Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I was referred here from "Am I infected?"/ Friend's computer


  • This topic is locked This topic is locked
23 replies to this topic

#1 bomber1712

bomber1712

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:08:44 AM

Posted 05 March 2009 - 10:09 PM

My previous attempts are logged in this post:

http://www.bleepingcomputer.com/forums/t/208211/cant-run-any-malware-ativirus-spybot-hjt-nothin/

Well, here I am after trying many, many things in the "Am I infected". BIG THANKS to boopme for all of the asistance!

We ran MBAM several times, ATF Cleaner, Super Antispyware, SDFix, and Smitfraudfix. I have scanned with AVG and Spybot.

My IE is still being hijacked and there are no graphics on the pages that load. AOL will not load, or if it does, it stops responding. Logs follow and DDS Attach.txt is attached.

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:22, on 3/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\PROGRA~1\AMERIC~1.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152155422\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [x56ehsrw44qb3] C:\DOCUME~1\Owner\LOCALS~1\Temp\k8eja1ki64u.exe
O4 - HKCU\..\Run: [xex6ph01jh0zps9drev20lwkzw] C:\DOCUME~1\Owner\LOCALS~1\Temp\xaj8y9x.exe
O4 - HKCU\..\Run: [b4jtlmpdj7ldiudbkd16xml3s84jfyq7jvy] C:\DOCUME~1\Owner\LOCALS~1\Temp\blq3i6h.exe
O4 - HKCU\..\Run: [nwnsfkn08a64] C:\DOCUME~1\Owner\LOCALS~1\Temp\xx091mgvf9hhl.exe
O4 - HKCU\..\Run: [wb4ehxa8rpiqv1gs0g7eky] C:\DOCUME~1\Owner\LOCALS~1\Temp\jpi2y42q.exe
O4 - HKCU\..\Run: [wswviqd2u] C:\DOCUME~1\Owner\LOCALS~1\Temp\vrawnxgm6h.exe
O4 - HKCU\..\Run: [uzhb8cm4h] C:\DOCUME~1\Owner\LOCALS~1\Temp\tiwa2p.exe
O4 - HKCU\..\Run: [b9lp4p99glwl7k7epyxfi349fx0joscm47] C:\DOCUME~1\Owner\LOCALS~1\Temp\r3h1zt.exe
O4 - HKCU\..\Run: [cktpdgb14qokx5c6j1hav1] C:\DOCUME~1\Owner\LOCALS~1\Temp\yxrielxt9aa1t.exe
O4 - HKCU\..\Run: [cjgxb74088xtla2x284omu6mu09sfvtej4] C:\DOCUME~1\Owner\LOCALS~1\Temp\vijvq5de.exe
O4 - HKCU\..\Run: [isqpvt6mcx23mvcfzmufczhtgq0mby] C:\DOCUME~1\Owner\LOCALS~1\Temp\yldftie.exe
O4 - HKCU\..\Run: [bzzypjgx14fzr845eofsyl] C:\DOCUME~1\Owner\LOCALS~1\Temp\v659o2ua48.exe
O4 - HKCU\..\Run: [ujmprpeg6qillqbrnfwnu] C:\DOCUME~1\Owner\LOCALS~1\Temp\o68ad3ttk7h.exe
O4 - HKCU\..\Run: [ovdft5tjlf9uvtc8dus9ym8bttj2p] C:\DOCUME~1\Owner\LOCALS~1\Temp\zhv6ufntisvh.exe
O4 - HKCU\..\Run: [qia4zzdlx28f8arhsv7lboeq093w820j] C:\DOCUME~1\Owner\LOCALS~1\Temp\da95jbxb3gn.exe
O4 - HKCU\..\Run: [mey257g8ekxmii0gmb0vzrn1jzzmic5qahaz3d6b2su7] C:\DOCUME~1\Owner\LOCALS~1\Temp\w6p0iihkzqp6.exe
O4 - HKCU\..\Run: [hs2i639vnctdmxanoxj6pcku4p1000vtqvuxvd56zeoy] C:\DOCUME~1\Owner\LOCALS~1\Temp\yz1m6tdb2h30.exe
O4 - HKCU\..\Run: [yw2cx46zo7kxx8] C:\DOCUME~1\Owner\LOCALS~1\Temp\rv0y5hx1y85qf.exe
O4 - HKCU\..\Run: [y8a1lx2b75v2ff6vw] C:\DOCUME~1\Owner\LOCALS~1\Temp\qmwq5t.exe
O4 - HKCU\..\Run: [nqr1qurqlmzb3s8h2vxos5mp8kj9f19rgisu0xkm] C:\DOCUME~1\Owner\LOCALS~1\Temp\rmo1oci.exe
O4 - HKCU\..\Run: [px8zul3rl7meo] C:\DOCUME~1\Owner\LOCALS~1\Temp\fj6s3ek.exe
O4 - HKCU\..\Run: [dyfnw2a1fjacs9rkzx4ymxg9tuiz60] C:\DOCUME~1\Owner\LOCALS~1\Temp\g2y3mgwp.exe
O4 - HKCU\..\Run: [fhcp790ptsk9jzdyz10jost] C:\DOCUME~1\Owner\LOCALS~1\Temp\snoap1ry.exe
O4 - HKCU\..\Run: [gdpqleez3vbclaeh4nwf0s8zgokj12d4] C:\DOCUME~1\Owner\LOCALS~1\Temp\mt9kfpei3d.exe
O4 - HKCU\..\Run: [gkhadsn2b9ebbrgh7huipx1dms] C:\DOCUME~1\Owner\LOCALS~1\Temp\xzuu7r5.exe
O4 - HKCU\..\Run: [ojdhgv36up1l1j8lfa4ci345ljtls4] C:\DOCUME~1\Owner\LOCALS~1\Temp\pqpeqxkf08.exe
O4 - HKCU\..\Run: [l2b876tqe54rvqgtbtxcjgrs5ba3ungeerxr83d2kohlwqzj] C:\DOCUME~1\Owner\LOCALS~1\Temp\e33zzkn0qwk0.exe
O4 - HKCU\..\Run: [llcpmunhofzd17d461sx] C:\DOCUME~1\Owner\LOCALS~1\Temp\hsc6kx9cv8p.exe
O4 - HKCU\..\Run: [pwvejc2o70fmh4u10aca79r5kx2q3pa1i0ilnc5dtxb1s] C:\DOCUME~1\Owner\LOCALS~1\Temp\aja1c5fj7.exe
O4 - HKCU\..\Run: [c26tkpq24hs293hr54k5d60k67k7stlz] C:\DOCUME~1\Owner\LOCALS~1\Temp\v6c5hqnryq2od.exe
O4 - HKCU\..\Run: [dv3wkfciiupgpj0ftgjsnfvkx6oe8x67mhndmax] C:\DOCUME~1\Owner\LOCALS~1\Temp\r1xuspk5n9vuj.exe
O4 - HKCU\..\Run: [ur1qgbdkm47yniwjvwtt] C:\DOCUME~1\Owner\LOCALS~1\Temp\cfldz0avx.exe
O4 - HKCU\..\Run: [vaf8wy60htm4u] C:\DOCUME~1\Owner\LOCALS~1\Temp\vvswv2.exe
O4 - HKCU\..\Run: [d7yd24lnad6jn5t] C:\DOCUME~1\Owner\LOCALS~1\Temp\cuzheef9qros.exe
