Virus that won't let me open or run any anti-virus software

[lunacat]

Hello, I'm not sure if this is the right place to post this, but here's my problem. I have Windows XP and had a Kaspersky trial, which expired about 2 days ago. Yesterday, something popped up on my screen where it looks like the generic install windows when you install a program. It automatically went "Next" and "Ok" and installed something by itself in about 3 seconds. I caught the name and it was called: BlueRaTech. I Googled this and only found one page that mentioned it was a virus or spyware. It's in my programs folder but only has an Uninstall option. I didn't want to click it just yet in case it might activate something. I installed other virus programs to scan, but it wouldn't load. I tried another antivirus program, but it would not start either. If I go to any anti-virus or spyware website, it blocks it. It gives always says there's a Network Interruption. But any other website is fine and I can visit, but it's just extremely slow.

I then went in Safe Mode to uninstall it with the Add/Remove. I went in Safe Mode with Networking, but when I tried to go online, I was unable to. And when I tried to run the antivirus, I was still unable to under Safe Mode. I just had my computer fixed (for a hardware problem) 3 weeks ago, so I did not have a save point for a system restore, but I do have a lot of files and programs that I don't want to get rid of. When I restarted in normal mode, and checked my programs, it was still there. I went ahead and did the Uninstall from the submenu and it said it was removed (but I highly doubt that). My computer still is unable to scan and unable to go directly to any anti-virus/spyware websites.

How can I clean this off my system? Thanks a lot!

[crunchie]

Open Device Manager and on the VIEW Tab, select the Show hidden devices option.
Go down to non plug and play drivers and see if there is one called TDSSserv and disable it.

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebyt...are_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==

[lunacat]

I tried to run Malwarebytes, but it always closes once it opens. I want to run it in safe mode, but I was thinking it might not catch everything since Safe Mode doesn't run everything. Should I anyway?

Here's my hijackthis file as of now. It's in multiple parts since the reply has a limited number of characters:

Part 1:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:37:03 PM, on 2/23/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Nexon\Mabinogi\npkcmsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Owner\Application Data\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ThreatFire\TFTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Owner\Application Data\svchost.exe

C:\Documents and Settings\Owner\Application Data\cogad\cogad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\BigFix\BigFix.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\tvi7vpj2.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\sg15yvf3yk.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\hj1p12io.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\aupoon.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\sqw8ns.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\wawqk8xclqf.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\px88ru8e5emz.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\rgyupt9.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\goavpz386e.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\alrbnlflrfsk.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\nd5w2vg3tkx6.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\c4hxl1v.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\hkhwpxsx7r.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\kiogbclht3k.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\y1ozymnawl3r.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\jd22ac63b.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\yg2mdj9.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\rmelk5kq.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\j3b0rvje.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\ffs70l089scjc.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\b0bq8wq.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\jzspcsnsi3.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\xgislhi5qxvu.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\qyzav4h4.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\q8ykfbjaqxm1.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\efpdntch69.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\hpkgt9.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\x7kfkwbxqx.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\p3c6xsndp3.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\ti8eq0y2.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\amrzpb40c90.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\sdmjp0.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\z7a1iv8m19j3q.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\o3o5ris.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\ofc5bjglya.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\k0v7nk374acm.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\sejqdvtx.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\glv9g4.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\jv9tmkoamg.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\lkvpk04zh.exe

C:\DOCUME~1\Owner\LOCALS~1\Temp\rz2s6fxj3m.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

[lunacat]

Part 2:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: C:\WINDOWS\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [*svchostBoot] "C:\Documents and Settings\Owner\Application Data\svchost.exe"

O4 - HKLM\..\Run: [Tcahabiheb] rundll32.exe "C:\WINDOWS\Hnigumi.dll",e

O4 - HKLM\..\Run: [Ykotukejubet] rundll32.exe "C:\WINDOWS\uqasivolupufaxaw.dll",e

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe

O4 - HKCU\..\Run: [mqzlw4gi0dnwdwhc] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5i4lqjcb2i3.exe

O4 - HKCU\..\Run: [vaukk260lsgxv8bv9pjsfqn] C:\DOCUME~1\Owner\LOCALS~1\Temp\kkhiqo.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [eztmngr9ba0b6u5s5wye0fqpztl4zi2cerhq] C:\DOCUME~1\Owner\LOCALS~1\Temp\ee0ripqm3hv63.exe

O4 - HKCU\..\Run: [p3exwxjnz00appbcs43noa23i76x5eqr5eyiq82i4xmhxjmecn] C:\DOCUME~1\Owner\LOCALS~1\Temp\lzfw1irb.exe

O4 - HKCU\..\Run: [w2nlngwitbrrr6pkwxnskyw05x3ip9xl468e8feyab] C:\DOCUME~1\Owner\LOCALS~1\Temp\ael5d4zbfvtyg.exe

O4 - HKCU\..\Run: [fdour8ib9rit06xeljajb79utmfxht90pv4pjuw2us] C:\DOCUME~1\Owner\LOCALS~1\Temp\ha22x2zow62vc.exe

O4 - HKCU\..\Run: [hc9meyx78lwqytw7f2t07ceknwz6b9e7ficd8yytvcfvr] C:\DOCUME~1\Owner\LOCALS~1\Temp\awvtukpyp.exe

O4 - HKCU\..\Run: [e8bhvrepzouu65] C:\DOCUME~1\Owner\LOCALS~1\Temp\wmxywlhyva.exe

O4 - HKCU\..\Run: [gfz1as5yd9zdwu4iyxof91569xjol] C:\DOCUME~1\Owner\LOCALS~1\Temp\h5xhjvjvo6i.exe

O4 - HKCU\..\Run: [n4xr1jhc4ivzvwhx5ig9ja9y8dbfay9] C:\DOCUME~1\Owner\LOCALS~1\Temp\p9fxu7uza.exe

O4 - HKCU\..\Run: [frhe6wu9l] C:\DOCUME~1\Owner\LOCALS~1\Temp\qjkvlovabx.exe

O4 - HKCU\..\Run: [oreyk6d5zhn51q1dyfto5mhphvqbv] C:\DOCUME~1\Owner\LOCALS~1\Temp\sjahjnbgmqcbz.exe

O4 - HKCU\..\Run: [h84t9r73y] C:\DOCUME~1\Owner\LOCALS~1\Temp\z66pgb1zweo.exe

O4 - HKCU\..\Run: [zjf5fxthfuzmjtjlf3q48upvk56faj] C:\DOCUME~1\Owner\LOCALS~1\Temp\ymyo6h.exe

O4 - HKCU\..\Run: [epp42tugwq7i2vay3mk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qk444ptnyu22j.exe

O4 - HKCU\..\Run: [j83buy4gbcv5wqux] C:\DOCUME~1\Owner\LOCALS~1\Temp\vafocv0os.exe

O4 - HKCU\..\Run: [z5rc4hoczk2qiluythpws55yef0ghdvhb8o] C:\DOCUME~1\Owner\LOCALS~1\Temp\j7708iuf.exe

O4 - HKCU\..\Run: [jry7r2mbwsz6vb61jjgwogkgcgeoch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\cwdeklv.exe

O4 - HKCU\..\Run: [eq79azetdoexsvuw6srooy4oqx] C:\DOCUME~1\Owner\LOCALS~1\Temp\p8iob1n.exe

O4 - HKCU\..\Run: [pbb0hcz5moz2k3fsdf0l2o] C:\DOCUME~1\Owner\LOCALS~1\Temp\xe4j3gqm.exe

O4 - HKCU\..\Run: [hp56w58a6nmh9hy] C:\DOCUME~1\Owner\LOCALS~1\Temp\b536q1.exe

O4 - HKCU\..\Run: [oae6ks10u12p9] C:\DOCUME~1\Owner\LOCALS~1\Temp\mueruqmeknclj.exe

O4 - HKCU\..\Run: [vjz7qevgul9slb15zn6z19c893pv7rw9947olje6h7] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5rcu6o.exe

O4 - HKCU\..\Run: [ehz7jw7iwwwbzja0e7anjr5c7si2cupyhzfsrryb] C:\DOCUME~1\Owner\LOCALS~1\Temp\zhs23zvck66z.exe

O4 - HKCU\..\Run: [gs4z9o2w7ektr253n15d04uiwzrlgotwmyev2hb] C:\DOCUME~1\Owner\LOCALS~1\Temp\csktea328i.exe

O4 - HKCU\..\Run: [txb5mkc6s4doosha1s0] C:\DOCUME~1\Owner\LOCALS~1\Temp\dklz8z72f5.exe

O4 - HKCU\..\Run: [jkwu7kjle4qk9zlntifch65ar6d3g9] C:\DOCUME~1\Owner\LOCALS~1\Temp\t63qun0ormqwu.exe

O4 - HKCU\..\Run: [e486kapx4] C:\DOCUME~1\Owner\LOCALS~1\Temp\acmadnjqz1f.exe

O4 - HKCU\..\Run: [kkzmxx9co9jkamr03d673cu2r5w] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtuhhp1n.exe

O4 - HKCU\..\Run: [pgxq6ffzgtfn8zjkt7z70dp6k01fp2mbrgx8vb8kwlzfmmvlz4] C:\DOCUME~1\Owner\LOCALS~1\Temp\cuuhr46.exe

O4 - HKCU\..\Run: [iiyezar9qcfg3t0] C:\DOCUME~1\Owner\LOCALS~1\Temp\rbbylu.exe

O4 - HKCU\..\Run: [qhofb5bpc1zvwaaexmv2eqx4xc] C:\DOCUME~1\Owner\LOCALS~1\Temp\sd7o4zp21r.exe

O4 - HKCU\..\Run: [bepumlo9qka3d7rqrcc8hqdjwujsahsrfqr] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3ykig0etk.exe

O4 - HKCU\..\Run: [cnejyb6ynafpeqjn4swmt] C:\DOCUME~1\Owner\LOCALS~1\Temp\tf6do12c5j.exe

