu.exe
O4 - HKCU\..\Run: [qhofb5bpc1zvwaaexmv2eqx4xc] C:\DOCUME~1\Owner\LOCALS~1\Temp\sd7o4zp21r.exe
O4 - HKCU\..\Run: [bepumlo9qka3d7rqrcc8hqdjwujsahsrfqr] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3ykig0etk.exe
O4 - HKCU\..\Run: [cnejyb6ynafpeqjn4swmt] C:\DOCUME~1\Owner\LOCALS~1\Temp\tf6do12c5j.exe
O4 - HKCU\..\Run: [f038bd8biwd] C:\DOCUME~1\Owner\LOCALS~1\Temp\x3o23e.exe
O4 - HKCU\..\Run: [iyowwrssch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4l84a2qz3.exe
O4 - HKCU\..\Run: [njijfz0fg8fulo6vh4ck455hinto7dk1a1gvtlm] C:\DOCUME~1\Owner\LOCALS~1\Temp\g8m190.exe
O4 - HKCU\..\Run: [ptmiouyvp9y1g2kjzb25ufqsl2lldnafz4xy] C:\DOCUME~1\Owner\LOCALS~1\Temp\nikxkh5.exe
O4 - HKCU\..\Run: [ct06q89w89lii12] C:\DOCUME~1\Owner\LOCALS~1\Temp\xcba6ycc.exe
O4 - HKCU\..\Run: [dxz1150usto61f3oqrwdnspjl27rljuarob2yg] C:\DOCUME~1\Owner\LOCALS~1\Temp\ig48kbpkd0.exe
O4 - HKCU\..\Run: [r59has6jsv0zug8c] C:\DOCUME~1\Owner\LOCALS~1\Temp\arsss7.exe
O4 - HKCU\..\Run: [cqpzp546i1ohpgwgxxbccouilmxh7i123zdw4tx623jxrb7m4b] C:\DOCUME~1\Owner\LOCALS~1\Temp\d89a5p4q.exe
O4 - HKCU\..\Run: [yxgf3kpymc0b03vytxdci] C:\DOCUME~1\Owner\LOCALS~1\Temp\ixt4zhk05.exe
O4 - HKCU\..\Run: [bd6sy0mrn9pm] C:\DOCUME~1\Owner\LOCALS~1\Temp\tkq0dg.exe
O4 - HKCU\..\Run: [hkkuz9ifzq] C:\DOCUME~1\Owner\LOCALS~1\Temp\t0xr63isaoeg.exe
O4 - HKCU\..\Run: [ny774bw7j4fz9w90gp39b7a4vfffk9idk7mw6zixkdwuo41z4n] C:\DOCUME~1\Owner\LOCALS~1\Temp\cs0igxdc.exe
O4 - HKCU\..\Run: [edlim34jbt35iu4qfxsdehcdrhe] C:\DOCUME~1\Owner\LOCALS~1\Temp\wiuvt54aq.exe
O4 - HKCU\..\Run: [rcxcvw7x99sq] C:\DOCUME~1\Owner\LOCALS~1\Temp\frn6whd.exe
O4 - HKCU\..\Run: [sg3r3d6dnnkwjiae4w7crldcdor1ihm7t97cu9s6n7p] C:\DOCUME~1\Owner\LOCALS~1\Temp\qtnpjrfo.exe
O4 - HKCU\..\Run: [rj5cfmsm0p5iqh3mn8vq0n6j02dr518] C:\DOCUME~1\Owner\LOCALS~1\Temp\a9u9ylwi.exe
O4 - HKCU\..\Run: [abznzraa4mpozjv1] C:\DOCUME~1\Owner\LOCALS~1\Temp\p4o6v3cz.exe
O4 - HKCU\..\Run: [qjv35oi6xbv723fqkp9deidj8c9e0njitc4pwo24f] C:\DOCUME~1\Owner\LOCALS~1\Temp\b3p99u6.exe
O4 - HKCU\..\Run: [w5fvvk4wjv2or6a9seexehi6hlsa9frqzk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qaek4z.exe
O4 - HKCU\..\Run: [v87d0yr34m40zpka9n1py750lsnpmqhxnhnsvh] C:\DOCUME~1\Owner\LOCALS~1\Temp\aw4vs0yecyy1.exe
O4 - HKCU\..\Run: [wf2544at5otn8suocjcci0tshgztve] C:\DOCUME~1\Owner\LOCALS~1\Temp\q49adqgwaaty.exe
O4 - HKCU\..\Run: [cml4x676kjoo] C:\DOCUME~1\Owner\LOCALS~1\Temp\en9swi5.exe
O4 - HKCU\..\Run: [trjqf0e73pkf] C:\DOCUME~1\Owner\LOCALS~1\Temp\teiobka81n.exe
O4 - HKCU\..\Run: [lv6ioiawblw05v4b4b0goxxjs7do6n2sb3hssapn1ekv3dpqb] C:\DOCUME~1\Owner\LOCALS~1\Temp\lczn1svxlzy.exe
O4 - HKCU\..\Run: [vmm16n6gg0nq2ejc49nu71dh19cr0y] C:\DOCUME~1\Owner\LOCALS~1\Temp\gikolagbd.exe
O4 - HKCU\..\Run: [xdwyfqmmbmi] C:\DOCUME~1\Owner\LOCALS~1\Temp\gku3tda9v7.exe
O4 - HKCU\..\Run: [tmj8tjefio560] C:\DOCUME~1\Owner\LOCALS~1\Temp\xguqgchr.exe
O4 - HKCU\..\Run: [bwn08bnugmz6kxk9m7] C:\DOCUME~1\Owner\LOCALS~1\Temp\wd1vwt4.exe
O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Owner\Application Data\cogad\cogad.exe" 61A847B5BBF72813329D31466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [fj859nt9bm9hzfg2p7itn8hctqvm5xf3rfzruev] C:\DOCUME~1\Owner\LOCALS~1\Temp\i0osvfy76.exe
O4 - HKCU\..\Run: [idztkg3sylkowdax71vkie8gnt0diiqdwb96] C:\DOCUME~1\Owner\LOCALS~1\Temp\v8d7u0.exe
O4 - HKCU\..\Run: [acxupptdjewbgz7qdfxi9u8iik4p9jh0psazd90] C:\DOCUME~1\Owner\LOCALS~1\Temp\oep65c1.exe
O4 - HKCU\..\Run: [gzzffsvvf85a5ecka6rixyyi6hr0nrashdw] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryftwi4.exe
O4 - HKCU\..\Run: [p1qs8wozhuy809xv7ctjagu3py7je2mho9] C:\DOCUME~1\Owner\LOCALS~1\Temp\cc3cmtu2cbw.exe
O4 - HKCU\..\Run: [gfp7sfoxrr] C:\DOCUME~1\Owner\LOCALS~1\Temp\rfmdp0xn9.exe
O4 - HKCU\..\Run: [c5n002t21pjoxzk1x5qe5u8tq9fdggkhp4gkq7gsxm7] C:\DOCUME~1\Owner\LOCALS~1\Temp\u4vkauji.exe
O4 - HKCU\..\Run: [zew782pfozd1v3ryh883z9rrluci0h0joeopoyas08lc7zv] C:\DOCUME~1\Owner\LOCALS~1\Temp\fne3g4lbh.exe
O4 - HKCU\..\Run: [n69wasr5hrz7xn517fayhp6c5ggpb3j91jsfble55vsjcm] C:\DOCUME~1\Owner\LOCALS~1\Temp\wez9e9g.exe
O4 - HKCU\..\Run: [u64oc0bvi6dv1rlyo3fejtg0laznq9twlphfepph1baouki] C:\DOCUME~1\Owner\LOCALS~1\Temp\lruunw078.exe
O4 - HKCU\..\Run: [k6ybzzpu94upahtupx12c9g] C:\DOCUME~1\Owner\LOCALS~1\Temp\lwhnrlqt.exe
O4 - HKCU\..\Run: [ikxeoi1me4] C:\DOCUME~1\Owner\LOCALS~1\Temp\dn8ywjksyiz.exe
O4 - HKCU\..\Run: [t7vyfzaewm9fdw4f5w3u6z5ipv1hxre8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\n153kaqoj6.exe
O4 - HKCU\..\Run: [gt0x8l10iwmse6ie7um7fiy4rjgcuwl] C:\DOCUME~1\Owner\LOCALS~1\Temp\hymjzwl14oc1.exe
O4 - HKCU\..\Run: [q9wos6cd1xu51q8rcxo0qty2809ue5hiv] C:\DOCUME~1\Owner\LOCALS~1\Temp\gt05hd643u.exe
O4 - HKCU\..\Run: [gido7tdsmmeiqtgevi9itxleron75l6] C:\DOCUME~1\Owner\LOCALS~1\Temp\u5v8t3p.exe