O4 - HKCU\..\Run: [xfe8xvkxnal8q0b4aed5gl1kgw] C:\DOCUME~1\Owner\LOCALS~1\Temp\u2u1x3u.exe
O4 - HKCU\..\Run: [xov8ryvtpc420c] C:\DOCUME~1\Owner\LOCALS~1\Temp\wv5xscz.exe
O4 - HKCU\..\Run: [f6amby4udsypdy5000djxs] C:\DOCUME~1\Owner\LOCALS~1\Temp\or8rd95.exe
O4 - HKCU\..\Run: [m0mfcf95hqvof] C:\DOCUME~1\Owner\LOCALS~1\Temp\jnfstew.exe
O4 - HKCU\..\Run: [e7xqvgiiklz2mu0is5zsevnqnhlkz] C:\DOCUME~1\Owner\LOCALS~1\Temp\cfau9hc.exe
O4 - HKCU\..\Run: [hjf4zykhetexm885ll8r3kdadnd] C:\DOCUME~1\Owner\LOCALS~1\Temp\fz0h4dt.exe
O4 - HKCU\..\Run: [c7i4leajir7uu0f8x3lkxr30e57ob3gmkuhpq7jad] C:\DOCUME~1\Owner\LOCALS~1\Temp\nr5xl7v4ovpo.exe
O4 - HKCU\..\Run: [ap3byhw6avhfzz9r5ziwsdxwunlwohjwrn82] C:\DOCUME~1\Owner\LOCALS~1\Temp\n3tx58j.exe
O4 - HKCU\..\Run: [yp9n64ntzdgo9b99awwnylmk7p9ljf31d245qhmqb8] C:\DOCUME~1\Owner\LOCALS~1\Temp\mxed5t.exe
O4 - HKCU\..\Run: [x4htc563q7ap] C:\DOCUME~1\Owner\LOCALS~1\Temp\ssb9o1l2b.exe
O4 - HKCU\..\Run: [dqqql1xcoyvs1vztof] C:\DOCUME~1\Owner\LOCALS~1\Temp\m8s6mnxfwv5.exe
O4 - HKCU\..\Run: [zwz8fwd3xiwxt48edx33ha5otoaze0t] C:\DOCUME~1\Owner\LOCALS~1\Temp\xrsp9xz8zdoy.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [k0gxiqpwo7w55arjubtimjm] C:\DOCUME~1\Owner\LOCALS~1\Temp\m4vteyd.exe
O4 - HKCU\..\Run: [nob2vyfws8h8hllku] C:\DOCUME~1\Owner\LOCALS~1\Temp\bcqde4s6yo.exe
O4 - HKCU\..\Run: [z3efai9hlays5igqxhym] C:\DOCUME~1\Owner\LOCALS~1\Temp\sdunuo.exe
O4 - HKCU\..\Run: [rjejimvz29zde1s32vpx8z6q9ce8] C:\DOCUME~1\Owner\LOCALS~1\Temp\wed9hz6o14h.exe
O4 - HKCU\..\Run: [ucqywxbcq09w7t5pt7yt2bcf6rrcsp5waxi8r] C:\DOCUME~1\Owner\LOCALS~1\Temp\a88quhgczdig.exe
O4 - HKCU\..\Run: [t5vnsrsm8hksyqebb1kemqlz7if8yba4l1hr853h2nq0oc] C:\DOCUME~1\Owner\LOCALS~1\Temp\k03b9ryu11n2.exe
O4 - HKCU\..\Run: [xlc7imabk5wx2uuz79auzc9wjqcqbdum] C:\DOCUME~1\Owner\LOCALS~1\Temp\z3mvcy1fhj.exe
O4 - HKCU\..\Run: [eqwtfbnf40jklqrzutedk93n81ny48] C:\DOCUME~1\Owner\LOCALS~1\Temp\citfyddz3vm.exe
O4 - HKCU\..\Run: [ssdgeuj69hm2hl] C:\DOCUME~1\Owner\LOCALS~1\Temp\og0gll4h77ny.exe
O4 - HKCU\..\Run: [o4f24gb19pubf] C:\DOCUME~1\Owner\LOCALS~1\Temp\nj1rcesvxm2.exe
O4 - HKCU\..\Run: [up4lnrnxvi38nz5r6mv2tgjmwwgl] C:\DOCUME~1\Owner\LOCALS~1\Temp\xnkcbp.exe
O4 - HKCU\..\Run: [ahs080bp292dncdyc5olun] C:\DOCUME~1\Owner\LOCALS~1\Temp\u9agu5f.exe
O4 - HKCU\..\Run: [a5428at4t420ihrwx53hefjsb1ad2iz8bn4e] C:\DOCUME~1\Owner\LOCALS~1\Temp\xj5j0lwg8ni.exe
O4 - HKCU\..\Run: [fskrl6pe80smq33aeu3nzcqxlne] C:\DOCUME~1\Owner\LOCALS~1\Temp\lq02muac4.exe
O4 - HKCU\..\Run: [tcewaylxe9ome56581al7] C:\DOCUME~1\Owner\LOCALS~1\Temp\l5e61rfqxh0c.exe
O4 - HKCU\..\Run: [e8sgtbjd87e65kwtdwffj45yfos44m] C:\DOCUME~1\Owner\LOCALS~1\Temp\hll8et79e.exe
O4 - HKCU\..\Run: [p6knaoqek3x0f25gzhnr5wi97coeysxqu] C:\DOCUME~1\Owner\LOCALS~1\Temp\dsnuguz9zb.exe
O4 - HKCU\..\Run: [n9njq78bc9t8tmgq3bctwsyasnx1rf] C:\DOCUME~1\Owner\LOCALS~1\Temp\o6bd6m.exe
O4 - HKCU\..\Run: [pzeatmnz5f] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtdy5gvei.exe
O4 - HKCU\..\Run: [axtuxc7imozkn9kx41x] C:\DOCUME~1\Owner\LOCALS~1\Temp\jm81h6.exe
O4 - HKCU\..\Run: [rezi4bqdbk1nomby7lb2vyn42rue] C:\DOCUME~1\Owner\LOCALS~1\Temp\rq101i.exe
O4 - HKCU\..\Run: [crsz8omn5k1ykda4g1hz3vgj3] C:\DOCUME~1\Owner\LOCALS~1\Temp\po0pdlupf.exe
O4 - HKCU\..\Run: [wx25jom0nh4cm73rwy0hdjkszbz9v] C:\DOCUME~1\Owner\LOCALS~1\Temp\mvrz3wl.exe
O4 - HKCU\..\Run: [azbsfz06ltuv9c8d0qnn202zhdb3be] C:\DOCUME~1\Owner\LOCALS~1\Temp\pkt3ervvbwnw.exe
O4 - HKCU\..\Run: [uup69cvgacirqda76828ct6b76m] C:\DOCUME~1\Owner\LOCALS~1\Temp\w20ox387rr.exe
O4 - HKCU\..\Run: [v2oncw7wbxkif65eb6uhvb9fmjrur1ha21q4w0igorkfyj0q0] C:\DOCUME~1\Owner\LOCALS~1\Temp\d179gy2j.exe
O4 - HKCU\..\Run: [bx7kx25ynpn0z949rmkii0vb2v3rmzownsdrfou27hu0y4ji2h] C:\DOCUME~1\Owner\LOCALS~1\Temp\hq2rtufed9.exe
O4 - HKCU\..\Run: [a6fi3zg3ogrxb] C:\DOCUME~1\Owner\LOCALS~1\Temp\k0xuia.exe
O4 - HKCU\..\Run: [iwnuwtfkyrwti] C:\DOCUME~1\Owner\LOCALS~1\Temp\gx4wvcoxj9f.exe
O4 - HKCU\..\Run: [sbo2phcuzchfcb3b6kok] C:\DOCUME~1\Owner\LOCALS~1\Temp\vj4xyjaig.exe
O4 - HKCU\..\Run: [nsonj29ztk48wlnld] C:\DOCUME~1\Owner\LOCALS~1\Temp\xyksu3.exe
O4 - HKCU\..\Run: [wem5tzdpmsso02oliyl] C:\DOCUME~1\Owner\LOCALS~1\Temp\jmd3gpa9ol.exe
O4 - HKCU\..\Run: [rlioaohg8fxf8ihvefmf4ei] C:\DOCUME~1\Owner\LOCALS~1\Temp\b8v10emi9vs1.exe