O4 - HKCU\..\Run: [f038bd8biwd] C:\DOCUME~1\Owner\LOCALS~1\Temp\x3o23e.exe

O4 - HKCU\..\Run: [iyowwrssch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4l84a2qz3.exe

O4 - HKCU\..\Run: [njijfz0fg8fulo6vh4ck455hinto7dk1a1gvtlm] C:\DOCUME~1\Owner\LOCALS~1\Temp\g8m190.exe

O4 - HKCU\..\Run: [ptmiouyvp9y1g2kjzb25ufqsl2lldnafz4xy] C:\DOCUME~1\Owner\LOCALS~1\Temp\nikxkh5.exe

O4 - HKCU\..\Run: [ct06q89w89lii12] C:\DOCUME~1\Owner\LOCALS~1\Temp\xcba6ycc.exe

O4 - HKCU\..\Run: [dxz1150usto61f3oqrwdnspjl27rljuarob2yg] C:\DOCUME~1\Owner\LOCALS~1\Temp\ig48kbpkd0.exe

O4 - HKCU\..\Run: [r59has6jsv0zug8c] C:\DOCUME~1\Owner\LOCALS~1\Temp\arsss7.exe

O4 - HKCU\..\Run: [cqpzp546i1ohpgwgxxbccouilmxh7i123zdw4tx623jxrb7m4b] C:\DOCUME~1\Owner\LOCALS~1\Temp\d89a5p4q.exe

O4 - HKCU\..\Run: [yxgf3kpymc0b03vytxdci] C:\DOCUME~1\Owner\LOCALS~1\Temp\ixt4zhk05.exe

O4 - HKCU\..\Run: [bd6sy0mrn9pm] C:\DOCUME~1\Owner\LOCALS~1\Temp\tkq0dg.exe

O4 - HKCU\..\Run: [hkkuz9ifzq] C:\DOCUME~1\Owner\LOCALS~1\Temp\t0xr63isaoeg.exe

O4 - HKCU\..\Run: [ny774bw7j4fz9w90gp39b7a4vfffk9idk7mw6zixkdwuo41z4n] C:\DOCUME~1\Owner\LOCALS~1\Temp\cs0igxdc.exe

O4 - HKCU\..\Run: [edlim34jbt35iu4qfxsdehcdrhe] C:\DOCUME~1\Owner\LOCALS~1\Temp\wiuvt54aq.exe

O4 - HKCU\..\Run: [rcxcvw7x99sq] C:\DOCUME~1\Owner\LOCALS~1\Temp\frn6whd.exe

O4 - HKCU\..\Run: [sg3r3d6dnnkwjiae4w7crldcdor1ihm7t97cu9s6n7p] C:\DOCUME~1\Owner\LOCALS~1\Temp\qtnpjrfo.exe

O4 - HKCU\..\Run: [rj5cfmsm0p5iqh3mn8vq0n6j02dr518] C:\DOCUME~1\Owner\LOCALS~1\Temp\a9u9ylwi.exe

O4 - HKCU\..\Run: [abznzraa4mpozjv1] C:\DOCUME~1\Owner\LOCALS~1\Temp\p4o6v3cz.exe

O4 - HKCU\..\Run: [qjv35oi6xbv723fqkp9deidj8c9e0njitc4pwo24f] C:\DOCUME~1\Owner\LOCALS~1\Temp\b3p99u6.exe

O4 - HKCU\..\Run: [w5fvvk4wjv2or6a9seexehi6hlsa9frqzk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qaek4z.exe

O4 - HKCU\..\Run: [v87d0yr34m40zpka9n1py750lsnpmqhxnhnsvh] C:\DOCUME~1\Owner\LOCALS~1\Temp\aw4vs0yecyy1.exe

O4 - HKCU\..\Run: [wf2544at5otn8suocjcci0tshgztve] C:\DOCUME~1\Owner\LOCALS~1\Temp\q49adqgwaaty.exe

O4 - HKCU\..\Run: [cml4x676kjoo] C:\DOCUME~1\Owner\LOCALS~1\Temp\en9swi5.exe

O4 - HKCU\..\Run: [trjqf0e73pkf] C:\DOCUME~1\Owner\LOCALS~1\Temp\teiobka81n.exe

O4 - HKCU\..\Run: [lv6ioiawblw05v4b4b0goxxjs7do6n2sb3hssapn1ekv3dpqb] C:\DOCUME~1\Owner\LOCALS~1\Temp\lczn1svxlzy.exe

O4 - HKCU\..\Run: [vmm16n6gg0nq2ejc49nu71dh19cr0y] C:\DOCUME~1\Owner\LOCALS~1\Temp\gikolagbd.exe

O4 - HKCU\..\Run: [xdwyfqmmbmi] C:\DOCUME~1\Owner\LOCALS~1\Temp\gku3tda9v7.exe

O4 - HKCU\..\Run: [tmj8tjefio560] C:\DOCUME~1\Owner\LOCALS~1\Temp\xguqgchr.exe

O4 - HKCU\..\Run: [bwn08bnugmz6kxk9m7] C:\DOCUME~1\Owner\LOCALS~1\Temp\wd1vwt4.exe

O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Owner\Application Data\cogad\cogad.exe" 61A847B5BBF72813329D31466188719AB689201522886B092CBD44BD8689220221DD3257

O4 - HKCU\..\Run: [fj859nt9bm9hzfg2p7itn8hctqvm5xf3rfzruev] C:\DOCUME~1\Owner\LOCALS~1\Temp\i0osvfy76.exe

O4 - HKCU\..\Run: [idztkg3sylkowdax71vkie8gnt0diiqdwb96] C:\DOCUME~1\Owner\LOCALS~1\Temp\v8d7u0.exe

O4 - HKCU\..\Run: [acxupptdjewbgz7qdfxi9u8iik4p9jh0psazd90] C:\DOCUME~1\Owner\LOCALS~1\Temp\oep65c1.exe

O4 - HKCU\..\Run: [gzzffsvvf85a5ecka6rixyyi6hr0nrashdw] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryftwi4.exe

O4 - HKCU\..\Run: [p1qs8wozhuy809xv7ctjagu3py7je2mho9] C:\DOCUME~1\Owner\LOCALS~1\Temp\cc3cmtu2cbw.exe

O4 - HKCU\..\Run: [gfp7sfoxrr] C:\DOCUME~1\Owner\LOCALS~1\Temp\rfmdp0xn9.exe

O4 - HKCU\..\Run: [c5n002t21pjoxzk1x5qe5u8tq9fdggkhp4gkq7gsxm7] C:\DOCUME~1\Owner\LOCALS~1\Temp\u4vkauji.exe

O4 - HKCU\..\Run: [zew782pfozd1v3ryh883z9rrluci0h0joeopoyas08lc7zv] C:\DOCUME~1\Owner\LOCALS~1\Temp\fne3g4lbh.exe

O4 - HKCU\..\Run: [n69wasr5hrz7xn517fayhp6c5ggpb3j91jsfble55vsjcm] C:\DOCUME~1\Owner\LOCALS~1\Temp\wez9e9g.exe

O4 - HKCU\..\Run: [u64oc0bvi6dv1rlyo3fejtg0laznq9twlphfepph1baouki] C:\DOCUME~1\Owner\LOCALS~1\Temp\lruunw078.exe

O4 - HKCU\..\Run: [k6ybzzpu94upahtupx12c9g] C:\DOCUME~1\Owner\LOCALS~1\Temp\lwhnrlqt.exe

O4 - HKCU\..\Run: [ikxeoi1me4] C:\DOCUME~1\Owner\LOCALS~1\Temp\dn8ywjksyiz.exe

O4 - HKCU\..\Run: [t7vyfzaewm9fdw4f5w3u6z5ipv1hxre8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\n153kaqoj6.exe

O4 - HKCU\..\Run: [gt0x8l10iwmse6ie7um7fiy4rjgcuwl] C:\DOCUME~1\Owner\LOCALS~1\Temp\hymjzwl14oc1.exe

O4 - HKCU\..\Run: [q9wos6cd1xu51q8rcxo0qty2809ue5hiv] C:\DOCUME~1\Owner\LOCALS~1\Temp\gt05hd643u.exe

O4 - HKCU\..\Run: [gido7tdsmmeiqtgevi9itxleron75l6] C:\DOCUME~1\Owner\LOCALS~1\Temp\u5v8t3p.exe

O4 - HKCU\..\Run: [my2g2w4o9r8u7m2oksy1binz4rdpj5] C:\DOCUME~1\Owner\LOCALS~1\Temp\xplvoz6.exe

O4 - HKCU\..\Run: [j7751seccyxv7du7o94mngsj8wav] C:\DOCUME~1\Owner\LOCALS~1\Temp\yzqtfgqn.exe

O4 - HKCU\..\Run: [ar2pmy3ougefig95czc8yqmg1u3h8f] C:\DOCUME~1\Owner\LOCALS~1\Temp\begw1vjqr.exe

O4 - HKCU\..\Run: [f9pytm4pmbhaio8iayao5vcxk6tuii89soyujjp0xa4oj] C:\DOCUME~1\Owner\LOCALS~1\Temp\aed29c.exe

O4 - HKCU\..\Run: [pno89zwtxohg] C:\DOCUME~1\Owner\LOCALS~1\Temp\iuu1dp6dx.exe

O4 - HKCU\..\Run: [x39brjs8fna2kuz] C:\DOCUME~1\Owner\LOCALS~1\Temp\wbk45ekqmje.exe

O4 - HKCU\..\Run: [bdbpjpj25gapcmkkis805qyqxwm3i4w7dgvoka0pv6k7q7gqw] C:\DOCUME~1\Owner\LOCALS~1\Temp\jnswb7xd.exe

O4 - HKCU\..\Run: [pw5vpf0oxa8el] C:\DOCUME~1\Owner\LOCALS~1\Temp\tfnhqhfv.exe

O4 - HKCU\..\Run: [ac74e653a1] C:\DOCUME~1\Owner\LOCALS~1\Temp\o2w55k.exe

O4 - HKCU\..\Run: [vkmtlmvhdbudwin91p5xpccirla6dynnb] C:\DOCUME~1\Owner\LOCALS~1\Temp\qc4xo3a8zl.exe