O4 - HKCU\..\Run: [my2g2w4o9r8u7m2oksy1binz4rdpj5] C:\DOCUME~1\Owner\LOCALS~1\Temp\xplvoz6.exe
O4 - HKCU\..\Run: [j7751seccyxv7du7o94mngsj8wav] C:\DOCUME~1\Owner\LOCALS~1\Temp\yzqtfgqn.exe
O4 - HKCU\..\Run: [ar2pmy3ougefig95czc8yqmg1u3h8f] C:\DOCUME~1\Owner\LOCALS~1\Temp\begw1vjqr.exe
O4 - HKCU\..\Run: [f9pytm4pmbhaio8iayao5vcxk6tuii89soyujjp0xa4oj] C:\DOCUME~1\Owner\LOCALS~1\Temp\aed29c.exe
O4 - HKCU\..\Run: [pno89zwtxohg] C:\DOCUME~1\Owner\LOCALS~1\Temp\iuu1dp6dx.exe
O4 - HKCU\..\Run: [x39brjs8fna2kuz] C:\DOCUME~1\Owner\LOCALS~1\Temp\wbk45ekqmje.exe
O4 - HKCU\..\Run: [bdbpjpj25gapcmkkis805qyqxwm3i4w7dgvoka0pv6k7q7gqw] C:\DOCUME~1\Owner\LOCALS~1\Temp\jnswb7xd.exe
O4 - HKCU\..\Run: [pw5vpf0oxa8el] C:\DOCUME~1\Owner\LOCALS~1\Temp\tfnhqhfv.exe
O4 - HKCU\..\Run: [ac74e653a1] C:\DOCUME~1\Owner\LOCALS~1\Temp\o2w55k.exe
O4 - HKCU\..\Run: [vkmtlmvhdbudwin91p5xpccirla6dynnb] C:\DOCUME~1\Owner\LOCALS~1\Temp\qc4xo3a8zl.exe
O4 - HKCU\..\Run: [ej35eim0d9motvuorji4nd] C:\DOCUME~1\Owner\LOCALS~1\Temp\xg6inegnndm96.exe
O4 - HKCU\..\Run: [zm28d7bbdpn02bh2qtztd45efqsuxijm92pj1n0h2e964i2a] C:\DOCUME~1\Owner\LOCALS~1\Temp\ucuv2ua3.exe
O4 - HKCU\..\Run: [z3dbsfhunn66rs] C:\DOCUME~1\Owner\LOCALS~1\Temp\pjh1tm4.exe
O4 - HKCU\..\Run: [cfcpwejtyvlir] C:\DOCUME~1\Owner\LOCALS~1\Temp\s3qooil.exe
O4 - HKCU\..\Run: [fp8umyfol5xd1pqks6ha91i87gswcdx046lnhm] C:\DOCUME~1\Owner\LOCALS~1\Temp\zel9rv3h.exe
O4 - HKCU\..\Run: [o3zvxm8i2k2u604hv6h48dpu5gn3fxrb24auro8q2katm5] C:\DOCUME~1\Owner\LOCALS~1\Temp\o0eq13drb9su.exe
O4 - HKCU\..\Run: [xuufkr1whzen0n1xj3qd65qlnn4lztba33zt1s4g] C:\DOCUME~1\Owner\LOCALS~1\Temp\j6gu6olz.exe
O4 - HKCU\..\Run: [ohxtkbc016m0tqm0mgkvreran4rtigun4seb3i7txcmw] C:\DOCUME~1\Owner\LOCALS~1\Temp\yodio9tfw.exe
O4 - HKCU\..\Run: [yqwqkvogp4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jqw1f99zk4.exe
O4 - HKCU\..\Run: [fizu0k6l8s0gat42z030npgr08s8t5vdlae] C:\DOCUME~1\Owner\LOCALS~1\Temp\m0rl0z.exe
O4 - HKCU\..\Run: [c0h6qhwxfvix7or2fd0hradugmr4z5p2g55kwnjkn] C:\DOCUME~1\Owner\LOCALS~1\Temp\ay5r26jw7s.exe
O4 - HKCU\..\Run: [v0v2u14yd2vn] C:\DOCUME~1\Owner\LOCALS~1\Temp\h27t1hpbgakg7.exe
O4 - HKCU\..\Run: [q4z8ps4crvd5uhqbe2pb1er7hysaovudc2qtm6n49a2rlo] C:\DOCUME~1\Owner\LOCALS~1\Temp\dievxjhut4.exe
O4 - HKCU\..\Run: [i6pac2b1hmax3c1ik4hahm1nppqeq96xgyfgj53kouefc9wep] C:\DOCUME~1\Owner\LOCALS~1\Temp\kwz3vsgklmt.exe
O4 - HKCU\..\Run: [e2xr3glmmz9529575iivn5ab1u7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\ln41ms0cmgop.exe
O4 - HKCU\..\Run: [a5ppuh1zu0uznj3sjy4dndmf28] C:\DOCUME~1\Owner\LOCALS~1\Temp\c9do4f0mua6u0.exe
O4 - HKCU\..\Run: [efrpoe8zs9nj969nnlaql0jibhp81z5gud9sls] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpx4m6cfahgbv.exe
O4 - HKCU\..\Run: [ubbbzpbj2nqthuzh269htdootorpn5d0jilthmdt6ijemxzp9] C:\DOCUME~1\Owner\LOCALS~1\Temp\iz22dn.exe
O4 - HKCU\..\Run: [jcivfsp3mmnj] C:\DOCUME~1\Owner\LOCALS~1\Temp\s1sqywvp65.exe
O4 - HKCU\..\Run: [zb2ghamaiptudpbw5vrd4fnqhet3y7j] C:\DOCUME~1\Owner\LOCALS~1\Temp\txg8fuke7i.exe
O4 - HKCU\..\Run: [hhbitzasfkmpqqkgom46h0fa8s4wpkn0] C:\DOCUME~1\Owner\LOCALS~1\Temp\z51vqpd.exe
O4 - HKCU\..\Run: [dofhjsvvffbh0b1ff3734tsyngjyzged8mdeiu88glk6] C:\DOCUME~1\Owner\LOCALS~1\Temp\rn8zfb.exe
O4 - HKCU\..\Run: [a6zpsz5hbmpq3hljr0xs6ae67bwz0b1cyw6zxvd5f] C:\DOCUME~1\Owner\LOCALS~1\Temp\h9ubr1m.exe
O4 - HKCU\..\Run: [hfv26hse0y91dgf3h3tr4j7xbk0]
-
February 23rd, 2009, 11:42 PM
#5
Part 2:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: C:\WINDOWS\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [*svchostBoot] "C:\Documents and Settings\Owner\Application Data\svchost.exe"
O4 - HKLM\..\Run: [Tcahabiheb] rundll32.exe "C:\WINDOWS\Hnigumi.dll",e
O4 - HKLM\..\Run: [Ykotukejubet] rundll32.exe "C:\WINDOWS\uqasivolupufaxaw.dll",e
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [mqzlw4gi0dnwdwhc] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5i4lqjcb2i3.exe
O4 - HKCU\..\Run: [vaukk260lsgxv8bv9pjsfqn] C:\DOCUME~1\Owner\LOCALS~1\Temp\kkhiqo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eztmngr9ba0b6u5s5wye0fqpztl4zi2cerhq] C:\DOCUME~1\Owner\LOCALS~1\Temp\ee0ripqm3hv63.exe
O4 - HKCU\..\Run: [p3exwxjnz00appbcs43noa23i76x5eqr5eyiq82i4xmhxjmecn] C:\DOCUME~1\Owner\LOCALS~1\Temp\lzfw1irb.exe
O4 - HKCU\..\Run: [w2nlngwitbrrr6pkwxnskyw05x3ip9xl468e8feyab] C:\DOCUME~1\Owner\LOCALS~1\Temp\ael5d4zbfvtyg.exe
O4 - HKCU\..\Run: [fdour8ib9rit06xeljajb79utmfxht90pv4pjuw2us] C:\DOCUME~1\Owner\LOCALS~1\Temp\ha22x2zow62vc.exe
O4 - HKCU\..\Run: [hc9meyx78lwqytw7f2t07ceknwz6b9e7ficd8yytvcfvr] C:\DOCUME~1\Owner\LOCALS~1\Temp\awvtukpyp.exe
O4 - HKCU\..\Run: [e8bhvrepzouu65] C:\DOCUME~1\Owner\LOCALS~1\Temp\wmxywlhyva.exe
O4 - HKCU\..\Run: [gfz1as5yd9zdwu4iyxof91569xjol] C:\DOCUME~1\Owner\LOCALS~1\Temp\h5xhjvjvo6i.exe