O4 - HKCU\..\Run: [lpu9hxiqf5r5pnt86fzoqgn9k2dw03zxlsdy5t] C:\DOCUME~1\Owner\LOCALS~1\Temp\cncz7uiw3v.exe
O4 - HKCU\..\Run: [he6o1qzwvjqeayywbs] C:\DOCUME~1\Owner\LOCALS~1\Temp\okmc6ozmv.exe
O4 - HKCU\..\Run: [okthkl7kzemrt] C:\DOCUME~1\Owner\LOCALS~1\Temp\vn5qm9z5j6l56.exe
O4 - HKCU\..\Run: [x1fidx1cdhxa4ssh47] C:\DOCUME~1\Owner\LOCALS~1\Temp\cmvb5lchzi1.exe
O4 - HKCU\..\Run: [npdigriux0rfpffijpyq6dlvgrnfil91azwsk9rzi] C:\DOCUME~1\Owner\LOCALS~1\Temp\c8yvsxd.exe
O4 - HKCU\..\Run: [po7drk3c2tmsvagse4rtugwzy8atgo5t1g] C:\DOCUME~1\Owner\LOCALS~1\Temp\opycmn.exe
O4 - HKCU\..\Run: [vikme86r9s6drd5ughjl8b6mwj3iggyj0m4] C:\DOCUME~1\Owner\LOCALS~1\Temp\klp7uucz8.exe
O4 - HKCU\..\Run: [qpj5qx2cctjnsz88q38vo79e2dzya4] C:\DOCUME~1\Owner\LOCALS~1\Temp\ppinepl8p.exe
O4 - HKCU\..\Run: [q7uzha13grs14wylysl] C:\DOCUME~1\Owner\LOCALS~1\Temp\mvxgddnar0q4d.exe
O4 - HKCU\..\Run: [q5gx7x8s5tiindxsr27436i8gc7d0i5yv0atqwdird1kd] C:\DOCUME~1\Owner\LOCALS~1\Temp\vhui7ggk.exe
O4 - HKCU\..\Run: [er3i359chj0x00vo8nr4xhvnumc8nxiihkn1gpc1tr385lc] C:\DOCUME~1\Owner\LOCALS~1\Temp\kupmg3jm7g.exe
O4 - HKCU\..\Run: [lrc6dlphl8j1cyjiofay53bi1cu] C:\DOCUME~1\Owner\LOCALS~1\Temp\n9f6lic6tsu.exe
O4 - HKCU\..\Run: [nnyfsbjrud] C:\DOCUME~1\Owner\LOCALS~1\Temp\yxy9h9jwwa0.exe
O4 - HKCU\..\Run: [hw37s6ey2tmpynupr] C:\DOCUME~1\Owner\LOCALS~1\Temp\mzhsnjlpzs0m.exe
O4 - HKCU\..\Run: [fy6rvcbjnzftpgwrhix0kezx76nhzovcxg6kv0q] C:\DOCUME~1\Owner\LOCALS~1\Temp\pj7fzw2n44zj.exe
O4 - HKCU\..\Run: [tc2q19xf9j04io3j] C:\DOCUME~1\Owner\LOCALS~1\Temp\e143h0r3ubi6s.exe
O4 - HKCU\..\Run: [j8myq4ur8n5fxa5uzqjjwf7n044eywzgsnpeqyji4g8ug9xkee] C:\DOCUME~1\Owner\LOCALS~1\Temp\w9g4h66r.exe
O4 - HKCU\..\Run: [aqv3e5oqgs609n1p5kpugnwtlcjsjk66er0h0p7kw87as] C:\DOCUME~1\Owner\LOCALS~1\Temp\ivzokd.exe
O4 - HKCU\..\Run: [jt3u0pa333jtmi82fwagqtn9xru9tejtizsh69eshugfebxlk1] C:\DOCUME~1\Owner\LOCALS~1\Temp\d11spy03ch.exe
O4 - HKCU\..\Run: [jhhxpj34zwe3bx1zz25eghubmqcbzxs6sb] C:\DOCUME~1\Owner\LOCALS~1\Temp\esq7utz1.exe
O4 - HKCU\..\Run: [ecvr16gzygtdnip6xgq9g8yjf2xlzbf5oqocos32lgmaeh] C:\DOCUME~1\Owner\LOCALS~1\Temp\qq9d0pec.exe
O4 - HKCU\..\Run: [usaqlheejnnp33c2n21pbicyvrkrzsc5rmz56285qt] C:\DOCUME~1\Owner\LOCALS~1\Temp\e74u97lwyod.exe
O4 - HKCU\..\Run: [xxzf0o5gvo8k24l4sqwvn3x] C:\DOCUME~1\Owner\LOCALS~1\Temp\l6ufs2f8x.exe
O4 - HKCU\..\Run: [zauq2wvkdliwezzuw7] C:\DOCUME~1\Owner\LOCALS~1\Temp\h31y54.exe
O4 - HKCU\..\Run: [yatouyyjkosb1j99bb8mbs] C:\DOCUME~1\Owner\LOCALS~1\Temp\vig6mbss.exe
O4 - HKCU\..\Run: [qsoi0zvf9c8m2qrkdsz] C:\DOCUME~1\Owner\LOCALS~1\Temp\bqitx62t32vk6.exe
O4 - HKCU\..\Run: [cnpqmbdjlziad70w35e4f13yum4278hb7ruqb7fs] C:\DOCUME~1\Owner\LOCALS~1\Temp\ib8y6zk2je.exe
O4 - HKCU\..\Run: [udweyrimehxhmhkivcqcsk9c] C:\DOCUME~1\Owner\LOCALS~1\Temp\tdrhc9mvmwh.exe
O4 - HKCU\..\Run: [y91d9npjhma5os5iwrk6ldzj] C:\DOCUME~1\Owner\LOCALS~1\Temp\u4wf3q66n9cp.exe
O4 - HKCU\..\Run: [zxch7ko6ql72tzjt3bo3tq5nzscxkp4fbh8fl30fjggg2twgl] C:\DOCUME~1\Owner\LOCALS~1\Temp\m03zjvxx6koi.exe
O4 - HKCU\..\Run: [a2nl5hntg3lifpelavsjk3brjyow7dqsx] C:\DOCUME~1\Owner\LOCALS~1\Temp\ewr0ijoope0s.exe
O4 - HKCU\..\Run: [h1yi008hh9xjlmhc2ri4mf2p08c6bsea9vy42r] C:\DOCUME~1\Owner\LOCALS~1\Temp\l005rc6eo.exe
O4 - HKCU\..\Run: [pb3kqsi74al1uc5vsvqu6vu3z7rzrniukht3u9ldao2kj] C:\DOCUME~1\Owner\LOCALS~1\Temp\sye1bsks.exe
O4 - HKCU\..\Run: [br7n7o2noz11g7k428bkg75prxvmf8fo0l] C:\DOCUME~1\Owner\LOCALS~1\Temp\a30puj9.exe
O4 - HKCU\..\Run: [gf202zjpwlxet9asbq7tg66mdqo7hh4f1rv6uh] C:\DOCUME~1\Owner\LOCALS~1\Temp\okqsmp4ct.exe
O4 - HKCU\..\Run: [wmtl12rqmcwosmtzj565d97besf8n3h38nstbak] C:\DOCUME~1\Owner\LOCALS~1\Temp\wj78ql1ihlns.exe
O4 - HKCU\..\Run: [xrnpzz9dvbtlxc7r9pa2lmy] C:\DOCUME~1\Owner\LOCALS~1\Temp\ofes6qs90fzl.exe
O4 - HKCU\..\Run: [rff6twfaoivs8k] C:\DOCUME~1\Owner\LOCALS~1\Temp\csp26blb89r.exe
O4 - HKCU\..\Run: [rg4cchcxrji7w] C:\DOCUME~1\Owner\LOCALS~1\Temp\vf1kdgwdsgyv.exe
O4 - HKCU\..\Run: [ltc254dcw1uft79] C:\DOCUME~1\Owner\LOCALS~1\Temp\jrwnp6fno.exe
O4 - HKCU\..\Run: [pe97ys1g0w0cpv7mip5tydka4bg0avscwcmjt4wgey31i3a3] C:\DOCUME~1\Owner\LOCALS~1\Temp\q50cnfedgm.exe
O4 - HKCU\..\Run: [emkam7506l8lkhw2gj2j1v5audrh5] C:\DOCUME~1\Owner\LOCALS~1\Temp\gdprmhb.exe
O4 - HKCU\..\Run: [bhmejdwto1u3] C:\DOCUME~1\Owner\LOCALS~1\Temp\hnn5kz.exe
O4 - HKCU\..\Run: [qz0gz9aafx1] C:\DOCUME~1\Owner\LOCALS~1\Temp\ordacs18ghh.exe