O4 - HKCU\..\Run: [ej35eim0d9motvuorji4nd] C:\DOCUME~1\Owner\LOCALS~1\Temp\xg6inegnndm96.exe

O4 - HKCU\..\Run: [zm28d7bbdpn02bh2qtztd45efqsuxijm92pj1n0h2e964i2a] C:\DOCUME~1\Owner\LOCALS~1\Temp\ucuv2ua3.exe

O4 - HKCU\..\Run: [z3dbsfhunn66rs] C:\DOCUME~1\Owner\LOCALS~1\Temp\pjh1tm4.exe

O4 - HKCU\..\Run: [cfcpwejtyvlir] C:\DOCUME~1\Owner\LOCALS~1\Temp\s3qooil.exe

O4 - HKCU\..\Run: [fp8umyfol5xd1pqks6ha91i87gswcdx046lnhm] C:\DOCUME~1\Owner\LOCALS~1\Temp\zel9rv3h.exe

O4 - HKCU\..\Run: [o3zvxm8i2k2u604hv6h48dpu5gn3fxrb24auro8q2katm5] C:\DOCUME~1\Owner\LOCALS~1\Temp\o0eq13drb9su.exe

O4 - HKCU\..\Run: [xuufkr1whzen0n1xj3qd65qlnn4lztba33zt1s4g] C:\DOCUME~1\Owner\LOCALS~1\Temp\j6gu6olz.exe

O4 - HKCU\..\Run: [ohxtkbc016m0tqm0mgkvreran4rtigun4seb3i7txcmw] C:\DOCUME~1\Owner\LOCALS~1\Temp\yodio9tfw.exe

O4 - HKCU\..\Run: [yqwqkvogp4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jqw1f99zk4.exe

O4 - HKCU\..\Run: [fizu0k6l8s0gat42z030npgr08s8t5vdlae] C:\DOCUME~1\Owner\LOCALS~1\Temp\m0rl0z.exe

O4 - HKCU\..\Run: [c0h6qhwxfvix7or2fd0hradugmr4z5p2g55kwnjkn] C:\DOCUME~1\Owner\LOCALS~1\Temp\ay5r26jw7s.exe

O4 - HKCU\..\Run: [v0v2u14yd2vn] C:\DOCUME~1\Owner\LOCALS~1\Temp\h27t1hpbgakg7.exe

O4 - HKCU\..\Run: [q4z8ps4crvd5uhqbe2pb1er7hysaovudc2qtm6n49a2rlo] C:\DOCUME~1\Owner\LOCALS~1\Temp\dievxjhut4.exe

O4 - HKCU\..\Run: [i6pac2b1hmax3c1ik4hahm1nppqeq96xgyfgj53kouefc9wep] C:\DOCUME~1\Owner\LOCALS~1\Temp\kwz3vsgklmt.exe

O4 - HKCU\..\Run: [e2xr3glmmz9529575iivn5ab1u7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\ln41ms0cmgop.exe

O4 - HKCU\..\Run: [a5ppuh1zu0uznj3sjy4dndmf28] C:\DOCUME~1\Owner\LOCALS~1\Temp\c9do4f0mua6u0.exe

O4 - HKCU\..\Run: [efrpoe8zs9nj969nnlaql0jibhp81z5gud9sls] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpx4m6cfahgbv.exe

O4 - HKCU\..\Run: [ubbbzpbj2nqthuzh269htdootorpn5d0jilthmdt6ijemxzp9] C:\DOCUME~1\Owner\LOCALS~1\Temp\iz22dn.exe

O4 - HKCU\..\Run: [jcivfsp3mmnj] C:\DOCUME~1\Owner\LOCALS~1\Temp\s1sqywvp65.exe

O4 - HKCU\..\Run: [zb2ghamaiptudpbw5vrd4fnqhet3y7j] C:\DOCUME~1\Owner\LOCALS~1\Temp\txg8fuke7i.exe

O4 - HKCU\..\Run: [hhbitzasfkmpqqkgom46h0fa8s4wpkn0] C:\DOCUME~1\Owner\LOCALS~1\Temp\z51vqpd.exe

O4 - HKCU\..\Run: [dofhjsvvffbh0b1ff3734tsyngjyzged8mdeiu88glk6] C:\DOCUME~1\Owner\LOCALS~1\Temp\rn8zfb.exe

O4 - HKCU\..\Run: [a6zpsz5hbmpq3hljr0xs6ae67bwz0b1cyw6zxvd5f] C:\DOCUME~1\Owner\LOCALS~1\Temp\h9ubr1m.exe

O4 - HKCU\..\Run: [hfv26hse0y91dgf3h3tr4j7xbk0]

[lunacat]

Part 2:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: C:\WINDOWS\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [*svchostBoot] "C:\Documents and Settings\Owner\Application Data\svchost.exe"

O4 - HKLM\..\Run: [Tcahabiheb] rundll32.exe "C:\WINDOWS\Hnigumi.dll",e

O4 - HKLM\..\Run: [Ykotukejubet] rundll32.exe "C:\WINDOWS\uqasivolupufaxaw.dll",e

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe

O4 - HKCU\..\Run: [mqzlw4gi0dnwdwhc] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5i4lqjcb2i3.exe

O4 - HKCU\..\Run: [vaukk260lsgxv8bv9pjsfqn] C:\DOCUME~1\Owner\LOCALS~1\Temp\kkhiqo.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [eztmngr9ba0b6u5s5wye0fqpztl4zi2cerhq] C:\DOCUME~1\Owner\LOCALS~1\Temp\ee0ripqm3hv63.exe

O4 - HKCU\..\Run: [p3exwxjnz00appbcs43noa23i76x5eqr5eyiq82i4xmhxjmecn] C:\DOCUME~1\Owner\LOCALS~1\Temp\lzfw1irb.exe

O4 - HKCU\..\Run: [w2nlngwitbrrr6pkwxnskyw05x3ip9xl468e8feyab] C:\DOCUME~1\Owner\LOCALS~1\Temp\ael5d4zbfvtyg.exe

O4 - HKCU\..\Run: [fdour8ib9rit06xeljajb79utmfxht90pv4pjuw2us] C:\DOCUME~1\Owner\LOCALS~1\Temp\ha22x2zow62vc.exe

O4 - HKCU\..\Run: [hc9meyx78lwqytw7f2t07ceknwz6b9e7ficd8yytvcfvr] C:\DOCUME~1\Owner\LOCALS~1\Temp\awvtukpyp.exe

O4 - HKCU\..\Run: [e8bhvrepzouu65] C:\DOCUME~1\Owner\LOCALS~1\Temp\wmxywlhyva.exe

O4 - HKCU\..\Run: [gfz1as5yd9zdwu4iyxof91569xjol] C:\DOCUME~1\Owner\LOCALS~1\Temp\h5xhjvjvo6i.exe

O4 - HKCU\..\Run: [n4xr1jhc4ivzvwhx5ig9ja9y8dbfay9] C:\DOCUME~1\Owner\LOCALS~1\Temp\p9fxu7uza.exe

O4 - HKCU\..\Run: [frhe6wu9l] C:\DOCUME~1\Owner\LOCALS~1\Temp\qjkvlovabx.exe

O4 - HKCU\..\Run: [oreyk6d5zhn51q1dyfto5mhphvqbv] C:\DOCUME~1\Owner\LOCALS~1\Temp\sjahjnbgmqcbz.exe

O4 - HKCU\..\Run: [h84t9r73y] C:\DOCUME~1\Owner\LOCALS~1\Temp\z66pgb1zweo.exe

O4 - HKCU\..\Run: [zjf5fxthfuzmjtjlf3q48upvk56faj] C:\DOCUME~1\Owner\LOCALS~1\Temp\ymyo6h.exe

O4 - HKCU\..\Run: [epp42tugwq7i2vay3mk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qk444ptnyu22j.exe

O4 - HKCU\..\Run: [j83buy4gbcv5wqux] C:\DOCUME~1\Owner\LOCALS~1\Temp\vafocv0os.exe

O4 - HKCU\..\Run: [z5rc4hoczk2qiluythpws55yef0ghdvhb8o] C:\DOCUME~1\Owner\LOCALS~1\Temp\j7708iuf.exe

O4 - HKCU\..\Run: [jry7r2mbwsz6vb61jjgwogkgcgeoch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\cwdeklv.exe

O4 - HKCU\..\Run: [eq79azetdoexsvuw6srooy4oqx] C:\DOCUME~1\Owner\LOCALS~1\Temp\p8iob1n.exe

O4 - HKCU\..\Run: [pbb0hcz5moz2k3fsdf0l2o] C:\DOCUME~1\Owner\LOCALS~1\Temp\xe4j3gqm.exe

O4 - HKCU\..\Run: [hp56w58a6nmh9hy] C:\DOCUME~1\Owner\LOCALS~1\Temp\b536q1.exe

O4 - HKCU\..\Run: [oae6ks10u12p9] C:\DOCUME~1\Owner\LOCALS~1\Temp\mueruqmeknclj.exe

O4 - HKCU\..\Run: [vjz7qevgul9slb15zn6z19c893pv7rw9947olje6h7] C:\DOCUME~1\Owner\LOCALS~1\Temp\g5rcu6o.exe

O4 - HKCU\..\Run: [ehz7jw7iwwwbzja0e7anjr5c7si2cupyhzfsrryb] C:\DOCUME~1\Owner\LOCALS~1\Temp\zhs23zvck66z.exe

O4 - HKCU\..\Run: [gs4z9o2w7ektr253n15d04uiwzrlgotwmyev2hb] C:\DOCUME~1\Owner\LOCALS~1\Temp\csktea328i.exe

O4 - HKCU\..\Run: [txb5mkc6s4doosha1s0] C:\DOCUME~1\Owner\LOCALS~1\Temp\dklz8z72f5.exe