O4 - HKCU\..\Run: [n4xr1jhc4ivzvwhx5ig9ja9y8dbfay9] C:\DOCUME~1\Owner\LOCALS~1\Temp\p9fxu7uza.exe
O4 - HKCU\..\Run: [frhe6wu9l] C:\DOCUME~1\Owner\LOCALS~1\Temp\qjkvlovabx.exe
O4 - HKCU\..\Run: [oreyk6d5zhn51q1dyfto5mhphvqbv] C:\DOCUME~1\Owner\LOCALS~1\Temp\sjahjnbgmqcbz.exe
O4 - HKCU\..\Run: [h84t9r73y] C:\DOCUME~1\Owner\LOCALS~1\Temp\z66pgb1zweo.exe
O4 - HKCU\..\Run: [zjf5fxthfuzmjtjlf3q48upvk56faj] C:\DOCUME~1\Owner\LOCALS~1\Temp\ymyo6h.exe
O4 - HKCU\..\Run: [epp42tugwq7i2vay3mk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qk444ptnyu22j.exe
O4 - HKCU\..\Run: [j83buy4gbcv5wqux] C:\DOCUME~1\Owner\LOCALS~1\Temp\vafocv0os.exe
O4 - HKCU\..\Run: [z5rc4hoczk2qiluythpws55yef0ghdvhb8o] C:\DOCUME~1\Owner\LOCALS~1\Temp\j7708iuf.exe
O4 - HKCU\..\Run: [jry7r2mbwsz6vb61jjgwogkgcgeoch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\cwdeklv.exe
O4 - HKCU\..\Run: [eq79azetdoexsvuw6srooy4oqx] C:\DOCUME~1\Owner\LOCALS~1\Temp\p8iob1n.exe
O4 - HKCU\..\Run: [pbb0hcz5moz2k3fsdf0l2o] C:\DOCUME~1\Owner\LOCALS~1\Temp\xe4j3gqm.exe
O4 - HKCU\..\Run: [hp56w58a6nmh9hy] C:\DOCUME~1\Owner\LOCALS~1\Temp\b536q1.exe
O4 - HKCU\..\Run: [oae6ks10u12p9] C:\DOCUME~1\Owner\LOCALS~1\Temp\mueruqmeknclj.exe
O4 - HKCU\..\Run: [vjz7qevgul9slb15zn6z19c893pv7rw9947olje6h7] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5rcu6o.exe
O4 - HKCU\..\Run: [ehz7jw7iwwwbzja0e7anjr5c7si2cupyhzfsrryb] C:\DOCUME~1\Owner\LOCALS~1\Temp\zhs23zvck66z.exe
O4 - HKCU\..\Run: [gs4z9o2w7ektr253n15d04uiwzrlgotwmyev2hb] C:\DOCUME~1\Owner\LOCALS~1\Temp\csktea328i.exe
O4 - HKCU\..\Run: [txb5mkc6s4doosha1s0] C:\DOCUME~1\Owner\LOCALS~1\Temp\dklz8z72f5.exe
O4 - HKCU\..\Run: [jkwu7kjle4qk9zlntifch65ar6d3g9] C:\DOCUME~1\Owner\LOCALS~1\Temp\t63qun0ormqwu.exe
O4 - HKCU\..\Run: [e486kapx4] C:\DOCUME~1\Owner\LOCALS~1\Temp\acmadnjqz1f.exe
O4 - HKCU\..\Run: [kkzmxx9co9jkamr03d673cu2r5w] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtuhhp1n.exe
O4 - HKCU\..\Run: [pgxq6ffzgtfn8zjkt7z70dp6k01fp2mbrgx8vb8kwlzfmmvlz4] C:\DOCUME~1\Owner\LOCALS~1\Temp\cuuhr46.exe
O4 - HKCU\..\Run: [iiyezar9qcfg3t0] C:\DOCUME~1\Owner\LOCALS~1\Temp\rbbylu.exe
O4 - HKCU\..\Run: [qhofb5bpc1zvwaaexmv2eqx4xc] C:\DOCUME~1\Owner\LOCALS~1\Temp\sd7o4zp21r.exe
O4 - HKCU\..\Run: [bepumlo9qka3d7rqrcc8hqdjwujsahsrfqr] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3ykig0etk.exe
O4 - HKCU\..\Run: [cnejyb6ynafpeqjn4swmt] C:\DOCUME~1\Owner\LOCALS~1\Temp\tf6do12c5j.exe
O4 - HKCU\..\Run: [f038bd8biwd] C:\DOCUME~1\Owner\LOCALS~1\Temp\x3o23e.exe
O4 - HKCU\..\Run: [iyowwrssch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4l84a2qz3.exe
O4 - HKCU\..\Run: [njijfz0fg8fulo6vh4ck455hinto7dk1a1gvtlm] C:\DOCUME~1\Owner\LOCALS~1\Temp\g8m190.exe
O4 - HKCU\..\Run: [ptmiouyvp9y1g2kjzb25ufqsl2lldnafz4xy] C:\DOCUME~1\Owner\LOCALS~1\Temp\nikxkh5.exe
O4 - HKCU\..\Run: [ct06q89w89lii12] C:\DOCUME~1\Owner\LOCALS~1\Temp\xcba6ycc.exe
O4 - HKCU\..\Run: [dxz1150usto61f3oqrwdnspjl27rljuarob2yg] C:\DOCUME~1\Owner\LOCALS~1\Temp\ig48kbpkd0.exe
O4 - HKCU\..\Run: [r59has6jsv0zug8c] C:\DOCUME~1\Owner\LOCALS~1\Temp\arsss7.exe
O4 - HKCU\..\Run: [cqpzp546i1ohpgwgxxbccouilmxh7i123zdw4tx623jxrb7m4b] C:\DOCUME~1\Owner\LOCALS~1\Temp\d89a5p4q.exe
O4 - HKCU\..\Run: [yxgf3kpymc0b03vytxdci] C:\DOCUME~1\Owner\LOCALS~1\Temp\ixt4zhk05.exe
O4 - HKCU\..\Run: [bd6sy0mrn9pm] C:\DOCUME~1\Owner\LOCALS~1\Temp\tkq0dg.exe
O4 - HKCU\..\Run: [hkkuz9ifzq] C:\DOCUME~1\Owner\LOCALS~1\Temp\t0xr63isaoeg.exe
O4 - HKCU\..\Run: [ny774bw7j4fz9w90gp39b7a4vfffk9idk7mw6zixkdwuo41z4n] C:\DOCUME~1\Owner\LOCALS~1\Temp\cs0igxdc.exe
O4 - HKCU\..\Run: [edlim34jbt35iu4qfxsdehcdrhe] C:\DOCUME~1\Owner\LOCALS~1\Temp\wiuvt54aq.exe
O4 - HKCU\..\Run: [rcxcvw7x99sq] C:\DOCUME~1\Owner\LOCALS~1\Temp\frn6whd.exe
O4 - HKCU\..\Run: [sg3r3d6dnnkwjiae4w7crldcdor1ihm7t97cu9s6n7p] C:\DOCUME~1\Owner\LOCALS~1\Temp\qtnpjrfo.exe
O4 - HKCU\..\Run: [rj5cfmsm0p5iqh3mn8vq0n6j02dr518] C:\DOCUME~1\Owner\LOCALS~1\Temp\a9u9ylwi.exe
O4 - HKCU\..\Run: [abznzraa4mpozjv1] C:\DOCUME~1\Owner\LOCALS~1\Temp\p4o6v3cz.exe
O4 - HKCU\..\Run: [qjv35oi6xbv723fqkp9deidj8c9e0njitc4pwo24f] C:\DOCUME~1\Owner\LOCALS~1\Temp\b3p99u6.exe
O4 - HKCU\..\Run: [w5fvvk4wjv2or6a9seexehi6hlsa9frqzk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qaek4z.exe
O4 - HKCU\..\Run: [v87d0yr34m40zpka9n1py750lsnpmqhxnhnsvh] C:\DOCUME~1\Owner\LOCALS~1\Temp\aw4vs0yecyy1.exe
O4 - HKCU\..\Run: [wf2544at5otn8suocjcci0tshgztve] C:\DOCUME~1\Owner\LOCALS~1\Temp\q49adqgwaaty.exe
O4 - HKCU\..\Run: [cml4x676kjoo] C:\DOCUME~1\Owner\LOCALS~1\Temp\en9swi5.exe
O4 - HKCU\..\Run: [trjqf0e73pkf] C:\DOCUME~1\Owner\LOCALS~1\Temp\teiobka81n.exe
O4 - HKCU\..\Run: [lv6ioiawblw05v4b4b0goxxjs7do6n2sb3hssapn1ekv3dpqb] C:\DOCUME~1\Owner\LOCALS~1\Temp\lczn1svxlzy.exe