O4 - HKCU\..\Run: [n8rrrbj84e04tu2c41gq2cr6u3s1sita234nn] C:\DOCUME~1\Owner\LOCALS~1\Temp\cyeapih.exe
O4 - HKCU\..\Run: [gefy7bvx0g356l3fof9vam72xcfvoynymzgkt6zpw41bdz] C:\DOCUME~1\Owner\LOCALS~1\Temp\k279qdq.exe
O4 - HKCU\..\Run: [oghyxc5cfs96ax4nuia6zpi7c0ndvd9] C:\DOCUME~1\Owner\LOCALS~1\Temp\cuew7tp23a.exe
O4 - HKCU\..\Run: [z2ne9rpzpb8wrfwxh0abl9cysearg3] C:\DOCUME~1\Owner\LOCALS~1\Temp\it16hmsv1br4t.exe
O4 - HKCU\..\Run: [hn500gay6adv9yg19c2st379fc44] C:\DOCUME~1\Owner\LOCALS~1\Temp\um6nvde.exe
O4 - HKCU\..\Run: [i25m94s4asamfjwmbsevbd23fjq66ts9f0bx20nvq] C:\DOCUME~1\Owner\LOCALS~1\Temp\j364p3.exe
O4 - HKCU\..\Run: [urchy197ioie16w01au37q7p4tuuzzz] C:\DOCUME~1\Owner\LOCALS~1\Temp\gbzsvvufk65.exe
O4 - HKCU\..\Run: [mqbk56s3zle2l80jh4injfopaki0] C:\DOCUME~1\Owner\LOCALS~1\Temp\m0kf6q4g.exe
O4 - HKCU\..\Run: [cu5eqzhaloopng6ae715bwngcnm34cbhckycwdqq8vz] C:\DOCUME~1\Owner\LOCALS~1\Temp\uiyt4mjm4xj8.exe
O4 - HKCU\..\Run: [ikm3pf5akk0u6f5dlgp5ll8j34koekclvuxaquistpu6b7cxd] C:\DOCUME~1\Owner\LOCALS~1\Temp\fbfh3t3w.exe
O4 - HKCU\..\Run: [wy2vz2jin61le68hn8] C:\DOCUME~1\Owner\LOCALS~1\Temp\bih35ucw8.exe
O4 - HKCU\..\Run: [te7g7rss0pywlfil5dl6t2oqfvw1sssv7] C:\DOCUME~1\Owner\LOCALS~1\Temp\vybg7t.exe
O4 - HKCU\..\Run: [na03e43ufyfmmekcz337wf8igbwr4d5avjztaruihjsiq1gar8] C:\DOCUME~1\Owner\LOCALS~1\Temp\hm4e5lkmpd8.exe
O4 - HKCU\..\Run: [t07v8wdek4kx5ko3keli5hx] C:\DOCUME~1\Owner\LOCALS~1\Temp\pjzcqd2.exe
O4 - HKCU\..\Run: [j4x92latsykpwqbdp5vv3o] C:\DOCUME~1\Owner\LOCALS~1\Temp\ryaod8c.exe
O4 - HKCU\..\Run: [a9ti94d0rg8yfxv18q54cx4i4mg7h6yavw0s30wbii8mk3] C:\DOCUME~1\Owner\LOCALS~1\Temp\udh8in5d.exe
O4 - HKCU\..\Run: [yytzh0fslb3ym7kfys8dycw5q3a] C:\DOCUME~1\Owner\LOCALS~1\Temp\vnm6q4poc.exe
O4 - HKCU\..\Run: [gwaot52j61cvl667lnkz27i4x] C:\DOCUME~1\Owner\LOCALS~1\Temp\j0xgqpiq.exe
O4 - HKCU\..\Run: [c838atdn4ybiu5347ufasrm1o5] C:\DOCUME~1\Owner\LOCALS~1\Temp\bw406u9h.exe
O4 - HKCU\..\Run: [ykw9ryor2va53nhkcktlzbqhwz5] C:\DOCUME~1\Owner\LOCALS~1\Temp\tsb15i08.exe
O4 - HKCU\..\Run: [nu4yzmrixvxtb7jozu0qd] C:\DOCUME~1\Owner\LOCALS~1\Temp\mf4jc4ba6.exe
O4 - HKCU\..\Run: [ol40sleombickuh2w2d0hbse43c7pnlolmhqcp4o9] C:\DOCUME~1\Owner\LOCALS~1\Temp\arimou.exe
O4 - HKCU\..\Run: [ghvxw419q0hnghrplk84ytfchdbv9x9x1mx596qnsx] C:\DOCUME~1\Owner\LOCALS~1\Temp\binkfbe.exe
O4 - HKCU\..\Run: [v2erb2bguaax6rtzfnkn0zrn058acimln3i3pinuy7nq5jx] C:\DOCUME~1\Owner\LOCALS~1\Temp\uoz2mgpx.exe
O4 - HKCU\..\Run: [gu9ontv7vrpgu713da2d4r1y3prk52va] C:\DOCUME~1\Owner\LOCALS~1\Temp\kfhesjar6b2.exe
O4 - HKCU\..\Run: [y1lo3flkf0y3bl5gnk88cemv1apeoztic1gmtaqtb] C:\DOCUME~1\Owner\LOCALS~1\Temp\l6mcj0u275gk.exe
O4 - HKCU\..\Run: [xklqwapuy5mshdf6lpiyacqqt1850ncpjp05fa3zr7mfkljz] C:\DOCUME~1\Owner\LOCALS~1\Temp\sachbtcsr.exe
O4 - HKCU\..\Run: [nljdjwiugruoru4e8pid56c2wt] C:\DOCUME~1\Owner\LOCALS~1\Temp\ngelgek0ihlt3.exe
O4 - HKCU\..\Run: [jnbiu5b7ztcx05foah] C:\DOCUME~1\Owner\LOCALS~1\Temp\r5q3tax.exe
O4 - HKCU\..\Run: [tep4shvmvlkc0kj8s19fc7n04] C:\DOCUME~1\Owner\LOCALS~1\Temp\cjxm0lnlfz8.exe
O4 - HKCU\..\Run: [tvwwvunak7gw1o] C:\DOCUME~1\Owner\LOCALS~1\Temp\nlx56vpeih8n.exe
O4 - HKCU\..\Run: [jtndbjyxfqt] C:\DOCUME~1\Owner\LOCALS~1\Temp\irz9bgg5.exe
O4 - HKCU\..\Run: [v26b16heoe05mnhiv9q4] C:\DOCUME~1\Owner\LOCALS~1\Temp\i1uthwxm6nju.exe
O4 - HKCU\..\Run: [fwrjt9jqdqe48hvf10ft5z5] C:\DOCUME~1\Owner\LOCALS~1\Temp\u66ayo7nh.exe
O4 - HKCU\..\Run: [cpf73ljoqlv27piyjpnigp] C:\DOCUME~1\Owner\LOCALS~1\Temp\a8psah.exe
O4 - HKCU\..\Run: [tni0s5rzew02gdx0gxio5khjfiv43xmncwbs] C:\DOCUME~1\Owner\LOCALS~1\Temp\gn7r69.exe
O4 - HKCU\..\Run: [yuwex35pus4d] C:\DOCUME~1\Owner\LOCALS~1\Temp\ssj8n1bihsi.exe
O4 - HKCU\..\Run: [fe9u34bgmg0vh12d81ivv8aajoq40l80q9pcpo] C:\DOCUME~1\Owner\LOCALS~1\Temp\y6kmt8jay.exe
O4 - HKCU\..\Run: [ypnb4zvtvw6k5lrgdynham6qddk7mju2bj851w5ktdkqr] C:\DOCUME~1\Owner\LOCALS~1\Temp\w1vxj6d9p7q1.exe
O4 - HKCU\..\Run: [rhtmiken9l3btywp37hsknb6g89v4he9bhy] C:\DOCUME~1\Owner\LOCALS~1\Temp\dax2ry.exe
O4 - HKCU\..\Run: [vdq7w15yyl3xvhxvtc4ppcavcvgxcwpcsyegx9] C:\DOCUME~1\Owner\LOCALS~1\Temp\l4ig9vr5abm7g.exe
O4 - HKCU\..\Run: [ge2db6c6b7rc81] C:\DOCUME~1\Owner\LOCALS~1\Temp\quayak.exe
O4 - HKCU\..\Run: [oatp599ben9zuifc0zh0mqoizh7uh5eul9b3f01p3lq] C:\DOCUME~1\Owner\LOCALS~1\Temp\zi6fqxtj.exe
O4 - HKCU\..\Run: [txraw4dzqgkoilw2ytqf66qi8niufguw8] C:\DOCUME~1\Owner\LOCALS~1\Temp\ghd0oj.exe