O4 - HKCU\..\Run: [jkwu7kjle4qk9zlntifch65ar6d3g9] C:\DOCUME~1\Owner\LOCALS~1\Temp\t63qun0ormqwu.exe

O4 - HKCU\..\Run: [e486kapx4] C:\DOCUME~1\Owner\LOCALS~1\Temp\acmadnjqz1f.exe

O4 - HKCU\..\Run: [kkzmxx9co9jkamr03d673cu2r5w] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtuhhp1n.exe

O4 - HKCU\..\Run: [pgxq6ffzgtfn8zjkt7z70dp6k01fp2mbrgx8vb8kwlzfmmvlz4] C:\DOCUME~1\Owner\LOCALS~1\Temp\cuuhr46.exe

O4 - HKCU\..\Run: [iiyezar9qcfg3t0] C:\DOCUME~1\Owner\LOCALS~1\Temp\rbbylu.exe

O4 - HKCU\..\Run: [qhofb5bpc1zvwaaexmv2eqx4xc] C:\DOCUME~1\Owner\LOCALS~1\Temp\sd7o4zp21r.exe

O4 - HKCU\..\Run: [bepumlo9qka3d7rqrcc8hqdjwujsahsrfqr] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3ykig0etk.exe

O4 - HKCU\..\Run: [cnejyb6ynafpeqjn4swmt] C:\DOCUME~1\Owner\LOCALS~1\Temp\tf6do12c5j.exe

O4 - HKCU\..\Run: [f038bd8biwd] C:\DOCUME~1\Owner\LOCALS~1\Temp\x3o23e.exe

O4 - HKCU\..\Run: [iyowwrssch1] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4l84a2qz3.exe

O4 - HKCU\..\Run: [njijfz0fg8fulo6vh4ck455hinto7dk1a1gvtlm] C:\DOCUME~1\Owner\LOCALS~1\Temp\g8m190.exe

O4 - HKCU\..\Run: [ptmiouyvp9y1g2kjzb25ufqsl2lldnafz4xy] C:\DOCUME~1\Owner\LOCALS~1\Temp\nikxkh5.exe

O4 - HKCU\..\Run: [ct06q89w89lii12] C:\DOCUME~1\Owner\LOCALS~1\Temp\xcba6ycc.exe

O4 - HKCU\..\Run: [dxz1150usto61f3oqrwdnspjl27rljuarob2yg] C:\DOCUME~1\Owner\LOCALS~1\Temp\ig48kbpkd0.exe

O4 - HKCU\..\Run: [r59has6jsv0zug8c] C:\DOCUME~1\Owner\LOCALS~1\Temp\arsss7.exe

O4 - HKCU\..\Run: [cqpzp546i1ohpgwgxxbccouilmxh7i123zdw4tx623jxrb7m4b] C:\DOCUME~1\Owner\LOCALS~1\Temp\d89a5p4q.exe

O4 - HKCU\..\Run: [yxgf3kpymc0b03vytxdci] C:\DOCUME~1\Owner\LOCALS~1\Temp\ixt4zhk05.exe

O4 - HKCU\..\Run: [bd6sy0mrn9pm] C:\DOCUME~1\Owner\LOCALS~1\Temp\tkq0dg.exe

O4 - HKCU\..\Run: [hkkuz9ifzq] C:\DOCUME~1\Owner\LOCALS~1\Temp\t0xr63isaoeg.exe

O4 - HKCU\..\Run: [ny774bw7j4fz9w90gp39b7a4vfffk9idk7mw6zixkdwuo41z4n] C:\DOCUME~1\Owner\LOCALS~1\Temp\cs0igxdc.exe

O4 - HKCU\..\Run: [edlim34jbt35iu4qfxsdehcdrhe] C:\DOCUME~1\Owner\LOCALS~1\Temp\wiuvt54aq.exe

O4 - HKCU\..\Run: [rcxcvw7x99sq] C:\DOCUME~1\Owner\LOCALS~1\Temp\frn6whd.exe

O4 - HKCU\..\Run: [sg3r3d6dnnkwjiae4w7crldcdor1ihm7t97cu9s6n7p] C:\DOCUME~1\Owner\LOCALS~1\Temp\qtnpjrfo.exe

O4 - HKCU\..\Run: [rj5cfmsm0p5iqh3mn8vq0n6j02dr518] C:\DOCUME~1\Owner\LOCALS~1\Temp\a9u9ylwi.exe

O4 - HKCU\..\Run: [abznzraa4mpozjv1] C:\DOCUME~1\Owner\LOCALS~1\Temp\p4o6v3cz.exe

O4 - HKCU\..\Run: [qjv35oi6xbv723fqkp9deidj8c9e0njitc4pwo24f] C:\DOCUME~1\Owner\LOCALS~1\Temp\b3p99u6.exe

O4 - HKCU\..\Run: [w5fvvk4wjv2or6a9seexehi6hlsa9frqzk] C:\DOCUME~1\Owner\LOCALS~1\Temp\qaek4z.exe

O4 - HKCU\..\Run: [v87d0yr34m40zpka9n1py750lsnpmqhxnhnsvh] C:\DOCUME~1\Owner\LOCALS~1\Temp\aw4vs0yecyy1.exe

O4 - HKCU\..\Run: [wf2544at5otn8suocjcci0tshgztve] C:\DOCUME~1\Owner\LOCALS~1\Temp\q49adqgwaaty.exe

O4 - HKCU\..\Run: [cml4x676kjoo] C:\DOCUME~1\Owner\LOCALS~1\Temp\en9swi5.exe

O4 - HKCU\..\Run: [trjqf0e73pkf] C:\DOCUME~1\Owner\LOCALS~1\Temp\teiobka81n.exe

O4 - HKCU\..\Run: [lv6ioiawblw05v4b4b0goxxjs7do6n2sb3hssapn1ekv3dpqb] C:\DOCUME~1\Owner\LOCALS~1\Temp\lczn1svxlzy.exe

O4 - HKCU\..\Run: [vmm16n6gg0nq2ejc49nu71dh19cr0y] C:\DOCUME~1\Owner\LOCALS~1\Temp\gikolagbd.exe

O4 - HKCU\..\Run: [xdwyfqmmbmi] C:\DOCUME~1\Owner\LOCALS~1\Temp\gku3tda9v7.exe

O4 - HKCU\..\Run: [tmj8tjefio560] C:\DOCUME~1\Owner\LOCALS~1\Temp\xguqgchr.exe

O4 - HKCU\..\Run: [bwn08bnugmz6kxk9m7] C:\DOCUME~1\Owner\LOCALS~1\Temp\wd1vwt4.exe

O4 - HKCU\..\Run: [cogad] "C:\Documents and Settings\Owner\Application Data\cogad\cogad.exe" 61A847B5BBF72813329D31466188719AB689201522886B092CBD44BD8689220221DD3257

O4 - HKCU\..\Run: [fj859nt9bm9hzfg2p7itn8hctqvm5xf3rfzruev] C:\DOCUME~1\Owner\LOCALS~1\Temp\i0osvfy76.exe

O4 - HKCU\..\Run: [idztkg3sylkowdax71vkie8gnt0diiqdwb96] C:\DOCUME~1\Owner\LOCALS~1\Temp\v8d7u0.exe

O4 - HKCU\..\Run: [acxupptdjewbgz7qdfxi9u8iik4p9jh0psazd90] C:\DOCUME~1\Owner\LOCALS~1\Temp\oep65c1.exe

O4 - HKCU\..\Run: [gzzffsvvf85a5ecka6rixyyi6hr0nrashdw] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryftwi4.exe

O4 - HKCU\..\Run: [p1qs8wozhuy809xv7ctjagu3py7je2mho9] C:\DOCUME~1\Owner\LOCALS~1\Temp\cc3cmtu2cbw.exe

O4 - HKCU\..\Run: [gfp7sfoxrr] C:\DOCUME~1\Owner\LOCALS~1\Temp\rfmdp0xn9.exe

O4 - HKCU\..\Run: [c5n002t21pjoxzk1x5qe5u8tq9fdggkhp4gkq7gsxm7] C:\DOCUME~1\Owner\LOCALS~1\Temp\u4vkauji.exe

O4 - HKCU\..\Run: [zew782pfozd1v3ryh883z9rrluci0h0joeopoyas08lc7zv] C:\DOCUME~1\Owner\LOCALS~1\Temp\fne3g4lbh.exe

O4 - HKCU\..\Run: [n69wasr5hrz7xn517fayhp6c5ggpb3j91jsfble55vsjcm] C:\DOCUME~1\Owner\LOCALS~1\Temp\wez9e9g.exe

O4 - HKCU\..\Run: [u64oc0bvi6dv1rlyo3fejtg0laznq9twlphfepph1baouki] C:\DOCUME~1\Owner\LOCALS~1\Temp\lruunw078.exe

O4 - HKCU\..\Run: [k6ybzzpu94upahtupx12c9g] C:\DOCUME~1\Owner\LOCALS~1\Temp\lwhnrlqt.exe

O4 - HKCU\..\Run: [ikxeoi1me4] C:\DOCUME~1\Owner\LOCALS~1\Temp\dn8ywjksyiz.exe

O4 - HKCU\..\Run: [t7vyfzaewm9fdw4f5w3u6z5ipv1hxre8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\n153kaqoj6.exe

O4 - HKCU\..\Run: [gt0x8l10iwmse6ie7um7fiy4rjgcuwl] C:\DOCUME~1\Owner\LOCALS~1\Temp\hymjzwl14oc1.exe

O4 - HKCU\..\Run: [q9wos6cd1xu51q8rcxo0qty2809ue5hiv] C:\DOCUME~1\Owner\LOCALS~1\Temp\gt05hd643u.exe

O4 - HKCU\..\Run: [gido7tdsmmeiqtgevi9itxleron75l6] C:\DOCUME~1\Owner\LOCALS~1\Temp\u5v8t3p.exe

O4 - HKCU\..\Run: [my2g2w4o9r8u7m2oksy1binz4rdpj5] C:\DOCUME~1\Owner\LOCALS~1\Temp\xplvoz6.exe