O4 - HKCU\..\Run: [vmm16n6gg0nq2ejc49nu71dh19cr0y] C:\DOCUME~1\Owner\LOCALS~1\Temp\gikolagbd.exe
O4 - HKCU\..\Run: [xdwyfqmmbmi] C:\DOCUME~1\Owner\LOCALS~1\Temp\gku3tda9v7.exe
O4 - HKCU\..\Run: [tmj8tjefio560] C:\DOCUME~1\Owner\LOCALS~1\Temp\xguqgchr.exe
O4 - HKCU\..\Run: [bwn08bnugmz6kxk9m7] C:\DOCUME~1\Owner\LOCALS~1\Temp\wd1vwt4.exe
O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Owner\Application Data\cogad\cogad.exe" 61A847B5BBF72813329D31466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [fj859nt9bm9hzfg2p7itn8hctqvm5xf3rfzruev] C:\DOCUME~1\Owner\LOCALS~1\Temp\i0osvfy76.exe
O4 - HKCU\..\Run: [idztkg3sylkowdax71vkie8gnt0diiqdwb96] C:\DOCUME~1\Owner\LOCALS~1\Temp\v8d7u0.exe
O4 - HKCU\..\Run: [acxupptdjewbgz7qdfxi9u8iik4p9jh0psazd90] C:\DOCUME~1\Owner\LOCALS~1\Temp\oep65c1.exe
O4 - HKCU\..\Run: [gzzffsvvf85a5ecka6rixyyi6hr0nrashdw] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryftwi4.exe
O4 - HKCU\..\Run: [p1qs8wozhuy809xv7ctjagu3py7je2mho9] C:\DOCUME~1\Owner\LOCALS~1\Temp\cc3cmtu2cbw.exe
O4 - HKCU\..\Run: [gfp7sfoxrr] C:\DOCUME~1\Owner\LOCALS~1\Temp\rfmdp0xn9.exe
O4 - HKCU\..\Run: [c5n002t21pjoxzk1x5qe5u8tq9fdggkhp4gkq7gsxm7] C:\DOCUME~1\Owner\LOCALS~1\Temp\u4vkauji.exe
O4 - HKCU\..\Run: [zew782pfozd1v3ryh883z9rrluci0h0joeopoyas08lc7zv] C:\DOCUME~1\Owner\LOCALS~1\Temp\fne3g4lbh.exe
O4 - HKCU\..\Run: [n69wasr5hrz7xn517fayhp6c5ggpb3j91jsfble55vsjcm] C:\DOCUME~1\Owner\LOCALS~1\Temp\wez9e9g.exe
O4 - HKCU\..\Run: [u64oc0bvi6dv1rlyo3fejtg0laznq9twlphfepph1baouki] C:\DOCUME~1\Owner\LOCALS~1\Temp\lruunw078.exe
O4 - HKCU\..\Run: [k6ybzzpu94upahtupx12c9g] C:\DOCUME~1\Owner\LOCALS~1\Temp\lwhnrlqt.exe
O4 - HKCU\..\Run: [ikxeoi1me4] C:\DOCUME~1\Owner\LOCALS~1\Temp\dn8ywjksyiz.exe
O4 - HKCU\..\Run: [t7vyfzaewm9fdw4f5w3u6z5ipv1hxre8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\n153kaqoj6.exe
O4 - HKCU\..\Run: [gt0x8l10iwmse6ie7um7fiy4rjgcuwl] C:\DOCUME~1\Owner\LOCALS~1\Temp\hymjzwl14oc1.exe
O4 - HKCU\..\Run: [q9wos6cd1xu51q8rcxo0qty2809ue5hiv] C:\DOCUME~1\Owner\LOCALS~1\Temp\gt05hd643u.exe
O4 - HKCU\..\Run: [gido7tdsmmeiqtgevi9itxleron75l6] C:\DOCUME~1\Owner\LOCALS~1\Temp\u5v8t3p.exe
O4 - HKCU\..\Run: [my2g2w4o9r8u7m2oksy1binz4rdpj5] C:\DOCUME~1\Owner\LOCALS~1\Temp\xplvoz6.exe
O4 - HKCU\..\Run: [j7751seccyxv7du7o94mngsj8wav] C:\DOCUME~1\Owner\LOCALS~1\Temp\yzqtfgqn.exe
O4 - HKCU\..\Run: [ar2pmy3ougefig95czc8yqmg1u3h8f] C:\DOCUME~1\Owner\LOCALS~1\Temp\begw1vjqr.exe
O4 - HKCU\..\Run: [f9pytm4pmbhaio8iayao5vcxk6tuii89soyujjp0xa4oj] C:\DOCUME~1\Owner\LOCALS~1\Temp\aed29c.exe
O4 - HKCU\..\Run: [pno89zwtxohg] C:\DOCUME~1\Owner\LOCALS~1\Temp\iuu1dp6dx.exe
O4 - HKCU\..\Run: [x39brjs8fna2kuz] C:\DOCUME~1\Owner\LOCALS~1\Temp\wbk45ekqmje.exe
O4 - HKCU\..\Run: [bdbpjpj25gapcmkkis805qyqxwm3i4w7dgvoka0pv6k7q7gqw] C:\DOCUME~1\Owner\LOCALS~1\Temp\jnswb7xd.exe
O4 - HKCU\..\Run: [pw5vpf0oxa8el] C:\DOCUME~1\Owner\LOCALS~1\Temp\tfnhqhfv.exe
O4 - HKCU\..\Run: [ac74e653a1] C:\DOCUME~1\Owner\LOCALS~1\Temp\o2w55k.exe
O4 - HKCU\..\Run: [vkmtlmvhdbudwin91p5xpccirla6dynnb] C:\DOCUME~1\Owner\LOCALS~1\Temp\qc4xo3a8zl.exe
O4 - HKCU\..\Run: [ej35eim0d9motvuorji4nd] C:\DOCUME~1\Owner\LOCALS~1\Temp\xg6inegnndm96.exe
O4 - HKCU\..\Run: [zm28d7bbdpn02bh2qtztd45efqsuxijm92pj1n0h2e964i2a] C:\DOCUME~1\Owner\LOCALS~1\Temp\ucuv2ua3.exe
O4 - HKCU\..\Run: [z3dbsfhunn66rs] C:\DOCUME~1\Owner\LOCALS~1\Temp\pjh1tm4.exe
O4 - HKCU\..\Run: [cfcpwejtyvlir] C:\DOCUME~1\Owner\LOCALS~1\Temp\s3qooil.exe
O4 - HKCU\..\Run: [fp8umyfol5xd1pqks6ha91i87gswcdx046lnhm] C:\DOCUME~1\Owner\LOCALS~1\Temp\zel9rv3h.exe
O4 - HKCU\..\Run: [o3zvxm8i2k2u604hv6h48dpu5gn3fxrb24auro8q2katm5] C:\DOCUME~1\Owner\LOCALS~1\Temp\o0eq13drb9su.exe
O4 - HKCU\..\Run: [xuufkr1whzen0n1xj3qd65qlnn4lztba33zt1s4g] C:\DOCUME~1\Owner\LOCALS~1\Temp\j6gu6olz.exe
O4 - HKCU\..\Run: [ohxtkbc016m0tqm0mgkvreran4rtigun4seb3i7txcmw] C:\DOCUME~1\Owner\LOCALS~1\Temp\yodio9tfw.exe
O4 - HKCU\..\Run: [yqwqkvogp4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jqw1f99zk4.exe
O4 - HKCU\..\Run: [fizu0k6l8s0gat42z030npgr08s8t5vdlae] C:\DOCUME~1\Owner\LOCALS~1\Temp\m0rl0z.exe
O4 - HKCU\..\Run: [c0h6qhwxfvix7or2fd0hradugmr4z5p2g55kwnjkn] C:\DOCUME~1\Owner\LOCALS~1\Temp\ay5r26jw7s.exe
O4 - HKCU\..\Run: [v0v2u14yd2vn] C:\DOCUME~1\Owner\LOCALS~1\Temp\h27t1hpbgakg7.exe
O4 - HKCU\..\Run: [q4z8ps4crvd5uhqbe2pb1er7hysaovudc2qtm6n49a2rlo] C:\DOCUME~1\Owner\LOCALS~1\Temp\dievxjhut4.exe
O4 - HKCU\..\Run: [i6pac2b1hmax3c1ik4hahm1nppqeq96xgyfgj53kouefc9wep] C:\DOCUME~1\Owner\LOCALS~1\Temp\kwz3vsgklmt.exe
O4 - HKCU\..\Run: [e2xr3glmmz9529575iivn5ab1u7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\ln41ms0cmgop.exe
O4 - HKCU\..\Run: [a5ppuh1zu0uznj3sjy4dndmf28] C:\DOCUME~1\Owner\LOCALS~1\Temp\c9do4f0mua6u0.exe