O4 - HKCU\..\Run: [rjqyoemur61d1i4vg496] C:\DOCUME~1\Owner\LOCALS~1\Temp\dc1h8kgk4.exe
O4 - HKCU\..\Run: [cxnfj2eg0eu9hw8nybw776sb3p209159s8mpot3b4yy6yfopj] C:\DOCUME~1\Owner\LOCALS~1\Temp\kbr2rwa.exe
O4 - HKCU\..\Run: [qu9szyam2ql] C:\DOCUME~1\Owner\LOCALS~1\Temp\vpflh70musk.exe
O4 - HKCU\..\Run: [i8dhzqjer] C:\DOCUME~1\Owner\LOCALS~1\Temp\com60juyt.exe
O4 - HKCU\..\Run: [ehg07kqtnj0rekm8qtyljzaazbe7wk9iev0sxv3otzwu5da0] C:\DOCUME~1\Owner\LOCALS~1\Temp\cy0qpzufma9ff.exe
O4 - HKCU\..\Run: [jf1x60hk3qv8qi3] C:\DOCUME~1\Owner\LOCALS~1\Temp\x4jubk2ny.exe
O4 - HKCU\..\Run: [qsi18c1ww3rukz] C:\DOCUME~1\Owner\LOCALS~1\Temp\tp2wn46s4au.exe
O4 - HKCU\..\Run: [dz5lm7tn5h] C:\DOCUME~1\Owner\LOCALS~1\Temp\byxfxxkf4g.exe
O4 - HKCU\..\Run: [c4dsss3r94w6j2dxbxg3ndtrzqji07zeri4ndh1i86cd696yu] C:\DOCUME~1\Owner\LOCALS~1\Temp\ix40gsxr.exe
O4 - HKCU\..\Run: [gzq3emelkxltk0yo31] C:\DOCUME~1\Owner\LOCALS~1\Temp\d364ld5zws6d.exe
O4 - HKCU\..\Run: [f0gd9e8gaesx] C:\DOCUME~1\Owner\LOCALS~1\Temp\nccrgna3t.exe
O4 - HKCU\..\Run: [k7n79coe7vb0] C:\DOCUME~1\Owner\LOCALS~1\Temp\f9cheohb.exe
O4 - HKCU\..\Run: [zd8aaqc40doux892u92f3627hnumncs4c] C:\DOCUME~1\Owner\LOCALS~1\Temp\qxekaw7i.exe
O4 - HKCU\..\Run: [xum0008f949p5rob9rolxdmsr33vy4xlrpn2d1tb] C:\DOCUME~1\Owner\LOCALS~1\Temp\umx5gadozb4x.exe
O4 - HKCU\..\Run: [hrnmtqx8m] C:\DOCUME~1\Owner\LOCALS~1\Temp\tr6u4q.exe
O4 - HKCU\..\Run: [vq8u82cx08tf22ik0hkdbbbaogj] C:\DOCUME~1\Owner\LOCALS~1\Temp\qpq05a8t.exe
O4 - HKCU\..\Run: [o5nnwvcdrmfjrlpx75gf6hecvddp6xlvwr] C:\DOCUME~1\Owner\LOCALS~1\Temp\gbwcve.exe
O4 - HKCU\..\Run: [vbtnshe09f1mi5qg] C:\DOCUME~1\Owner\LOCALS~1\Temp\krah78.exe
O4 - HKCU\..\Run: [n5ow8e901zfg2y4jdcr3qxqevd67frgqo] C:\DOCUME~1\Owner\LOCALS~1\Temp\mw26v5pa.exe
O4 - HKCU\..\Run: [zs9dmibmwnll9d45q95m3l8bf99tz] C:\DOCUME~1\Owner\LOCALS~1\Temp\vfwkhu9k6ii.exe
O4 - HKCU\..\Run: [q5zc8v1i1i1lj4rjz04ljpzdmjb48908t] C:\DOCUME~1\Owner\LOCALS~1\Temp\z9am37rtcoc2.exe
O4 - HKCU\..\Run: [fv5p84zrde3njmoe39fh4nra8tqiygdmc5b41q4fcx5hoyqsbr] C:\DOCUME~1\Owner\LOCALS~1\Temp\f4s09ez03v.exe
O4 - HKCU\..\Run: [ia3h3acfxqmubj4s3f2w6le2j8gfh4jdr9nxp34lvh] C:\DOCUME~1\Owner\LOCALS~1\Temp\xh64i1j2cjgu.exe
O4 - HKCU\..\Run: [piusah5in6zkvtlx5mqoeesd4vtcdhe8x6lj4ea46] C:\DOCUME~1\Owner\LOCALS~1\Temp\pn88nmra.exe
O4 - HKCU\..\Run: [vomsbtuphorcgxj9o3c3] C:\DOCUME~1\Owner\LOCALS~1\Temp\zcvr79.exe
O4 - HKCU\..\Run: [hwso0rcjlhvqf1n517y8c9ij13dbj6qkz8u45ocw42] C:\DOCUME~1\Owner\LOCALS~1\Temp\ytsxu0yo23r.exe
O4 - HKCU\..\Run: [i4uxkft9x23xzuqy87xijtw7e7k95lb6u] C:\DOCUME~1\Owner\LOCALS~1\Temp\dsswfd.exe
O4 - HKCU\..\Run: [rirmv3sqsa7vrg9clhsf9mmzyxeexjnp035oy] C:\DOCUME~1\Owner\LOCALS~1\Temp\ofiac8m.exe
O4 - HKCU\..\Run: [v9x5ojh0c61fo1yua96o3] C:\DOCUME~1\Owner\LOCALS~1\Temp\vogxei.exe
O4 - HKCU\..\Run: [zxq0imk7ttreamg23tah1mypq38pnj44] C:\DOCUME~1\Owner\LOCALS~1\Temp\fsiidcs01.exe
O4 - HKCU\..\Run: [y4obk7t3mkhz] C:\DOCUME~1\Owner\LOCALS~1\Temp\n6dldmb.exe
O4 - HKCU\..\Run: [erqbwhqvl9xgb52mjhp6a8jlug8dqxb4dsmmoqjmja] C:\DOCUME~1\Owner\LOCALS~1\Temp\uaf6vx0grm.exe
O4 - HKCU\..\Run: [ugcu06xnin41lekkwg8my2of6olazuwn7fm] C:\DOCUME~1\Owner\LOCALS~1\Temp\ng8522sibae.exe
O4 - HKCU\..\Run: [si3nkwox5r50vpgmeujp2iewenj8iztktg3] C:\DOCUME~1\Owner\LOCALS~1\Temp\yzropcdbesx9.exe
O4 - HKCU\..\Run: [gb1zph11apxqupsthi80d30jy1qsoalzyys5i40vsljtrmsq] C:\DOCUME~1\Owner\LOCALS~1\Temp\x8mqhgje40r.exe
O4 - HKCU\..\Run: [iazip60w1qtanl70orn6s87cf0huc9gh7l1dgwvh1v9k] C:\DOCUME~1\Owner\LOCALS~1\Temp\ima97nj.exe
O4 - HKCU\..\Run: [rpw2q8ik9y6qgotma8xq78lczzkeaybuh3dhp8f2s] C:\DOCUME~1\Owner\LOCALS~1\Temp\wfovjd2j2y8g.exe
O4 - HKCU\..\Run: [qyqo2twr58i6] C:\DOCUME~1\Owner\LOCALS~1\Temp\pqjeggizmm2r.exe
O4 - HKCU\..\Run: [ncevvb94ahrjzj431855uemodcyzpkslthocstny6kxsv42prr] C:\DOCUME~1\Owner\LOCALS~1\Temp\ae20v78684pc.exe
O4 - HKCU\..\Run: [c5thpmj4ci8wgiiooc0823buy4jqv6sokwtm3c2v] C:\DOCUME~1\Owner\LOCALS~1\Temp\ohbndu8xxy7hs.exe
O4 - HKCU\..\Run: [i4x6jprvzbq87c6c3pjfn] C:\DOCUME~1\Owner\LOCALS~1\Temp\v6noq9l.exe
O4 - HKCU\..\Run: [q4new9tzrsazlu2j1yg24xgwqu7jlfem2] C:\DOCUME~1\Owner\LOCALS~1\Temp\ocznxvwu.exe
O4 - HKCU\..\Run: [gzp9t7ln735aehdymtd34jq71q93louoij] C:\DOCUME~1\Owner\LOCALS~1\Temp\ulyhd4g.exe
O4 - HKCU\..\Run: [zuv3rz66igf3dsxch21lv6] C:\DOCUME~1\Owner\LOCALS~1\Temp\s2bct0y4v.exe