O4 - HKCU\..\Run: [j7751seccyxv7du7o94mngsj8wav] C:\DOCUME~1\Owner\LOCALS~1\Temp\yzqtfgqn.exe

O4 - HKCU\..\Run: [ar2pmy3ougefig95czc8yqmg1u3h8f] C:\DOCUME~1\Owner\LOCALS~1\Temp\begw1vjqr.exe

O4 - HKCU\..\Run: [f9pytm4pmbhaio8iayao5vcxk6tuii89soyujjp0xa4oj] C:\DOCUME~1\Owner\LOCALS~1\Temp\aed29c.exe

O4 - HKCU\..\Run: [pno89zwtxohg] C:\DOCUME~1\Owner\LOCALS~1\Temp\iuu1dp6dx.exe

O4 - HKCU\..\Run: [x39brjs8fna2kuz] C:\DOCUME~1\Owner\LOCALS~1\Temp\wbk45ekqmje.exe

O4 - HKCU\..\Run: [bdbpjpj25gapcmkkis805qyqxwm3i4w7dgvoka0pv6k7q7gqw] C:\DOCUME~1\Owner\LOCALS~1\Temp\jnswb7xd.exe

O4 - HKCU\..\Run: [pw5vpf0oxa8el] C:\DOCUME~1\Owner\LOCALS~1\Temp\tfnhqhfv.exe

O4 - HKCU\..\Run: [ac74e653a1] C:\DOCUME~1\Owner\LOCALS~1\Temp\o2w55k.exe

O4 - HKCU\..\Run: [vkmtlmvhdbudwin91p5xpccirla6dynnb] C:\DOCUME~1\Owner\LOCALS~1\Temp\qc4xo3a8zl.exe

O4 - HKCU\..\Run: [ej35eim0d9motvuorji4nd] C:\DOCUME~1\Owner\LOCALS~1\Temp\xg6inegnndm96.exe

O4 - HKCU\..\Run: [zm28d7bbdpn02bh2qtztd45efqsuxijm92pj1n0h2e964i2a] C:\DOCUME~1\Owner\LOCALS~1\Temp\ucuv2ua3.exe

O4 - HKCU\..\Run: [z3dbsfhunn66rs] C:\DOCUME~1\Owner\LOCALS~1\Temp\pjh1tm4.exe

O4 - HKCU\..\Run: [cfcpwejtyvlir] C:\DOCUME~1\Owner\LOCALS~1\Temp\s3qooil.exe

O4 - HKCU\..\Run: [fp8umyfol5xd1pqks6ha91i87gswcdx046lnhm] C:\DOCUME~1\Owner\LOCALS~1\Temp\zel9rv3h.exe

O4 - HKCU\..\Run: [o3zvxm8i2k2u604hv6h48dpu5gn3fxrb24auro8q2katm5] C:\DOCUME~1\Owner\LOCALS~1\Temp\o0eq13drb9su.exe

O4 - HKCU\..\Run: [xuufkr1whzen0n1xj3qd65qlnn4lztba33zt1s4g] C:\DOCUME~1\Owner\LOCALS~1\Temp\j6gu6olz.exe

O4 - HKCU\..\Run: [ohxtkbc016m0tqm0mgkvreran4rtigun4seb3i7txcmw] C:\DOCUME~1\Owner\LOCALS~1\Temp\yodio9tfw.exe

O4 - HKCU\..\Run: [yqwqkvogp4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jqw1f99zk4.exe

O4 - HKCU\..\Run: [fizu0k6l8s0gat42z030npgr08s8t5vdlae] C:\DOCUME~1\Owner\LOCALS~1\Temp\m0rl0z.exe

O4 - HKCU\..\Run: [c0h6qhwxfvix7or2fd0hradugmr4z5p2g55kwnjkn] C:\DOCUME~1\Owner\LOCALS~1\Temp\ay5r26jw7s.exe

O4 - HKCU\..\Run: [v0v2u14yd2vn] C:\DOCUME~1\Owner\LOCALS~1\Temp\h27t1hpbgakg7.exe

O4 - HKCU\..\Run: [q4z8ps4crvd5uhqbe2pb1er7hysaovudc2qtm6n49a2rlo] C:\DOCUME~1\Owner\LOCALS~1\Temp\dievxjhut4.exe

O4 - HKCU\..\Run: [i6pac2b1hmax3c1ik4hahm1nppqeq96xgyfgj53kouefc9wep] C:\DOCUME~1\Owner\LOCALS~1\Temp\kwz3vsgklmt.exe

O4 - HKCU\..\Run: [e2xr3glmmz9529575iivn5ab1u7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\ln41ms0cmgop.exe

O4 - HKCU\..\Run: [a5ppuh1zu0uznj3sjy4dndmf28] C:\DOCUME~1\Owner\LOCALS~1\Temp\c9do4f0mua6u0.exe

O4 - HKCU\..\Run: [efrpoe8zs9nj969nnlaql0jibhp81z5gud9sls] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpx4m6cfahgbv.exe

O4 - HKCU\..\Run: [ubbbzpbj2nqthuzh269htdootorpn5d0jilthmdt6ijemxzp9] C:\DOCUME~1\Owner\LOCALS~1\Temp\iz22dn.exe

O4 - HKCU\..\Run: [jcivfsp3mmnj] C:\DOCUME~1\Owner\LOCALS~1\Temp\s1sqywvp65.exe

O4 - HKCU\..\Run: [zb2ghamaiptudpbw5vrd4fnqhet3y7j] C:\DOCUME~1\Owner\LOCALS~1\Temp\txg8fuke7i.exe

O4 - HKCU\..\Run: [hhbitzasfkmpqqkgom46h0fa8s4wpkn0] C:\DOCUME~1\Owner\LOCALS~1\Temp\z51vqpd.exe

O4 - HKCU\..\Run: [dofhjsvvffbh0b1ff3734tsyngjyzged8mdeiu88glk6] C:\DOCUME~1\Owner\LOCALS~1\Temp\rn8zfb.exe

O4 - HKCU\..\Run: [a6zpsz5hbmpq3hljr0xs6ae67bwz0b1cyw6zxvd5f] C:\DOCUME~1\Owner\LOCALS~1\Temp\h9ubr1m.exe

O4 - HKCU\..\Run: [hfv26hse0y91dgf3h3tr4j7xbk0]

[lunacat]

Part 3:

C:\DOCUME~1\Owner\LOCALS~1\Temp\o81wawg02if4l.exe

O4 - HKCU\..\Run: [zo5tv0j5iw73gmus4bgwksoce0wu8s1p8xt9hurbvoi9tdyr] C:\DOCUME~1\Owner\LOCALS~1\Temp\sxdxnst.exe

O4 - HKCU\..\Run: [y2jkfw24p62rns7e3qmi54yvaonun70vas77rl9qi] C:\DOCUME~1\Owner\LOCALS~1\Temp\c1fz53zty6.exe

O4 - HKCU\..\Run: [s3byyptq1mkqer5345t9zawlyeggz24mj] C:\DOCUME~1\Owner\LOCALS~1\Temp\odkgjulx2i2y.exe

O4 - HKCU\..\Run: [ri2w4s477jtsqvlo8y] C:\DOCUME~1\Owner\LOCALS~1\Temp\ko8y6y82fc.exe

O4 - HKCU\..\Run: [ts06ll5yxs97p482he49q8uaj2dci] C:\DOCUME~1\Owner\LOCALS~1\Temp\rwy6nkz5.exe

O4 - HKCU\..\Run: [yvez4yuaw4993fmf] C:\DOCUME~1\Owner\LOCALS~1\Temp\tvi7vpj2.exe

O4 - HKCU\..\Run: [vvztg88k886cp6zr2vho3cpg12] C:\DOCUME~1\Owner\LOCALS~1\Temp\sg15yvf3yk.exe

O4 - HKCU\..\Run: [l8widd8ow1w3x3mhdw2xf5vj4zoj44n56wcw20g19t5hxs] C:\DOCUME~1\Owner\LOCALS~1\Temp\aupoon.exe

O4 - HKCU\..\Run: [urqb6xpc75u0fqvgac7ntg238wwda87bivkaj] C:\DOCUME~1\Owner\LOCALS~1\Temp\sqw8ns.exe

O4 - HKCU\..\Run: [up2nmv37q4jr] C:\DOCUME~1\Owner\LOCALS~1\Temp\hj1p12io.exe

O4 - HKCU\..\Run: [go82hy46uk95i5r7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\wawqk8xclqf.exe

O4 - HKCU\..\Run: [i9jhe68max] C:\DOCUME~1\Owner\LOCALS~1\Temp\px88ru8e5emz.exe

O4 - HKCU\..\Run: [bhl7tqtjzzw3fhfzzce43hj0mwo1mgt4i] C:\DOCUME~1\Owner\LOCALS~1\Temp\rgyupt9.exe

O4 - HKCU\..\Run: [qjz939qhg26t2] C:\DOCUME~1\Owner\LOCALS~1\Temp\goavpz386e.exe

O4 - HKCU\..\Run: [ino7oolzf64ub8chxc3c2edf69fsonm3bo6x28z3wkyacmfim] C:\DOCUME~1\Owner\LOCALS~1\Temp\alrbnlflrfsk.exe

O4 - HKCU\..\Run: [g67n57z2bjfohfil] C:\DOCUME~1\Owner\LOCALS~1\Temp\nd5w2vg3tkx6.exe

O4 - HKCU\..\Run: [p8nmgftspsz6c4ldytdeyh9hir] C:\DOCUME~1\Owner\LOCALS~1\Temp\c4hxl1v.exe

O4 - HKCU\..\Run: [g1ju5r45c5c40cco0qqyhyimems26d3] C:\DOCUME~1\Owner\LOCALS~1\Temp\hkhwpxsx7r.exe

O4 - HKCU\..\Run: [loopig1v7kq1ofjrrv4imqt21sozn3333p0h67q15pujja4] C:\DOCUME~1\Owner\LOCALS~1\Temp\kiogbclht3k.exe