O4 - HKCU\..\Run: [efrpoe8zs9nj969nnlaql0jibhp81z5gud9sls] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpx4m6cfahgbv.exe
O4 - HKCU\..\Run: [ubbbzpbj2nqthuzh269htdootorpn5d0jilthmdt6ijemxzp9] C:\DOCUME~1\Owner\LOCALS~1\Temp\iz22dn.exe
O4 - HKCU\..\Run: [jcivfsp3mmnj] C:\DOCUME~1\Owner\LOCALS~1\Temp\s1sqywvp65.exe
O4 - HKCU\..\Run: [zb2ghamaiptudpbw5vrd4fnqhet3y7j] C:\DOCUME~1\Owner\LOCALS~1\Temp\txg8fuke7i.exe
O4 - HKCU\..\Run: [hhbitzasfkmpqqkgom46h0fa8s4wpkn0] C:\DOCUME~1\Owner\LOCALS~1\Temp\z51vqpd.exe
O4 - HKCU\..\Run: [dofhjsvvffbh0b1ff3734tsyngjyzged8mdeiu88glk6] C:\DOCUME~1\Owner\LOCALS~1\Temp\rn8zfb.exe
O4 - HKCU\..\Run: [a6zpsz5hbmpq3hljr0xs6ae67bwz0b1cyw6zxvd5f] C:\DOCUME~1\Owner\LOCALS~1\Temp\h9ubr1m.exe
O4 - HKCU\..\Run: [hfv26hse0y91dgf3h3tr4j7xbk0]
-
February 23rd, 2009, 11:44 PM
#6
Part 3:
C:\DOCUME~1\Owner\LOCALS~1\Temp\o81wawg02if4l.exe
O4 - HKCU\..\Run: [zo5tv0j5iw73gmus4bgwksoce0wu8s1p8xt9hurbvoi9tdyr] C:\DOCUME~1\Owner\LOCALS~1\Temp\sxdxnst.exe
O4 - HKCU\..\Run: [y2jkfw24p62rns7e3qmi54yvaonun70vas77rl9qi] C:\DOCUME~1\Owner\LOCALS~1\Temp\c1fz53zty6.exe
O4 - HKCU\..\Run: [s3byyptq1mkqer5345t9zawlyeggz24mj] C:\DOCUME~1\Owner\LOCALS~1\Temp\odkgjulx2i2y.exe
O4 - HKCU\..\Run: [ri2w4s477jtsqvlo8y] C:\DOCUME~1\Owner\LOCALS~1\Temp\ko8y6y82fc.exe
O4 - HKCU\..\Run: [ts06ll5yxs97p482he49q8uaj2dci] C:\DOCUME~1\Owner\LOCALS~1\Temp\rwy6nkz5.exe
O4 - HKCU\..\Run: [yvez4yuaw4993fmf] C:\DOCUME~1\Owner\LOCALS~1\Temp\tvi7vpj2.exe
O4 - HKCU\..\Run: [vvztg88k886cp6zr2vho3cpg12] C:\DOCUME~1\Owner\LOCALS~1\Temp\sg15yvf3yk.exe
O4 - HKCU\..\Run: [l8widd8ow1w3x3mhdw2xf5vj4zoj44n56wcw20g19t5hxs] C:\DOCUME~1\Owner\LOCALS~1\Temp\aupoon.exe
O4 - HKCU\..\Run: [urqb6xpc75u0fqvgac7ntg238wwda87bivkaj] C:\DOCUME~1\Owner\LOCALS~1\Temp\sqw8ns.exe
O4 - HKCU\..\Run: [up2nmv37q4jr] C:\DOCUME~1\Owner\LOCALS~1\Temp\hj1p12io.exe
O4 - HKCU\..\Run: [go82hy46uk95i5r7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\wawqk8xclqf.exe
O4 - HKCU\..\Run: [i9jhe68max] C:\DOCUME~1\Owner\LOCALS~1\Temp\px88ru8e5emz.exe
O4 - HKCU\..\Run: [bhl7tqtjzzw3fhfzzce43hj0mwo1mgt4i] C:\DOCUME~1\Owner\LOCALS~1\Temp\rgyupt9.exe
O4 - HKCU\..\Run: [qjz939qhg26t2] C:\DOCUME~1\Owner\LOCALS~1\Temp\goavpz386e.exe
O4 - HKCU\..\Run: [ino7oolzf64ub8chxc3c2edf69fsonm3bo6x28z3wkyacmfim] C:\DOCUME~1\Owner\LOCALS~1\Temp\alrbnlflrfsk.exe
O4 - HKCU\..\Run: [g67n57z2bjfohfil] C:\DOCUME~1\Owner\LOCALS~1\Temp\nd5w2vg3tkx6.exe
O4 - HKCU\..\Run: [p8nmgftspsz6c4ldytdeyh9hir] C:\DOCUME~1\Owner\LOCALS~1\Temp\c4hxl1v.exe
O4 - HKCU\..\Run: [g1ju5r45c5c40cco0qqyhyimems26d3] C:\DOCUME~1\Owner\LOCALS~1\Temp\hkhwpxsx7r.exe
O4 - HKCU\..\Run: [loopig1v7kq1ofjrrv4imqt21sozn3333p0h67q15pujja4] C:\DOCUME~1\Owner\LOCALS~1\Temp\kiogbclht3k.exe
O4 - HKCU\..\Run: [huhmu0w3jd5k] C:\DOCUME~1\Owner\LOCALS~1\Temp\y1ozymnawl3r.exe
O4 - HKCU\..\Run: [y32d8ezru4hmxa45k7of2j4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jd22ac63b.exe
O4 - HKCU\..\Run: [krzbmyl4mvzwjv3cohy3qyttumqnfjryrx4tvpa1o] C:\DOCUME~1\Owner\LOCALS~1\Temp\yg2mdj9.exe
O4 - HKCU\..\Run: [hn9h5m2mb1yb4rj] C:\DOCUME~1\Owner\LOCALS~1\Temp\rmelk5kq.exe
O4 - HKCU\..\Run: [pe2z1kt8ttube1g2istadc4xotonhqf1gp] C:\DOCUME~1\Owner\LOCALS~1\Temp\j3b0rvje.exe
O4 - HKCU\..\Run: [djllfosnwl9txqjx] C:\DOCUME~1\Owner\LOCALS~1\Temp\ffs70l089scjc.exe
O4 - HKCU\..\Run: [q3ypqxn3x3erj9bzhx72fnn3yj7e5b1cxxc4sry] C:\DOCUME~1\Owner\LOCALS~1\Temp\b0bq8wq.exe
O4 - HKCU\..\Run: [fb17gzfkxchbmvgmel4x9umfie86vkwao5rla032h2] C:\DOCUME~1\Owner\LOCALS~1\Temp\jzspcsnsi3.exe
O4 - HKCU\..\Run: [benlq4emlzrkwbag2gypjb93az62] C:\DOCUME~1\Owner\LOCALS~1\Temp\xgislhi5qxvu.exe
O4 - HKCU\..\Run: [rzy4oeejvkoie9id] C:\DOCUME~1\Owner\LOCALS~1\Temp\qyzav4h4.exe
O4 - HKCU\..\Run: [ag0eqxlwrzlinp8vqshnacu8rqmj4] C:\DOCUME~1\Owner\LOCALS~1\Temp\efpdntch69.exe
O4 - HKCU\..\Run: [ycfwz37egeejoxqclbjfs8oa1mf20ta6vt9klmdh5] C:\DOCUME~1\Owner\LOCALS~1\Temp\q8ykfbjaqxm1.exe
O4 - HKCU\..\Run: [azfkxi9xyb7vfham8r9dqsdm3z55j] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpkgt9.exe
O4 - HKCU\..\Run: [fyc86gdd3zji9y56xqsmv9rnn3oeeqiwdk7twr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ti8eq0y2.exe
O4 - HKCU\..\Run: [xz1noqb87ex4wgqank0f350mrbyc] C:\DOCUME~1\Owner\LOCALS~1\Temp\x7kfkwbxqx.exe
O4 - HKCU\..\Run: [uji7okdhgq3b7hb3sdly1hgte] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3c6xsndp3.exe
O4 - HKCU\..\Run: [bpynr9d58pe0dtoisp3kdl24d9jgegm8497hoox3chts] C:\DOCUME~1\Owner\LOCALS~1\Temp\amrzpb40c90.exe
O4 - HKCU\..\Run: [hoi1bq267858ytr4uxc272zofx2p585] C:\DOCUME~1\Owner\LOCALS~1\Temp\z7a1iv8m19j3q.exe
O4 - HKCU\..\Run: [slxq1lrbm1hdsbwvy4kwu6cw96boep362xfh] C:\DOCUME~1\Owner\LOCALS~1\Temp\sdmjp0.exe
O4 - HKCU\..\Run: [ngwdkgv2v9kkb4g8p] C:\DOCUME~1\Owner\LOCALS~1\Temp\o3o5ris.exe