O4 - HKCU\..\Run: [ziun39ob1q59b1uw2mjho] C:\DOCUME~1\Owner\LOCALS~1\Temp\p9ncg2a.exe
O4 - HKCU\..\Run: [jwzu15ajignynfbzq73yuvk9tbu55ve60r9vj5ybv] C:\DOCUME~1\Owner\LOCALS~1\Temp\dgzvjbou5ngrd.exe
O4 - HKCU\..\Run: [kq3sy4xshd3kdtmpabjp7iotznasthr9ebc375ali] C:\DOCUME~1\Owner\LOCALS~1\Temp\vc6wigflohs1x.exe
O4 - HKCU\..\Run: [llvwnnntj27tgkjs636qlfug8obdesafslslrefe9m] C:\DOCUME~1\Owner\LOCALS~1\Temp\lksu36x3mt4yc.exe
O4 - HKCU\..\Run: [pvxfhkutysjw] C:\DOCUME~1\Owner\LOCALS~1\Temp\njcr2eqw20efq.exe
O4 - HKCU\..\Run: [v05bs3d60l4uu] C:\DOCUME~1\Owner\LOCALS~1\Temp\x2szgm16noc.exe
O4 - HKCU\..\Run: [v06lc48u6nsat6jvmfs9m9k31urykjmaswwa04zih4] C:\DOCUME~1\Owner\LOCALS~1\Temp\lzdgjx9w.exe
O4 - HKCU\..\Run: [jjdrqoa4kvk6qb43zrzw3q71ks6s775mw79tywymfn8] C:\DOCUME~1\Owner\LOCALS~1\Temp\k5mvi8m8k1a.exe
O4 - HKCU\..\Run: [dq1ezxg6qbubacyvvfvz3gdyp4] C:\DOCUME~1\Owner\LOCALS~1\Temp\g2txvaer.exe
O4 - HKCU\..\Run: [kjq1ips3tbk1kuxlj0krk0ptkna] C:\DOCUME~1\Owner\LOCALS~1\Temp\ceemnsso.exe
O4 - HKCU\..\Run: [s2qz5dmfqn9su7h9c3kz80] C:\DOCUME~1\Owner\LOCALS~1\Temp\jw47p4.exe
O4 - HKCU\..\Run: [fqwatilm02f] C:\DOCUME~1\Owner\LOCALS~1\Temp\ec1v05.exe
O4 - HKCU\..\Run: [z16pzhme4085fp9u0lyfulz3d919yk5rxrgtzu5o] C:\DOCUME~1\Owner\LOCALS~1\Temp\a98xd75r3qq.exe
O4 - HKCU\..\Run: [y8b2wcdbo7rltqef86pti99v1cp0bfs7w5qzwkkkth] C:\DOCUME~1\Owner\LOCALS~1\Temp\qrpwndl.exe
O4 - HKCU\..\Run: [c2kdprnry5hebjsfek8] C:\DOCUME~1\Owner\LOCALS~1\Temp\lxr0sycy68d.exe
O4 - HKCU\..\Run: [j3tqsm8mo1rq] C:\DOCUME~1\Owner\LOCALS~1\Temp\e8m2p1se9w7.exe
O4 - HKCU\..\Run: [f2kyoljxkx0im6jhcosny59218czy62wb2s5pvntptek] C:\DOCUME~1\Owner\LOCALS~1\Temp\dfoor21ef033.exe
O4 - HKCU\..\Run: [dmw21wvjw57fur5nrowpd9e84w7eue3] C:\DOCUME~1\Owner\LOCALS~1\Temp\dpj8gz1v.exe
O4 - HKCU\..\Run: [fkzy6xpsjx9bi58p9vmka9r0ru8akbcl8gk5faln] C:\DOCUME~1\Owner\LOCALS~1\Temp\z5qatkte4f2kz.exe
O4 - HKCU\..\Run: [rnkxt4r24teqkfkrevc9bqnur7d5] C:\DOCUME~1\Owner\LOCALS~1\Temp\x0d726b.exe
O4 - HKCU\..\Run: [h6boihjn8x8kj7h2o2zkjnnjmly4] C:\DOCUME~1\Owner\LOCALS~1\Temp\tx8nfkf0yl6xa.exe
O4 - HKCU\..\Run: [h2h0j6tsphhzzf4] C:\DOCUME~1\Owner\LOCALS~1\Temp\tcmabhkv.exe
O4 - HKCU\..\Run: [z380bc9fi8] C:\DOCUME~1\Owner\LOCALS~1\Temp\hajxw5826yys.exe
O4 - HKCU\..\Run: [xx29necngrl8k7haj8rmxplbifyp8rm046m56hk] C:\DOCUME~1\Owner\LOCALS~1\Temp\dqqzsq0lj.exe
O4 - HKCU\..\Run: [ri5r12jxy4ydtgullt5l7c90ia6684w1r] C:\DOCUME~1\Owner\LOCALS~1\Temp\oe92oyqs5.exe
O4 - HKCU\..\Run: [v5ofqswfzllnvogtdhik3c6frj4bltk2bmhzs6dr2i74oag2] C:\DOCUME~1\Owner\LOCALS~1\Temp\gbdt9hrb0aw.exe
O4 - HKCU\..\Run: [qdxurmi6ouz4hmxh5fmb3t8] C:\DOCUME~1\Owner\LOCALS~1\Temp\l4hzdw5yls.exe
O4 - HKCU\..\Run: [hyc7l5rocuu3jub4125g] C:\DOCUME~1\Owner\LOCALS~1\Temp\qzc2w67z.exe
O4 - HKCU\..\Run: [r1te808vp8bb49gs7521tpa6] C:\DOCUME~1\Owner\LOCALS~1\Temp\xyjnfi.exe
O4 - HKCU\..\Run: [s65dm4qxojjqg9bhufiase] C:\DOCUME~1\Owner\LOCALS~1\Temp\disaae.exe
O4 - HKCU\..\Run: [bpzpf9xgq8n3r] C:\DOCUME~1\Owner\LOCALS~1\Temp\veguqj.exe
O4 - HKCU\..\Run: [rsx7x4p2hendogufgn4if35ijllm6rsg2di9jhwr] C:\DOCUME~1\Owner\LOCALS~1\Temp\cd6wsv3v5b5b.exe
O4 - HKCU\..\Run: [anp26xv93hpqvkmxkn0wwe6e23vlyr28z2lx46fj] C:\DOCUME~1\Owner\LOCALS~1\Temp\kwdz8ny.exe
O4 - HKCU\..\Run: [v7nx6hkhkc2ozkmossoj355dvz1hdah] C:\DOCUME~1\Owner\LOCALS~1\Temp\rv3krzsbez5yz.exe
O4 - HKCU\..\Run: [krlwjy2dfrksxt3fsvgkauktwvkjumfh5at81gm866cm] C:\DOCUME~1\Owner\LOCALS~1\Temp\f7y63pu4an.exe
O4 - HKCU\..\Run: [a94bimrcn1wsxnlqew4ry3ffj9jlyfoue09] C:\DOCUME~1\Owner\LOCALS~1\Temp\fthqc6zit.exe
O4 - HKCU\..\Run: [uniymjildi69tae2vd9kfuw4d9gk63432nscz9g5oabae1jr8] C:\DOCUME~1\Owner\LOCALS~1\Temp\ta7t4cuvi0f.exe
O4 - HKCU\..\Run: [xcz6mrs3frchi7uujo] C:\DOCUME~1\Owner\LOCALS~1\Temp\lnlxdzxx8osua.exe
O4 - HKCU\..\Run: [mb6sl6q9lmkhltuwgxvoi4ztfbjnicc672omu53b] C:\DOCUME~1\Owner\LOCALS~1\Temp\wplg09.exe
O4 - HKCU\..\Run: [foc9duxnknwvce8q] C:\DOCUME~1\Owner\LOCALS~1\Temp\vpi5r7pqtc7.exe
O4 - HKCU\..\Run: [hd7dazpcdklbq6rrrpz45verf] C:\DOCUME~1\Owner\LOCALS~1\Temp\ocu4yc0sd0el.exe
O4 - HKCU\..\Run: [vu89n6k9mpo3lmzs6t8p0w1yl32y] C:\DOCUME~1\Owner\LOCALS~1\Temp\zeun4m2lgixch.exe
O4 - HKCU\..\Run: [cybwdl8qfc0nk56e5pgj2eeflhymcesfwl6m7erap3egcocp] C:\DOCUME~1\Owner\LOCALS~1\Temp\cy3agzjjluwql.exe
O4 - HKCU\..\Run: [wm6r3fxl4u] C:\DOCUME~1\Owner\LOCALS~1\Temp\u6fbzoy7.exe