O4 - HKCU\..\Run: [huhmu0w3jd5k] C:\DOCUME~1\Owner\LOCALS~1\Temp\y1ozymnawl3r.exe

O4 - HKCU\..\Run: [y32d8ezru4hmxa45k7of2j4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jd22ac63b.exe

O4 - HKCU\..\Run: [krzbmyl4mvzwjv3cohy3qyttumqnfjryrx4tvpa1o] C:\DOCUME~1\Owner\LOCALS~1\Temp\yg2mdj9.exe

O4 - HKCU\..\Run: [hn9h5m2mb1yb4rj] C:\DOCUME~1\Owner\LOCALS~1\Temp\rmelk5kq.exe

O4 - HKCU\..\Run: [pe2z1kt8ttube1g2istadc4xotonhqf1gp] C:\DOCUME~1\Owner\LOCALS~1\Temp\j3b0rvje.exe

O4 - HKCU\..\Run: [djllfosnwl9txqjx] C:\DOCUME~1\Owner\LOCALS~1\Temp\ffs70l089scjc.exe

O4 - HKCU\..\Run: [q3ypqxn3x3erj9bzhx72fnn3yj7e5b1cxxc4sry] C:\DOCUME~1\Owner\LOCALS~1\Temp\b0bq8wq.exe

O4 - HKCU\..\Run: [fb17gzfkxchbmvgmel4x9umfie86vkwao5rla032h2] C:\DOCUME~1\Owner\LOCALS~1\Temp\jzspcsnsi3.exe

O4 - HKCU\..\Run: [benlq4emlzrkwbag2gypjb93az62] C:\DOCUME~1\Owner\LOCALS~1\Temp\xgislhi5qxvu.exe

O4 - HKCU\..\Run: [rzy4oeejvkoie9id] C:\DOCUME~1\Owner\LOCALS~1\Temp\qyzav4h4.exe

O4 - HKCU\..\Run: [ag0eqxlwrzlinp8vqshnacu8rqmj4] C:\DOCUME~1\Owner\LOCALS~1\Temp\efpdntch69.exe

O4 - HKCU\..\Run: [ycfwz37egeejoxqclbjfs8oa1mf20ta6vt9klmdh5] C:\DOCUME~1\Owner\LOCALS~1\Temp\q8ykfbjaqxm1.exe

O4 - HKCU\..\Run: [azfkxi9xyb7vfham8r9dqsdm3z55j] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpkgt9.exe

O4 - HKCU\..\Run: [fyc86gdd3zji9y56xqsmv9rnn3oeeqiwdk7twr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ti8eq0y2.exe

O4 - HKCU\..\Run: [xz1noqb87ex4wgqank0f350mrbyc] C:\DOCUME~1\Owner\LOCALS~1\Temp\x7kfkwbxqx.exe

O4 - HKCU\..\Run: [uji7okdhgq3b7hb3sdly1hgte] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3c6xsndp3.exe

O4 - HKCU\..\Run: [bpynr9d58pe0dtoisp3kdl24d9jgegm8497hoox3chts] C:\DOCUME~1\Owner\LOCALS~1\Temp\amrzpb40c90.exe

O4 - HKCU\..\Run: [hoi1bq267858ytr4uxc272zofx2p585] C:\DOCUME~1\Owner\LOCALS~1\Temp\z7a1iv8m19j3q.exe

O4 - HKCU\..\Run: [slxq1lrbm1hdsbwvy4kwu6cw96boep362xfh] C:\DOCUME~1\Owner\LOCALS~1\Temp\sdmjp0.exe

O4 - HKCU\..\Run: [ngwdkgv2v9kkb4g8p] C:\DOCUME~1\Owner\LOCALS~1\Temp\o3o5ris.exe

O4 - HKCU\..\Run: [p6k3brt5f8xl9m0] C:\DOCUME~1\Owner\LOCALS~1\Temp\ofc5bjglya.exe

O4 - HKCU\..\Run: [inthnot9y0is] C:\DOCUME~1\Owner\LOCALS~1\Temp\k0v7nk374acm.exe

O4 - HKCU\..\Run: [raav0srr92iahofcf08fzygc3dxi6j1d7dp64f9bow] C:\DOCUME~1\Owner\LOCALS~1\Temp\glv9g4.exe

O4 - HKCU\..\Run: [a9fioaoleelpeorp1kg] C:\DOCUME~1\Owner\LOCALS~1\Temp\sejqdvtx.exe

O4 - HKCU\..\Run: [vddz10cf53t1rh5ss1qqs] C:\DOCUME~1\Owner\LOCALS~1\Temp\lkvpk04zh.exe

O4 - HKCU\..\Run: [daj5pc6t6jvh3qulc8u74] C:\DOCUME~1\Owner\LOCALS~1\Temp\rz2s6fxj3m.exe

O4 - HKCU\..\Run: [nu0a0g4q56lgwxlk5u4fbi4h0fcyqaxc98lbnc45d3yo] C:\DOCUME~1\Owner\LOCALS~1\Temp\jv9tmkoamg.exe

O4 - HKCU\..\Run: [ynb3ohteij31cfpqfivntr0db5k6iu1f] C:\DOCUME~1\Owner\LOCALS~1\Temp\y4slhy.exe

O4 - HKCU\..\Run: [kcf14y15dlnwuiqvynheyami3e01uh02lpf103v8] C:\DOCUME~1\Owner\LOCALS~1\Temp\p6c22w0200hr.exe

O4 - HKCU\..\Run: [elc4r21quk8d3rxpby8umye4p0jgq5yzf2rkxt6enio21zo8dx] C:\DOCUME~1\Owner\LOCALS~1\Temp\iocktjz1.exe

O4 - HKCU\..\Run: [m6dsdj32imx1l8bujf964k7cedw82vkzuui8kb] C:\DOCUME~1\Owner\LOCALS~1\Temp\slqpytm.exe

O4 - HKCU\..\Run: [owjsq9b50w207yyfwx2u1cs5uqqwb0zo] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4984koq.exe

O4 - HKCU\..\Run: [yaoef3sevm0wztwjztheyps] C:\DOCUME~1\Owner\LOCALS~1\Temp\o69rauq2i.exe

O4 - HKCU\..\Run: [h4ry7yrvn3m53ttv0wqlqptfg76kzmh2k] C:\DOCUME~1\Owner\LOCALS~1\Temp\oixruvegp0tg.exe

O4 - HKCU\..\Run: [is22mvqiw2j24atfm] C:\DOCUME~1\Owner\LOCALS~1\Temp\ge4sa05q8umq.exe

O4 - HKCU\..\Run: [ddl1jj52jdy27foq7xv0agz2frrwtqawwyfciipqaoi329] C:\DOCUME~1\Owner\LOCALS~1\Temp\hastayuf9748.exe

O4 - HKCU\..\Run: [ddoxi6h102h5kkg5jbrrahdeo8q69sn6serprsfvq1yotw95] C:\DOCUME~1\Owner\LOCALS~1\Temp\scbcx8f8cpnz8.exe

O4 - HKCU\..\Run: [bosvf54rzzearfrc3woznnhyd36axe0s6fuxfsr5d50dovk] C:\DOCUME~1\Owner\LOCALS~1\Temp\k8zdwd6zv0zs9.exe

O4 - HKCU\..\Run: [czwtcnr0ydufhtj2n04qhalijfmxlhde1zx53s3f096bxl] C:\DOCUME~1\Owner\LOCALS~1\Temp\c46xc1xqeuslt.exe

O4 - HKCU\..\Run: [nu9b8dzgnffhz608pfmpd7i1k0hzsli5jof6iftrztsz6ysza] C:\DOCUME~1\Owner\LOCALS~1\Temp\zbixzk9kb13.exe

O4 - HKCU\..\Run: [fo4uxg55zy] C:\DOCUME~1\Owner\LOCALS~1\Temp\cqphlz24xuff.exe

O4 - HKCU\..\Run: [g7cl3ksj5zy454jjmx] C:\DOCUME~1\Owner\LOCALS~1\Temp\zldh50q.exe

O4 - HKCU\..\Run: [qamacj5cqvkzettu6gd] C:\DOCUME~1\Owner\LOCALS~1\Temp\j8w24uwgdp.exe

O4 - HKCU\..\Run: [z7vlnyl7smhw2bal5e6e8t51c6l2vc0n9i4zn84zs] C:\DOCUME~1\Owner\LOCALS~1\Temp\urflapon7s3.exe

O4 - HKCU\..\Run: [dbtdcdhrgck] C:\DOCUME~1\Owner\LOCALS~1\Temp\ygr3n0u43d4ag.exe

O4 - HKCU\..\Run: [mjbz72u1g7dg5zr6] C:\DOCUME~1\Owner\LOCALS~1\Temp\f5340w7.exe

O4 - HKCU\..\Run: [bvxzdxi3hk6hmmu1i0t7i96cqxz3ak41xbz5] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryrlena3u.exe

O4 - HKCU\..\Run: [da4lrpy5ozdjbh0pimkzdidhpuw4ngeelke] C:\DOCUME~1\Owner\LOCALS~1\Temp\e0hqzwsl8p3ok.exe

O4 - HKCU\..\Run: [a91ywwtuwf6cfz18v5y8qyaqi8rmj482sif6] C:\DOCUME~1\Owner\LOCALS~1\Temp\uihp9jr1z.exe

O4 - HKCU\..\Run: [tr8yvjuct4jvsmta2jlkgz2czscm5b] C:\DOCUME~1\Owner\LOCALS~1\Temp\i99f0nfp7.exe

O4 - HKCU\..\Run: [p3odhdsv6slgcsm0k0bibdlg421wg] C:\DOCUME~1\Owner\LOCALS~1\Temp\bwlx7sqrrp.exe

O4 - HKCU\..\Run: [ip1k3ad3i6knox] C:\DOCUME~1\Owner\LOCALS~1\Temp\zmd5o9.exe

O4 - HKCU\..\Run: [hgvhnvrwtuqmaljyn8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\hlu4s5t3w.exe