O4 - HKCU\..\Run: [p6k3brt5f8xl9m0] C:\DOCUME~1\Owner\LOCALS~1\Temp\ofc5bjglya.exe
O4 - HKCU\..\Run: [inthnot9y0is] C:\DOCUME~1\Owner\LOCALS~1\Temp\k0v7nk374acm.exe
O4 - HKCU\..\Run: [raav0srr92iahofcf08fzygc3dxi6j1d7dp64f9bow] C:\DOCUME~1\Owner\LOCALS~1\Temp\glv9g4.exe
O4 - HKCU\..\Run: [a9fioaoleelpeorp1kg] C:\DOCUME~1\Owner\LOCALS~1\Temp\sejqdvtx.exe
O4 - HKCU\..\Run: [vddz10cf53t1rh5ss1qqs] C:\DOCUME~1\Owner\LOCALS~1\Temp\lkvpk04zh.exe
O4 - HKCU\..\Run: [daj5pc6t6jvh3qulc8u74] C:\DOCUME~1\Owner\LOCALS~1\Temp\rz2s6fxj3m.exe
O4 - HKCU\..\Run: [nu0a0g4q56lgwxlk5u4fbi4h0fcyqaxc98lbnc45d3yo] C:\DOCUME~1\Owner\LOCALS~1\Temp\jv9tmkoamg.exe
O4 - HKCU\..\Run: [ynb3ohteij31cfpqfivntr0db5k6iu1f] C:\DOCUME~1\Owner\LOCALS~1\Temp\y4slhy.exe
O4 - HKCU\..\Run: [kcf14y15dlnwuiqvynheyami3e01uh02lpf103v8] C:\DOCUME~1\Owner\LOCALS~1\Temp\p6c22w0200hr.exe
O4 - HKCU\..\Run: [elc4r21quk8d3rxpby8umye4p0jgq5yzf2rkxt6enio21zo8dx] C:\DOCUME~1\Owner\LOCALS~1\Temp\iocktjz1.exe
O4 - HKCU\..\Run: [m6dsdj32imx1l8bujf964k7cedw82vkzuui8kb] C:\DOCUME~1\Owner\LOCALS~1\Temp\slqpytm.exe
O4 - HKCU\..\Run: [owjsq9b50w207yyfwx2u1cs5uqqwb0zo] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4984koq.exe
O4 - HKCU\..\Run: [yaoef3sevm0wztwjztheyps] C:\DOCUME~1\Owner\LOCALS~1\Temp\o69rauq2i.exe
O4 - HKCU\..\Run: [h4ry7yrvn3m53ttv0wqlqptfg76kzmh2k] C:\DOCUME~1\Owner\LOCALS~1\Temp\oixruvegp0tg.exe
O4 - HKCU\..\Run: [is22mvqiw2j24atfm] C:\DOCUME~1\Owner\LOCALS~1\Temp\ge4sa05q8umq.exe
O4 - HKCU\..\Run: [ddl1jj52jdy27foq7xv0agz2frrwtqawwyfciipqaoi329] C:\DOCUME~1\Owner\LOCALS~1\Temp\hastayuf9748.exe
O4 - HKCU\..\Run: [ddoxi6h102h5kkg5jbrrahdeo8q69sn6serprsfvq1yotw95] C:\DOCUME~1\Owner\LOCALS~1\Temp\scbcx8f8cpnz8.exe
O4 - HKCU\..\Run: [bosvf54rzzearfrc3woznnhyd36axe0s6fuxfsr5d50dovk] C:\DOCUME~1\Owner\LOCALS~1\Temp\k8zdwd6zv0zs9.exe
O4 - HKCU\..\Run: [czwtcnr0ydufhtj2n04qhalijfmxlhde1zx53s3f096bxl] C:\DOCUME~1\Owner\LOCALS~1\Temp\c46xc1xqeuslt.exe
O4 - HKCU\..\Run: [nu9b8dzgnffhz608pfmpd7i1k0hzsli5jof6iftrztsz6ysza] C:\DOCUME~1\Owner\LOCALS~1\Temp\zbixzk9kb13.exe
O4 - HKCU\..\Run: [fo4uxg55zy] C:\DOCUME~1\Owner\LOCALS~1\Temp\cqphlz24xuff.exe
O4 - HKCU\..\Run: [g7cl3ksj5zy454jjmx] C:\DOCUME~1\Owner\LOCALS~1\Temp\zldh50q.exe
O4 - HKCU\..\Run: [qamacj5cqvkzettu6gd] C:\DOCUME~1\Owner\LOCALS~1\Temp\j8w24uwgdp.exe
O4 - HKCU\..\Run: [z7vlnyl7smhw2bal5e6e8t51c6l2vc0n9i4zn84zs] C:\DOCUME~1\Owner\LOCALS~1\Temp\urflapon7s3.exe
O4 - HKCU\..\Run: [dbtdcdhrgck] C:\DOCUME~1\Owner\LOCALS~1\Temp\ygr3n0u43d4ag.exe
O4 - HKCU\..\Run: [mjbz72u1g7dg5zr6] C:\DOCUME~1\Owner\LOCALS~1\Temp\f5340w7.exe
O4 - HKCU\..\Run: [bvxzdxi3hk6hmmu1i0t7i96cqxz3ak41xbz5] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryrlena3u.exe
O4 - HKCU\..\Run: [da4lrpy5ozdjbh0pimkzdidhpuw4ngeelke] C:\DOCUME~1\Owner\LOCALS~1\Temp\e0hqzwsl8p3ok.exe
O4 - HKCU\..\Run: [a91ywwtuwf6cfz18v5y8qyaqi8rmj482sif6] C:\DOCUME~1\Owner\LOCALS~1\Temp\uihp9jr1z.exe
O4 - HKCU\..\Run: [tr8yvjuct4jvsmta2jlkgz2czscm5b] C:\DOCUME~1\Owner\LOCALS~1\Temp\i99f0nfp7.exe
O4 - HKCU\..\Run: [p3odhdsv6slgcsm0k0bibdlg421wg] C:\DOCUME~1\Owner\LOCALS~1\Temp\bwlx7sqrrp.exe
O4 - HKCU\..\Run: [ip1k3ad3i6knox] C:\DOCUME~1\Owner\LOCALS~1\Temp\zmd5o9.exe
O4 - HKCU\..\Run: [hgvhnvrwtuqmaljyn8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\hlu4s5t3w.exe
O4 - HKCU\..\Run: [db277de06wu51aj0o19vq] C:\DOCUME~1\Owner\LOCALS~1\Temp\nawrk0.exe
O4 - HKCU\..\Run: [e1yi1jypbbt5r] C:\DOCUME~1\Owner\LOCALS~1\Temp\s9w7odjtz.exe
O4 - HKCU\..\Run: [qr76txq5jr1onlutr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ka3bdzfy.exe
O4 - HKCU\..\Run: [m3h7alk9ho0bwkr9w0] C:\DOCUME~1\Owner\LOCALS~1\Temp\c6acc46p.exe
O4 - HKCU\..\Run: [dy2h3isxq23mr] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtmuj9hrl.exe
O4 - HKCU\..\Run: [pjdp3t7po4s2odhth] C:\DOCUME~1\Owner\LOCALS~1\Temp\gvmd6jjksm.exe
O4 - HKCU\..\Run: [rvapfrr5ru2sk118les0rjnndx18kpqj57] C:\DOCUME~1\Owner\LOCALS~1\Temp\ziycw5umrkh.exe
O4 - HKCU\..\Run: [of2l9ryldmfb4oq3g9t9yfesrusb4gto9uowhf] C:\DOCUME~1\Owner\LOCALS~1\Temp\g7ad9k7heqoc3.exe
O4 - HKCU\..\Run: [su59f82jhy5ctp8puo36phywuh2] C:\DOCUME~1\Owner\LOCALS~1\Temp\y80yy6mmxknz.exe
O4 - HKCU\..\Run: [m80rl22powjn57nurju] C:\DOCUME~1\Owner\LOCALS~1\Temp\bn71klf6jwzj8.exe
O4 - HKCU\..\Run: [m2p83cq68a20] C:\DOCUME~1\Owner\LOCALS~1\Temp\fcjjxhs.exe
O4 - HKCU\..\Run: [yqah7gedk9kvo] C:\DOCUME~1\Owner\LOCALS~1\Temp\ex2lq1w6c.exe
O4 - HKCU\..\Run: [hjh0lwq3p9pw0e0zqwkmcderf2zaqwk77t1gy9vktbgav4w4mb] C:\DOCUME~1\Owner\LOCALS~1\Temp\bxla27waab.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25B1D89-4DD8-464A-8CE0-ECDCBFD07200}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 27749 bytes
-
February 23rd, 2009, 11:45 PM
#7
Did you look for TDSS as requested?