O4 - HKCU\..\Run: [fptxhhcjebxvv2s7vi15r] C:\DOCUME~1\Owner\LOCALS~1\Temp\vgk9q5iic.exe
O4 - HKCU\..\Run: [crdts3rai7xi8lm5cp3n1og] C:\DOCUME~1\Owner\LOCALS~1\Temp\uglocu.exe
O4 - HKCU\..\Run: [nveimx3gp1t9m3gsekhqs97khk] C:\DOCUME~1\Owner\LOCALS~1\Temp\ijqlg9r.exe
O4 - HKCU\..\Run: [jdkm6y04fbbmg8p1rzqpet6nhn5qw5rbp] C:\DOCUME~1\Owner\LOCALS~1\Temp\t7s7chy.exe
O4 - HKCU\..\Run: [xov3nrjhb6cd3wgq6bp511z] C:\DOCUME~1\Owner\LOCALS~1\Temp\ddp99zo0jbbvf.exe
O4 - HKCU\..\Run: [lqk6p7a7cmplm] C:\DOCUME~1\Owner\LOCALS~1\Temp\xtvru5aix.exe
O4 - HKCU\..\Run: [zaqtisdvh6s] C:\DOCUME~1\Owner\LOCALS~1\Temp\uo7mvzamwhf8q.exe
O4 - HKCU\..\Run: [cau60exr8velr8ejy04pay0j4xis695gq7afpel9tw] C:\DOCUME~1\Owner\LOCALS~1\Temp\eouejpe7oie1g.exe
O4 - HKCU\..\Run: [icowwh6s6xhtn6e1pze1nkjqj3xllcd6p] C:\DOCUME~1\Owner\LOCALS~1\Temp\r12drc64m.exe
O4 - HKCU\..\Run: [z25gbb82zxgkr5o1] C:\DOCUME~1\Owner\LOCALS~1\Temp\gzjulhex.exe
O4 - HKCU\..\Run: [b76uccuxtu9vfniklyekjf678w4e9qjarzwlx6xh7osgfafaj0] C:\DOCUME~1\Owner\LOCALS~1\Temp\u9zz72q7.exe
O4 - HKCU\..\Run: [u4pjubgswb4ob80gwfza0i1hdx] C:\DOCUME~1\Owner\LOCALS~1\Temp\nwbye719z.exe
O4 - HKCU\..\Run: [pgw7zo0fonn5y49ht9466zb21g1l4u9qiwbmunuxv9i80ktp] C:\DOCUME~1\Owner\LOCALS~1\Temp\z8zfbyndmx9.exe
O4 - HKCU\..\Run: [x1hddl7jofn2bxuhta4nb58h62ti6] C:\DOCUME~1\Owner\LOCALS~1\Temp\n1u1n56n.exe
O4 - HKCU\..\Run: [qnr9x6igq9j8ocmdks0c0jwuljirptrt0grxg] C:\DOCUME~1\Owner\LOCALS~1\Temp\rq6j0kji5r.exe
O4 - HKCU\..\Run: [q1lysbjx0zsabyf] C:\DOCUME~1\Owner\LOCALS~1\Temp\ejhbk8bsj4wn.exe
O4 - HKCU\..\Run: [r3ks0qvev7f3a7e09i3ed8xkgixobllegh2gl] C:\DOCUME~1\Owner\LOCALS~1\Temp\h37yflsq5ge1.exe
O4 - HKCU\..\Run: [c9s9ggimgb0kd6y8suczzfwtfm6ysr7u7b4e8m454hy0pvdt] C:\DOCUME~1\Owner\LOCALS~1\Temp\tfvftv.exe
O4 - HKCU\..\Run: [qv8lhz72signhs66myrtzosh874k] C:\DOCUME~1\Owner\LOCALS~1\Temp\swsl5ji2cn4.exe
O4 - HKCU\..\Run: [ze4sw531am7649bvl138z5tgwkxnp0wuinanb] C:\DOCUME~1\Owner\LOCALS~1\Temp\ts03fm8n.exe
O4 - HKCU\..\Run: [ikrh4s2ksh22j6] C:\DOCUME~1\Owner\LOCALS~1\Temp\pdj586csqz.exe
O4 - HKCU\..\Run: [yhur7kpcm2rcpq2kbfee] C:\DOCUME~1\Owner\LOCALS~1\Temp\qno3znwkrts.exe
O4 - HKCU\..\Run: [gj0uyow1kezl77g1d0uken0pb7s0m776cjdt5du] C:\DOCUME~1\Owner\LOCALS~1\Temp\bp7m5xydubbi.exe
O4 - HKCU\..\Run: [hb0vk8fyfekv4m3k5x7rlp4thimbdnj39qwi15dzi5y6xdt] C:\DOCUME~1\Owner\LOCALS~1\Temp\whsa0zu.exe
O4 - HKCU\..\Run: [m0l755ma6] C:\DOCUME~1\Owner\LOCALS~1\Temp\dq1iiqymo6q.exe
O4 - HKCU\..\Run: [avxezfi2kal3] C:\DOCUME~1\Owner\LOCALS~1\Temp\ud0svsfuic7h.exe
O4 - HKCU\..\Run: [ypxt4scxhciw8bal4u7tmamknj1eii8y41i4t1ytvpqgh0] C:\DOCUME~1\Owner\LOCALS~1\Temp\qk9yqs0.exe
O4 - HKCU\..\Run: [qiutuw0t7] C:\DOCUME~1\Owner\LOCALS~1\Temp\ofk9gqu8v1.exe
O4 - HKCU\..\Run: [dv208jsol71miolwqzb29hridy95] C:\DOCUME~1\Owner\LOCALS~1\Temp\kw7i2h05w.exe
O4 - HKCU\..\Run: [mbwwzqncrf6wc59feb9] C:\DOCUME~1\Owner\LOCALS~1\Temp\gm940o5j9k.exe
O4 - HKCU\..\Run: [netkxssspt3p9kmh83] C:\DOCUME~1\Owner\LOCALS~1\Temp\sv1e6fw.exe
O4 - HKCU\..\Run: [enmch7efj] C:\DOCUME~1\Owner\LOCALS~1\Temp\wpwz9sxa.exe
O4 - HKCU\..\Run: [navu83elfw6bn2cf3raqljw1tbsa7vx7poh6fklpy] C:\DOCUME~1\Owner\LOCALS~1\Temp\om07dsyabk.exe
O4 - HKCU\..\Run: [kmj2eioyhrhk1tk] C:\DOCUME~1\Owner\LOCALS~1\Temp\b5gfr4gy.exe
O4 - HKCU\..\Run: [ev9h013ajc3g9v7d5sgkept4m68uqn2wyyx9paf9] C:\DOCUME~1\Owner\LOCALS~1\Temp\uq61d2609l0l.exe
O4 - HKCU\..\Run: [klpflur72gx2d4i] C:\DOCUME~1\Owner\LOCALS~1\Temp\pirp84j.exe
O4 - HKCU\..\Run: [c9jq4v0kobm6yrdpd02njqkaohxma8w] C:\DOCUME~1\Owner\LOCALS~1\Temp\iamro7i.exe
O4 - HKCU\..\Run: [nnb4zhhusge1tkm5wb4ynkaqzkfwbmz3a7ns4nd] C:\DOCUME~1\Owner\LOCALS~1\Temp\hf2hmmdgpyl.exe
O4 - HKCU\..\Run: [a4utvduvw3gia5imzbiwh09hfvwfh8xi5d6zhqonoc59] C:\DOCUME~1\Owner\LOCALS~1\Temp\hpxkb2d.exe
O4 - HKCU\..\Run: [y4q8u7rts28crr7ci28ibk763uzi04p735bms9s9e95jb] C:\DOCUME~1\Owner\LOCALS~1\Temp\y6nn3r8a7.exe
O4 - HKCU\..\Run: [nl3w8v80wyt8c4uh2wt39mdfr6gmqj9yhvvez7c5l8] C:\DOCUME~1\Owner\LOCALS~1\Temp\ffpssj2mggv.exe
O4 - HKCU\..\Run: [xnb4frwgwbqp54] C:\DOCUME~1\Owner\LOCALS~1\Temp\mvmx4dp9mmv.exe
O4 - HKCU\..\Run: [kzus3zv50cl8u4ppnfv1v9bp30da70vyavtgdikplo] C:\DOCUME~1\Owner\LOCALS~1\Temp\ti5i3o.exe
O4 - HKCU\..\Run: [p2nsrsvyd7mn3hhyks9hady2f9kgxst6v7] C:\DOCUME~1\Owner\LOCALS~1\Temp\ex98yuv605un.exe
O4 - HKCU\..\Run: [e52h3fhld77d1fw77thsiww8exc9qa2vp] C:\DOCUME~1\Owner\LOCALS~1\Temp\z8uwcwr.exe