O4 - HKCU\..\Run: [db277de06wu51aj0o19vq] C:\DOCUME~1\Owner\LOCALS~1\Temp\nawrk0.exe

O4 - HKCU\..\Run: [e1yi1jypbbt5r] C:\DOCUME~1\Owner\LOCALS~1\Temp\s9w7odjtz.exe

O4 - HKCU\..\Run: [qr76txq5jr1onlutr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ka3bdzfy.exe

O4 - HKCU\..\Run: [m3h7alk9ho0bwkr9w0] C:\DOCUME~1\Owner\LOCALS~1\Temp\c6acc46p.exe

O4 - HKCU\..\Run: [dy2h3isxq23mr] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtmuj9hrl.exe

O4 - HKCU\..\Run: [pjdp3t7po4s2odhth] C:\DOCUME~1\Owner\LOCALS~1\Temp\gvmd6jjksm.exe

O4 - HKCU\..\Run: [rvapfrr5ru2sk118les0rjnndx18kpqj57] C:\DOCUME~1\Owner\LOCALS~1\Temp\ziycw5umrkh.exe

O4 - HKCU\..\Run: [of2l9ryldmfb4oq3g9t9yfesrusb4gto9uowhf] C:\DOCUME~1\Owner\LOCALS~1\Temp\g7ad9k7heqoc3.exe

O4 - HKCU\..\Run: [su59f82jhy5ctp8puo36phywuh2] C:\DOCUME~1\Owner\LOCALS~1\Temp\y80yy6mmxknz.exe

O4 - HKCU\..\Run: [m80rl22powjn57nurju] C:\DOCUME~1\Owner\LOCALS~1\Temp\bn71klf6jwzj8.exe

O4 - HKCU\..\Run: [m2p83cq68a20] C:\DOCUME~1\Owner\LOCALS~1\Temp\fcjjxhs.exe

O4 - HKCU\..\Run: [yqah7gedk9kvo] C:\DOCUME~1\Owner\LOCALS~1\Temp\ex2lq1w6c.exe

O4 - HKCU\..\Run: [hjh0lwq3p9pw0e0zqwkmcderf2zaqwk77t1gy9vktbgav4w4mb] C:\DOCUME~1\Owner\LOCALS~1\Temp\bxla27waab.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A25B1D89-4DD8-464A-8CE0-ECDCBFD07200}: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS



--

End of file - 27749 bytes

[crunchie]

Did you look for TDSS as requested?

Why does your hijackthis have spaces in between each entry?

MBA-M can be run in safe mode.

Your pc looks like it has been completely taken over. Do not be surprised if we cannot clean it up and you end up reformatting.

==

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

==

Please re-run hijackthis again, select Do a system scan and save a logfile. When notepad opens, go to the Format Tab and de-select Word Wrap.
Highlight the entire text and post the log back here.

[lunacat]

Part 3:

C:\DOCUME~1\Owner\LOCALS~1\Temp\o81wawg02if4l.exe

O4 - HKCU\..\Run: [zo5tv0j5iw73gmus4bgwksoce0wu8s1p8xt9hurbvoi9tdyr] C:\DOCUME~1\Owner\LOCALS~1\Temp\sxdxnst.exe

O4 - HKCU\..\Run: [y2jkfw24p62rns7e3qmi54yvaonun70vas77rl9qi] C:\DOCUME~1\Owner\LOCALS~1\Temp\c1fz53zty6.exe

O4 - HKCU\..\Run: [s3byyptq1mkqer5345t9zawlyeggz24mj] C:\DOCUME~1\Owner\LOCALS~1\Temp\odkgjulx2i2y.exe

O4 - HKCU\..\Run: [ri2w4s477jtsqvlo8y] C:\DOCUME~1\Owner\LOCALS~1\Temp\ko8y6y82fc.exe

O4 - HKCU\..\Run: [ts06ll5yxs97p482he49q8uaj2dci] C:\DOCUME~1\Owner\LOCALS~1\Temp\rwy6nkz5.exe

O4 - HKCU\..\Run: [yvez4yuaw4993fmf] C:\DOCUME~1\Owner\LOCALS~1\Temp\tvi7vpj2.exe

O4 - HKCU\..\Run: [vvztg88k886cp6zr2vho3cpg12] C:\DOCUME~1\Owner\LOCALS~1\Temp\sg15yvf3yk.exe

O4 - HKCU\..\Run: [l8widd8ow1w3x3mhdw2xf5vj4zoj44n56wcw20g19t5hxs] C:\DOCUME~1\Owner\LOCALS~1\Temp\aupoon.exe

O4 - HKCU\..\Run: [urqb6xpc75u0fqvgac7ntg238wwda87bivkaj] C:\DOCUME~1\Owner\LOCALS~1\Temp\sqw8ns.exe

O4 - HKCU\..\Run: [up2nmv37q4jr] C:\DOCUME~1\Owner\LOCALS~1\Temp\hj1p12io.exe

O4 - HKCU\..\Run: [go82hy46uk95i5r7o] C:\DOCUME~1\Owner\LOCALS~1\Temp\wawqk8xclqf.exe

O4 - HKCU\..\Run: [i9jhe68max] C:\DOCUME~1\Owner\LOCALS~1\Temp\px88ru8e5emz.exe

O4 - HKCU\..\Run: [bhl7tqtjzzw3fhfzzce43hj0mwo1mgt4i] C:\DOCUME~1\Owner\LOCALS~1\Temp\rgyupt9.exe

O4 - HKCU\..\Run: [qjz939qhg26t2] C:\DOCUME~1\Owner\LOCALS~1\Temp\goavpz386e.exe

O4 - HKCU\..\Run: [ino7oolzf64ub8chxc3c2edf69fsonm3bo6x28z3wkyacmfim] C:\DOCUME~1\Owner\LOCALS~1\Temp\alrbnlflrfsk.exe

O4 - HKCU\..\Run: [g67n57z2bjfohfil] C:\DOCUME~1\Owner\LOCALS~1\Temp\nd5w2vg3tkx6.exe

O4 - HKCU\..\Run: [p8nmgftspsz6c4ldytdeyh9hir] C:\DOCUME~1\Owner\LOCALS~1\Temp\c4hxl1v.exe

O4 - HKCU\..\Run: [g1ju5r45c5c40cco0qqyhyimems26d3] C:\DOCUME~1\Owner\LOCALS~1\Temp\hkhwpxsx7r.exe

O4 - HKCU\..\Run: [loopig1v7kq1ofjrrv4imqt21sozn3333p0h67q15pujja4] C:\DOCUME~1\Owner\LOCALS~1\Temp\kiogbclht3k.exe

O4 - HKCU\..\Run: [huhmu0w3jd5k] C:\DOCUME~1\Owner\LOCALS~1\Temp\y1ozymnawl3r.exe

O4 - HKCU\..\Run: [y32d8ezru4hmxa45k7of2j4] C:\DOCUME~1\Owner\LOCALS~1\Temp\jd22ac63b.exe

O4 - HKCU\..\Run: [krzbmyl4mvzwjv3cohy3qyttumqnfjryrx4tvpa1o] C:\DOCUME~1\Owner\LOCALS~1\Temp\yg2mdj9.exe

O4 - HKCU\..\Run: [hn9h5m2mb1yb4rj] C:\DOCUME~1\Owner\LOCALS~1\Temp\rmelk5kq.exe

O4 - HKCU\..\Run: [pe2z1kt8ttube1g2istadc4xotonhqf1gp] C:\DOCUME~1\Owner\LOCALS~1\Temp\j3b0rvje.exe

O4 - HKCU\..\Run: [djllfosnwl9txqjx] C:\DOCUME~1\Owner\LOCALS~1\Temp\ffs70l089scjc.exe

O4 - HKCU\..\Run: [q3ypqxn3x3erj9bzhx72fnn3yj7e5b1cxxc4sry] C:\DOCUME~1\Owner\LOCALS~1\Temp\b0bq8wq.exe

O4 - HKCU\..\Run: [fb17gzfkxchbmvgmel4x9umfie86vkwao5rla032h2] C:\DOCUME~1\Owner\LOCALS~1\Temp\jzspcsnsi3.exe

O4 - HKCU\..\Run: [benlq4emlzrkwbag2gypjb93az62] C:\DOCUME~1\Owner\LOCALS~1\Temp\xgislhi5qxvu.exe

O4 - HKCU\..\Run: [rzy4oeejvkoie9id] C:\DOCUME~1\Owner\LOCALS~1\Temp\qyzav4h4.exe

O4 - HKCU\..\Run: [ag0eqxlwrzlinp8vqshnacu8rqmj4] C:\DOCUME~1\Owner\LOCALS~1\Temp\efpdntch69.exe

O4 - HKCU\..\Run: [ycfwz37egeejoxqclbjfs8oa1mf20ta6vt9klmdh5] C:\DOCUME~1\Owner\LOCALS~1\Temp\q8ykfbjaqxm1.exe

O4 - HKCU\..\Run: [azfkxi9xyb7vfham8r9dqsdm3z55j] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpkgt9.exe

O4 - HKCU\..\Run: [fyc86gdd3zji9y56xqsmv9rnn3oeeqiwdk7twr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ti8eq0y2.exe

O4 - HKCU\..\Run: [xz1noqb87ex4wgqank0f350mrbyc] C:\DOCUME~1\Owner\LOCALS~1\Temp\x7kfkwbxqx.exe

O4 - HKCU\..\Run: [uji7okdhgq3b7hb3sdly1hgte] C:\DOCUME~1\Owner\LOCALS~1\Temp\p3c6xsndp3.exe

O4 - HKCU\..\Run: [bpynr9d58pe0dtoisp3kdl24d9jgegm8497hoox3chts] C:\DOCUME~1\Owner\LOCALS~1\Temp\amrzpb40c90.exe

O4 - HKCU\..\Run: [hoi1bq267858ytr4uxc272zofx2p585] C:\DOCUME~1\Owner\LOCALS~1\Temp\z7a1iv8m19j3q.exe