Why does your hijackthis have spaces in between each entry?
MBA-M can be run in safe mode.
Your pc looks like it has been completely taken over. Do not be surprised if we cannot clean it up and you end up reformatting.
==
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
==
Please re-run hijackthis again, select Do a system scan and save a logfile. When notepad opens, go to the Format Tab and de-select Word Wrap.
Highlight the entire text and post the log back here.
-
February 23rd, 2009, 11:45 PM
#8
Part 3:
C:\DOCUME~1\Owner\LOCALS~1\Temp\o81wawg02if4l.exe
O4 - HKCU\..\Run: [zo5tv0j5iw73gmus4bgwksoce0wu8s1p8xt9hurbvoi9tdyr] C:\DOCUME~1\Owner\LOCALS~1\Temp\sxdxnst.exe
O4 - HKCU\..\Run: [y2jkfw24p62rns7e3qmi54yvaonun70vas77rl9qi] C:\DOCUME~1\Owner\LOCALS~1\Temp\c1fz53zty6.exe
O4 - HKCU\..\Run: [s3byyptq1mkqer5345t9zawlyeggz24mj] C:\DOCUME~1\Owner\LOCALS~1\Temp\odkgjulx2i2y.exe
O4 - HKCU\..\Run: [ri2w4s477jtsqvlo8y] C:\DOCUME~1\Owner\LOCALS~1\Temp\ko8y6y82fc.exe
O4 - HKCU\..\Run: [ts06ll5yxs97p482he49q8uaj2dci] C:\DOCUME~1\Owner\LOCALS~1\Temp\rwy6nkz5.exe
O4 - HKCU\..\Run: [yvez4yuaw4993fmf] C:\DOCUME~1\Owner\LOCALS~1\Temp\tvi7vpj2.exe
O4 - HKCU\..\Run: [vvztg88k886cp6zr2vho3cpg12] C:\DOCUME~1\Owner\LOCALS~1\Temp\sg15yvf3yk.exe
O4 - HKCU\..\Run: [l8widd8ow1w3x3mhdw2xf5vj4zoj44n56wcw20g19t5hxs] C:\DOCUME~1\Owner\LOCALS~1\Temp\aupoon.exe
O4 - HKCU\..\Run: [urqb6xpc75u0fqvgac7ntg238wwda87bivkaj] C:\DOCUME~1\Owner\LOCALS~1\Temp\sqw8ns.exe
O4 - HKCU\..\Run: [up2nmv37q4jr] C:\DOCUME~1\Owner\LOCALS~1\Temp\hj1p12io.exe
O4 - HKCU\..\Run: [go82hy46uk95i5r7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\wawqk8xclqf.exe
O4 - HKCU\..\Run: [i9jhe68max] C:\DOCUME~1\Owner\LOCALS~1\Temp\px88ru8e5emz.exe
O4 - HKCU\..\Run: [bhl7tqtjzzw3fhfzzce43hj0mwo1mgt4i] C:\DOCUME~1\Owner\LOCALS~1\Temp\rgyupt9.exe
O4 - HKCU\..\Run: [qjz939qhg26t2] C:\DOCUME~1\Owner\LOCALS~1\Temp\goavpz386e.exe
O4 - HKCU\..\Run: [ino7oolzf64ub8chxc3c2edf69fsonm3bo6x28z3wkyacmfim] C:\DOCUME~1\Owner\LOCALS~1\Temp\alrbnlflrfsk.exe
O4 - HKCU\..\Run: [g67n57z2bjfohfil] C:\DOCUME~1\Owner\LOCALS~1\Temp\nd5w2vg3tkx6.exe
O4 - HKCU\..\Run: [p8nmgftspsz6c4ldytdeyh9hir] C:\DOCUME~1\Owner\LOCALS~1\Temp\c4hxl1v.exe
O4 - HKCU\..\Run: [g1ju5r45c5c40cco0qqyhyimems26d3] C:\DOCUME~1\Owner\LOCALS~1\Temp\hkhwpxsx7r.exe
O4 - HKCU\..\Run: [loopig1v7kq1ofjrrv4imqt21sozn3333p0h67q15pujja4] C:\DOCUME~1\Owner\LOCALS~1\Temp\kiogbclht3k.exe
O4 - HKCU\..\Run: [huhmu0w3jd5k] C:\DOCUME~1\Owner\LOCALS~1\Temp\y1ozymnawl3r.exe
O4 - HKCU\..\Run: [y32d8ezru4hmxa45k7of2j4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jd22ac63b.exe
O4 - HKCU\..\Run: [krzbmyl4mvzwjv3cohy3qyttumqnfjryrx4tvpa1o] C:\DOCUME~1\Owner\LOCALS~1\Temp\yg2mdj9.exe
O4 - HKCU\..\Run: [hn9h5m2mb1yb4rj] C:\DOCUME~1\Owner\LOCALS~1\Temp\rmelk5kq.exe
O4 - HKCU\..\Run: [pe2z1kt8ttube1g2istadc4xotonhqf1gp] C:\DOCUME~1\Owner\LOCALS~1\Temp\j3b0rvje.exe
O4 - HKCU\..\Run: [djllfosnwl9txqjx] C:\DOCUME~1\Owner\LOCALS~1\Temp\ffs70l089scjc.exe
O4 - HKCU\..\Run: [q3ypqxn3x3erj9bzhx72fnn3yj7e5b1cxxc4sry] C:\DOCUME~1\Owner\LOCALS~1\Temp\b0bq8wq.exe
O4 - HKCU\..\Run: [fb17gzfkxchbmvgmel4x9umfie86vkwao5rla032h2] C:\DOCUME~1\Owner\LOCALS~1\Temp\jzspcsnsi3.exe
O4 - HKCU\..\Run: [benlq4emlzrkwbag2gypjb93az62] C:\DOCUME~1\Owner\LOCALS~1\Temp\xgislhi5qxvu.exe
O4 - HKCU\..\Run: [rzy4oeejvkoie9id] C:\DOCUME~1\Owner\LOCALS~1\Temp\qyzav4h4.exe
O4 - HKCU\..\Run: [ag0eqxlwrzlinp8vqshnacu8rqmj4] C:\DOCUME~1\Owner\LOCALS~1\Temp\efpdntch69.exe
O4 - HKCU\..\Run: [ycfwz37egeejoxqclbjfs8oa1mf20ta6vt9klmdh5] C:\DOCUME~1\Owner\LOCALS~1\Temp\q8ykfbjaqxm1.exe
O4 - HKCU\..\Run: [azfkxi9xyb7vfham8r9dqsdm3z55j] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpkgt9.exe
O4 - HKCU\..\Run: [fyc86gdd3zji9y56xqsmv9rnn3oeeqiwdk7twr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ti8eq0y2.exe
O4 - HKCU\..\Run: [xz1noqb87ex4wgqank0f350mrbyc] C:\DOCUME~1\Owner\LOCALS~1\Temp\x7kfkwbxqx.exe
O4 - HKCU\..\Run: [uji7okdhgq3b7hb3sdly1hgte] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3c6xsndp3.exe
O4 - HKCU\..\Run: [bpynr9d58pe0dtoisp3kdl24d9jgegm8497hoox3chts] C:\DOCUME~1\Owner\LOCALS~1\Temp\amrzpb40c90.exe
O4 - HKCU\..\Run: [hoi1bq267858ytr4uxc272zofx2p585] C:\DOCUME~1\Owner\LOCALS~1\Temp\z7a1iv8m19j3q.exe
O4 - HKCU\..\Run: [slxq1lrbm1hdsbwvy4kwu6cw96boep362xfh] C:\DOCUME~1\Owner\LOCALS~1\Temp\sdmjp0.exe
O4 - HKCU\..\Run: [ngwdkgv2v9kkb4g8p] C:\DOCUME~1\Owner\LOCALS~1\Temp\o3o5ris.exe
O4 - HKCU\..\Run: [p6k3brt5f8xl9m0] C:\DOCUME~1\Owner\LOCALS~1\Temp\ofc5bjglya.exe
O4 - HKCU\..\Run: [inthnot9y0is] C:\DOCUME~1\Owner\LOCALS~1\Temp\k0v7nk374acm.exe
O4 - HKCU\..\Run: [raav0srr92iahofcf08fzygc3dxi6j1d7dp64f9bow] C:\DOCUME~1\Owner\LOCALS~1\Temp\glv9g4.exe
O4 - HKCU\..\Run: [a9fioaoleelpeorp1kg] C:\DOCUME~1\Owner\LOCALS~1\Temp\sejqdvtx.exe
O4 - HKCU\..\Run: [vddz10cf53t1rh5ss1qqs] C:\DOCUME~1\Owner\LOCALS~1\Temp\lkvpk04zh.exe
O4 - HKCU\..\Run: [daj5pc6t6jvh3qulc8u74] C:\DOCUME~1\Owner\LOCALS~1\Temp\rz2s6fxj3m.exe