O4 - HKCU\..\Run: [slxq1lrbm1hdsbwvy4kwu6cw96boep362xfh] C:\DOCUME~1\Owner\LOCALS~1\Temp\sdmjp0.exe

O4 - HKCU\..\Run: [ngwdkgv2v9kkb4g8p] C:\DOCUME~1\Owner\LOCALS~1\Temp\o3o5ris.exe

O4 - HKCU\..\Run: [p6k3brt5f8xl9m0] C:\DOCUME~1\Owner\LOCALS~1\Temp\ofc5bjglya.exe

O4 - HKCU\..\Run: [inthnot9y0is] C:\DOCUME~1\Owner\LOCALS~1\Temp\k0v7nk374acm.exe

O4 - HKCU\..\Run: [raav0srr92iahofcf08fzygc3dxi6j1d7dp64f9bow] C:\DOCUME~1\Owner\LOCALS~1\Temp\glv9g4.exe

O4 - HKCU\..\Run: [a9fioaoleelpeorp1kg] C:\DOCUME~1\Owner\LOCALS~1\Temp\sejqdvtx.exe

O4 - HKCU\..\Run: [vddz10cf53t1rh5ss1qqs] C:\DOCUME~1\Owner\LOCALS~1\Temp\lkvpk04zh.exe

O4 - HKCU\..\Run: [daj5pc6t6jvh3qulc8u74] C:\DOCUME~1\Owner\LOCALS~1\Temp\rz2s6fxj3m.exe

O4 - HKCU\..\Run: [nu0a0g4q56lgwxlk5u4fbi4h0fcyqaxc98lbnc45d3yo] C:\DOCUME~1\Owner\LOCALS~1\Temp\jv9tmkoamg.exe

O4 - HKCU\..\Run: [ynb3ohteij31cfpqfivntr0db5k6iu1f] C:\DOCUME~1\Owner\LOCALS~1\Temp\y4slhy.exe

O4 - HKCU\..\Run: [kcf14y15dlnwuiqvynheyami3e01uh02lpf103v8] C:\DOCUME~1\Owner\LOCALS~1\Temp\p6c22w0200hr.exe

O4 - HKCU\..\Run: [elc4r21quk8d3rxpby8umye4p0jgq5yzf2rkxt6enio21zo8dx] C:\DOCUME~1\Owner\LOCALS~1\Temp\iocktjz1.exe

O4 - HKCU\..\Run: [m6dsdj32imx1l8bujf964k7cedw82vkzuui8kb] C:\DOCUME~1\Owner\LOCALS~1\Temp\slqpytm.exe

O4 - HKCU\..\Run: [owjsq9b50w207yyfwx2u1cs5uqqwb0zo] C:\DOCUME~1\Owner\LOCALS~1\Temp\d4984koq.exe

O4 - HKCU\..\Run: [yaoef3sevm0wztwjztheyps] C:\DOCUME~1\Owner\LOCALS~1\Temp\o69rauq2i.exe

O4 - HKCU\..\Run: [h4ry7yrvn3m53ttv0wqlqptfg76kzmh2k] C:\DOCUME~1\Owner\LOCALS~1\Temp\oixruvegp0tg.exe

O4 - HKCU\..\Run: [is22mvqiw2j24atfm] C:\DOCUME~1\Owner\LOCALS~1\Temp\ge4sa05q8umq.exe

O4 - HKCU\..\Run: [ddl1jj52jdy27foq7xv0agz2frrwtqawwyfciipqaoi329] C:\DOCUME~1\Owner\LOCALS~1\Temp\hastayuf9748.exe

O4 - HKCU\..\Run: [ddoxi6h102h5kkg5jbrrahdeo8q69sn6serprsfvq1yotw95] C:\DOCUME~1\Owner\LOCALS~1\Temp\scbcx8f8cpnz8.exe

O4 - HKCU\..\Run: [bosvf54rzzearfrc3woznnhyd36axe0s6fuxfsr5d50dovk] C:\DOCUME~1\Owner\LOCALS~1\Temp\k8zdwd6zv0zs9.exe

O4 - HKCU\..\Run: [czwtcnr0ydufhtj2n04qhalijfmxlhde1zx53s3f096bxl] C:\DOCUME~1\Owner\LOCALS~1\Temp\c46xc1xqeuslt.exe

O4 - HKCU\..\Run: [nu9b8dzgnffhz608pfmpd7i1k0hzsli5jof6iftrztsz6ysza] C:\DOCUME~1\Owner\LOCALS~1\Temp\zbixzk9kb13.exe

O4 - HKCU\..\Run: [fo4uxg55zy] C:\DOCUME~1\Owner\LOCALS~1\Temp\cqphlz24xuff.exe

O4 - HKCU\..\Run: [g7cl3ksj5zy454jjmx] C:\DOCUME~1\Owner\LOCALS~1\Temp\zldh50q.exe

O4 - HKCU\..\Run: [qamacj5cqvkzettu6gd] C:\DOCUME~1\Owner\LOCALS~1\Temp\j8w24uwgdp.exe

O4 - HKCU\..\Run: [z7vlnyl7smhw2bal5e6e8t51c6l2vc0n9i4zn84zs] C:\DOCUME~1\Owner\LOCALS~1\Temp\urflapon7s3.exe

O4 - HKCU\..\Run: [dbtdcdhrgck] C:\DOCUME~1\Owner\LOCALS~1\Temp\ygr3n0u43d4ag.exe

O4 - HKCU\..\Run: [mjbz72u1g7dg5zr6] C:\DOCUME~1\Owner\LOCALS~1\Temp\f5340w7.exe

O4 - HKCU\..\Run: [bvxzdxi3hk6hmmu1i0t7i96cqxz3ak41xbz5] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryrlena3u.exe

O4 - HKCU\..\Run: [da4lrpy5ozdjbh0pimkzdidhpuw4ngeelke] C:\DOCUME~1\Owner\LOCALS~1\Temp\e0hqzwsl8p3ok.exe

O4 - HKCU\..\Run: [a91ywwtuwf6cfz18v5y8qyaqi8rmj482sif6] C:\DOCUME~1\Owner\LOCALS~1\Temp\uihp9jr1z.exe

O4 - HKCU\..\Run: [tr8yvjuct4jvsmta2jlkgz2czscm5b] C:\DOCUME~1\Owner\LOCALS~1\Temp\i99f0nfp7.exe

O4 - HKCU\..\Run: [p3odhdsv6slgcsm0k0bibdlg421wg] C:\DOCUME~1\Owner\LOCALS~1\Temp\bwlx7sqrrp.exe

O4 - HKCU\..\Run: [ip1k3ad3i6knox] C:\DOCUME~1\Owner\LOCALS~1\Temp\zmd5o9.exe

O4 - HKCU\..\Run: [hgvhnvrwtuqmaljyn8d] C:\DOCUME~1\Owner\LOCALS~1\Temp\hlu4s5t3w.exe

O4 - HKCU\..\Run: [db277de06wu51aj0o19vq] C:\DOCUME~1\Owner\LOCALS~1\Temp\nawrk0.exe

O4 - HKCU\..\Run: [e1yi1jypbbt5r] C:\DOCUME~1\Owner\LOCALS~1\Temp\s9w7odjtz.exe

O4 - HKCU\..\Run: [qr76txq5jr1onlutr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ka3bdzfy.exe

O4 - HKCU\..\Run: [m3h7alk9ho0bwkr9w0] C:\DOCUME~1\Owner\LOCALS~1\Temp\c6acc46p.exe

O4 - HKCU\..\Run: [dy2h3isxq23mr] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtmuj9hrl.exe

O4 - HKCU\..\Run: [pjdp3t7po4s2odhth] C:\DOCUME~1\Owner\LOCALS~1\Temp\gvmd6jjksm.exe

O4 - HKCU\..\Run: [rvapfrr5ru2sk118les0rjnndx18kpqj57] C:\DOCUME~1\Owner\LOCALS~1\Temp\ziycw5umrkh.exe

O4 - HKCU\..\Run: [of2l9ryldmfb4oq3g9t9yfesrusb4gto9uowhf] C:\DOCUME~1\Owner\LOCALS~1\Temp\g7ad9k7heqoc3.exe

O4 - HKCU\..\Run: [su59f82jhy5ctp8puo36phywuh2] C:\DOCUME~1\Owner\LOCALS~1\Temp\y80yy6mmxknz.exe

O4 - HKCU\..\Run: [m80rl22powjn57nurju] C:\DOCUME~1\Owner\LOCALS~1\Temp\bn71klf6jwzj8.exe

O4 - HKCU\..\Run: [m2p83cq68a20] C:\DOCUME~1\Owner\LOCALS~1\Temp\fcjjxhs.exe

O4 - HKCU\..\Run: [yqah7gedk9kvo] C:\DOCUME~1\Owner\LOCALS~1\Temp\ex2lq1w6c.exe

O4 - HKCU\..\Run: [hjh0lwq3p9pw0e0zqwkmcderf2zaqwk77t1gy9vktbgav4w4mb] C:\DOCUME~1\Owner\LOCALS~1\Temp\bxla27waab.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A25B1D89-4DD8-464A-8CE0-ECDCBFD07200}: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS



--

End of file - 27749 bytes

[lunacat]

I checked and I don't have any TDSSserv.

I don't know why there are spaces when I post, but on the log there's no spaces. Here is my current hijackthis file:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:35:04 PM, on 2/23/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ThreatFire\TFTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\BigFix\BigFix.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Nexon\Mabinogi\npkcmsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\svchost.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://firefox.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS



--

End of file - 5140 bytes

[crunchie]

Quote:

Originally Posted by crunchie

MBA-M can be run in safe mode.

Did you try and run it?

==

Quote:

Originally Posted by crunchie

Please re-run hijackthis again, select Do a system scan and save a logfile. When notepad opens, go to the Format Tab and de-select Word Wrap.
Highlight the entire text and post the log back here.

Did you try this? It should fix the formatting.