O4 - HKCU\..\Run: [nu0a0g4q56lgwxlk5u4fbi4h0fcyqaxc98lbnc45d3yo] C:\DOCUME~1\Owner\LOCALS~1\Temp\jv9tmkoamg.exe
O4 - HKCU\..\Run: [ynb3ohteij31cfpqfivntr0db5k6iu1f] C:\DOCUME~1\Owner\LOCALS~1\Temp\y4slhy.exe
O4 - HKCU\..\Run: [kcf14y15dlnwuiqvynheyami3e01uh02lpf103v8] C:\DOCUME~1\Owner\LOCALS~1\Temp\p6c22w0200hr.exe
O4 - HKCU\..\Run: [elc4r21quk8d3rxpby8umye4p0jgq5yzf2rkxt6enio21zo8dx] C:\DOCUME~1\Owner\LOCALS~1\Temp\iocktjz1.exe
O4 - HKCU\..\Run: [m6dsdj32imx1l8bujf964k7cedw82vkzuui8kb] C:\DOCUME~1\Owner\LOCALS~1\Temp\slqpytm.exe
O4 - HKCU\..\Run: [owjsq9b50w207yyfwx2u1cs5uqqwb0zo] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4984koq.exe
O4 - HKCU\..\Run: [yaoef3sevm0wztwjztheyps] C:\DOCUME~1\Owner\LOCALS~1\Temp\o69rauq2i.exe
O4 - HKCU\..\Run: [h4ry7yrvn3m53ttv0wqlqptfg76kzmh2k] C:\DOCUME~1\Owner\LOCALS~1\Temp\oixruvegp0tg.exe
O4 - HKCU\..\Run: [is22mvqiw2j24atfm] C:\DOCUME~1\Owner\LOCALS~1\Temp\ge4sa05q8umq.exe
O4 - HKCU\..\Run: [ddl1jj52jdy27foq7xv0agz2frrwtqawwyfciipqaoi329] C:\DOCUME~1\Owner\LOCALS~1\Temp\hastayuf9748.exe
O4 - HKCU\..\Run: [ddoxi6h102h5kkg5jbrrahdeo8q69sn6serprsfvq1yotw95] C:\DOCUME~1\Owner\LOCALS~1\Temp\scbcx8f8cpnz8.exe
O4 - HKCU\..\Run: [bosvf54rzzearfrc3woznnhyd36axe0s6fuxfsr5d50dovk] C:\DOCUME~1\Owner\LOCALS~1\Temp\k8zdwd6zv0zs9.exe
O4 - HKCU\..\Run: [czwtcnr0ydufhtj2n04qhalijfmxlhde1zx53s3f096bxl] C:\DOCUME~1\Owner\LOCALS~1\Temp\c46xc1xqeuslt.exe
O4 - HKCU\..\Run: [nu9b8dzgnffhz608pfmpd7i1k0hzsli5jof6iftrztsz6ysza] C:\DOCUME~1\Owner\LOCALS~1\Temp\zbixzk9kb13.exe
O4 - HKCU\..\Run: [fo4uxg55zy] C:\DOCUME~1\Owner\LOCALS~1\Temp\cqphlz24xuff.exe
O4 - HKCU\..\Run: [g7cl3ksj5zy454jjmx] C:\DOCUME~1\Owner\LOCALS~1\Temp\zldh50q.exe
O4 - HKCU\..\Run: [qamacj5cqvkzettu6gd] C:\DOCUME~1\Owner\LOCALS~1\Temp\j8w24uwgdp.exe
O4 - HKCU\..\Run: [z7vlnyl7smhw2bal5e6e8t51c6l2vc0n9i4zn84zs] C:\DOCUME~1\Owner\LOCALS~1\Temp\urflapon7s3.exe
O4 - HKCU\..\Run: [dbtdcdhrgck] C:\DOCUME~1\Owner\LOCALS~1\Temp\ygr3n0u43d4ag.exe
O4 - HKCU\..\Run: [mjbz72u1g7dg5zr6] C:\DOCUME~1\Owner\LOCALS~1\Temp\f5340w7.exe
O4 - HKCU\..\Run: [bvxzdxi3hk6hmmu1i0t7i96cqxz3ak41xbz5] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryrlena3u.exe
O4 - HKCU\..\Run: [da4lrpy5ozdjbh0pimkzdidhpuw4ngeelke] C:\DOCUME~1\Owner\LOCALS~1\Temp\e0hqzwsl8p3ok.exe
O4 - HKCU\..\Run: [a91ywwtuwf6cfz18v5y8qyaqi8rmj482sif6] C:\DOCUME~1\Owner\LOCALS~1\Temp\uihp9jr1z.exe
O4 - HKCU\..\Run: [tr8yvjuct4jvsmta2jlkgz2czscm5b] C:\DOCUME~1\Owner\LOCALS~1\Temp\i99f0nfp7.exe
O4 - HKCU\..\Run: [p3odhdsv6slgcsm0k0bibdlg421wg] C:\DOCUME~1\Owner\LOCALS~1\Temp\bwlx7sqrrp.exe
O4 - HKCU\..\Run: [ip1k3ad3i6knox] C:\DOCUME~1\Owner\LOCALS~1\Temp\zmd5o9.exe
O4 - HKCU\..\Run: [hgvhnvrwtuqmaljyn8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\hlu4s5t3w.exe
O4 - HKCU\..\Run: [db277de06wu51aj0o19vq] C:\DOCUME~1\Owner\LOCALS~1\Temp\nawrk0.exe
O4 - HKCU\..\Run: [e1yi1jypbbt5r] C:\DOCUME~1\Owner\LOCALS~1\Temp\s9w7odjtz.exe
O4 - HKCU\..\Run: [qr76txq5jr1onlutr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ka3bdzfy.exe
O4 - HKCU\..\Run: [m3h7alk9ho0bwkr9w0] C:\DOCUME~1\Owner\LOCALS~1\Temp\c6acc46p.exe
O4 - HKCU\..\Run: [dy2h3isxq23mr] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtmuj9hrl.exe
O4 - HKCU\..\Run: [pjdp3t7po4s2odhth] C:\DOCUME~1\Owner\LOCALS~1\Temp\gvmd6jjksm.exe
O4 - HKCU\..\Run: [rvapfrr5ru2sk118les0rjnndx18kpqj57] C:\DOCUME~1\Owner\LOCALS~1\Temp\ziycw5umrkh.exe
O4 - HKCU\..\Run: [of2l9ryldmfb4oq3g9t9yfesrusb4gto9uowhf] C:\DOCUME~1\Owner\LOCALS~1\Temp\g7ad9k7heqoc3.exe
O4 - HKCU\..\Run: [su59f82jhy5ctp8puo36phywuh2] C:\DOCUME~1\Owner\LOCALS~1\Temp\y80yy6mmxknz.exe
O4 - HKCU\..\Run: [m80rl22powjn57nurju] C:\DOCUME~1\Owner\LOCALS~1\Temp\bn71klf6jwzj8.exe
O4 - HKCU\..\Run: [m2p83cq68a20] C:\DOCUME~1\Owner\LOCALS~1\Temp\fcjjxhs.exe
O4 - HKCU\..\Run: [yqah7gedk9kvo] C:\DOCUME~1\Owner\LOCALS~1\Temp\ex2lq1w6c.exe
O4 - HKCU\..\Run: [hjh0lwq3p9pw0e0zqwkmcderf2zaqwk77t1gy9vktbgav4w4mb] C:\DOCUME~1\Owner\LOCALS~1\Temp\bxla27waab.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25B1D89-4DD8-464A-8CE0-ECDCBFD07200}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 27749 bytes
-
February 24th, 2009, 12:44 AM
#9
I checked and I don't have any TDSSserv.
I don't know why there are spaces when I post, but on the log there's no spaces. Here is my current hijackthis file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:04 PM, on 2/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 5140 bytes
-
February 24th, 2009, 01:17 AM
#10
Originally Posted by crunchie
MBA-M can be run in safe mode.
Did you try and run it?
==
Originally Posted by crunchie
Please re-run hijackthis again, select Do a system scan and save a logfile. When notepad opens, go to the Format Tab and de-select Word Wrap.
Highlight the entire text and post the log back here.
Did you try this? It should fix the formatting.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|