O4 - HKCU\..\Run: [t9huknf7h45u5yk] C:\DOCUME~1\Owner\LOCALS~1\Temp\og6gc26g2t.exe
O4 - HKCU\..\Run: [x20q2vyhc3pgk7wzjuyxcf70vlr96e95pj] C:\DOCUME~1\Owner\LOCALS~1\Temp\fxwj4r1tannt.exe
O4 - HKCU\..\Run: [n50cat6104l] C:\DOCUME~1\Owner\LOCALS~1\Temp\cipzic895bs.exe
O4 - HKCU\..\Run: [hh1v7ejk7fmpitlu09qrolqzibthgjc] C:\DOCUME~1\Owner\LOCALS~1\Temp\cskjosp.exe
O4 - HKCU\..\Run: [s0b0ifpwae9203p6uerbuncytcr] C:\DOCUME~1\Owner\LOCALS~1\Temp\uaande.exe
O4 - HKCU\..\Run: [hdnludm9wmc7bevyv601oinxhdkymd6bm6cr8u] C:\DOCUME~1\Owner\LOCALS~1\Temp\ec7crmwol356.exe
O4 - HKCU\..\Run: [hqtm9khwev2ra2q2955sg5zflfvo7n] C:\DOCUME~1\Owner\LOCALS~1\Temp\ukcrcce6juap.exe
O4 - HKCU\..\Run: [iput7287msc2qtgot4fwjfai57mah0bhic0by8ijp] C:\DOCUME~1\Owner\LOCALS~1\Temp\t5vtod.exe
O4 - HKCU\..\Run: [r8o50mpcxwrz8gpnqk1meq0j9nu4n4v6] C:\DOCUME~1\Owner\LOCALS~1\Temp\l1jd4i.exe
O4 - HKCU\..\Run: [pkt49pfg7rnvqo0c2jdhg2no61x5] C:\DOCUME~1\Owner\LOCALS~1\Temp\tfqwut3zw8.exe
O4 - HKCU\..\Run: [xowmcc0y74fi6lx69cjqit18010l] C:\DOCUME~1\Owner\LOCALS~1\Temp\eyqf03k2li2.exe
O4 - HKCU\..\Run: [noyvotwywyer] C:\DOCUME~1\Owner\LOCALS~1\Temp\lbxxty901u.exe
O4 - HKCU\..\Run: [bo8b8e3gkeglqzqsy5zml2o2whu93lktuqczslree] C:\DOCUME~1\Owner\LOCALS~1\Temp\m22v1yab2o9.exe
O4 - HKCU\..\Run: [rjjs27xaexq1baufoe2tqkwcmm85i] C:\DOCUME~1\Owner\LOCALS~1\Temp\cop7a2229.exe
O4 - HKCU\..\Run: [feik5xqgziaz0trmfhkswql3yyk90zjadh2g5g1z9] C:\DOCUME~1\Owner\LOCALS~1\Temp\vb1phod4tc.exe
O4 - HKCU\..\Run: [i6qxk4f0x954ppru7ietylxx90p0twtv8cr4v] C:\DOCUME~1\Owner\LOCALS~1\Temp\gdk8nyfxfud.exe
O4 - HKCU\..\Run: [d5i3og83wuc] C:\DOCUME~1\Owner\LOCALS~1\Temp\vlw9n4.exe
O4 - HKCU\..\Run: [ymzrl9gw70atp8mjdgyp6gfyy6lfmcsil8tspijfbho8hz85] C:\DOCUME~1\Owner\LOCALS~1\Temp\z5faor9lkq4.exe
O4 - HKCU\..\Run: [y8j9s09hkk5x0d4cst] C:\DOCUME~1\Owner\LOCALS~1\Temp\g9yc2v.exe
O4 - HKCU\..\Run: [i81b4vbde2kycppi7cpg5d2zif0ys0ai3] C:\DOCUME~1\Owner\LOCALS~1\Temp\feel0af6qp.exe
O4 - HKCU\..\Run: [fe9hajs0v7wlxeijty3] C:\DOCUME~1\Owner\LOCALS~1\Temp\pig6zlllz7uef.exe
O4 - HKCU\..\Run: [rpkbqtdd8knb8zwngged3yr8sy93sz2popjr57nekyw5m5vy] C:\DOCUME~1\Owner\LOCALS~1\Temp\dguck9s9e.exe
O4 - HKCU\..\Run: [df1rrwtamwkwpvzarfdk] C:\DOCUME~1\Owner\LOCALS~1\Temp\wm6bre3byj.exe
O4 - HKCU\..\Run: [fgksvyf3a2mqxwqix5c8igusu5] C:\DOCUME~1\Owner\LOCALS~1\Temp\ld1vakizo7632.exe
O4 - HKCU\..\Run: [y3snl87q1pgne32v9sy4m0t4e0b56zs35nsr] C:\DOCUME~1\Owner\LOCALS~1\Temp\s7pd3y7x4jz5.exe
O4 - HKCU\..\Run: [f8vukxamop0cbr01dl66igc4jl1uyi4ukw810rkuoctugf] C:\DOCUME~1\Owner\LOCALS~1\Temp\e0uuhp.exe
O4 - HKCU\..\Run: [m03vznz8cyuqibccog3e8b2u18d07qg4k525] C:\DOCUME~1\Owner\LOCALS~1\Temp\wrpe0v8py.exe
O4 - HKCU\..\Run: [oa4c4h36qxhgh8sheue49fi2eehkd2w88npdzl3bdv] C:\DOCUME~1\Owner\LOCALS~1\Temp\onwfg0zg0.exe
O4 - HKCU\..\Run: [hzj5fmmsz9p5y8tcvtcurtuv77zn7ah32m1w0wtfykg3] C:\DOCUME~1\Owner\LOCALS~1\Temp\ha8xn5aik1.exe
O4 - HKCU\..\Run: [ay2h4iov0mg61bomhi5a] C:\DOCUME~1\Owner\LOCALS~1\Temp\pe1d7hjriq.exe
O4 - HKCU\..\Run: [pw158l9th46o5e48xbnfhpntha95mhaw53x5] C:\DOCUME~1\Owner\LOCALS~1\Temp\cgrisq.exe
O4 - HKCU\..\Run: [ydohheudpx5k46crn1kfru7d8kxkswx0solr3wu8nqaadfl] C:\DOCUME~1\Owner\LOCALS~1\Temp\clal1sw1n5hil.exe
O4 - HKCU\..\Run: [k1ecpbpf395uvrr] C:\DOCUME~1\Owner\LOCALS~1\Temp\n9coxfdui2y6c.exe
O4 - HKCU\..\Run: [flkhx8s4a1qovleqw1b06h4dt54ote8wv4zfosmyagwmzkzfhv] C:\DOCUME~1\Owner\LOCALS~1\Temp\ysc73p.exe
O4 - HKCU\..\Run: [lciamtc526lz25] C:\DOCUME~1\Owner\LOCALS~1\Temp\f5jpdk4l1wazd.exe
O4 - HKCU\..\Run: [x35zllg6n1c56] C:\DOCUME~1\Owner\LOCALS~1\Temp\clx3o6hy.exe
O4 - HKCU\..\Run: [ao241btiy8068yjz] C:\DOCUME~1\Owner\LOCALS~1\Temp\jzeazx.exe
O4 - HKCU\..\Run: [r58b8rtdnn29qba0t7ekh9cf] C:\DOCUME~1\Owner\LOCALS~1\Temp\r3790s.exe
O4 - HKCU\..\Run: [udqwekha6dfcsptf3ahvh9vxvvsf2] C:\DOCUME~1\Owner\LOCALS~1\Temp\iuswhxqgn8wq.exe
O4 - HKCU\..\Run: [qmki95ch2nrs01jiv0jmfwk1sptqgy4ws85qmdi702] C:\DOCUME~1\Owner\LOCALS~1\Temp\bmnye06wqwqi.exe
O4 - HKCU\..\Run: [nmr3yiyrnvncgzq2kysl9x27y1a0nhmlmxqyw8pwxsrykz] C:\DOCUME~1\Owner\LOCALS~1\Temp\u9zgl5hyakxz2.exe
O4 - HKCU\..\Run: [rzxf42bc9zbla5o68g9dfc9ilslkd] C:\DOCUME~1\Owner\LOCALS~1\Temp\lvp3ms.exe
O4 - HKCU\..\Run: [roy3cg6v6gy5smy25] C:\DOCUME~1\Owner\LOCALS~1\Temp\pp3op98.exe
O4 - HKCU\..\Run: [en5rwgzhuj0vlyn9ex5hsroxikgsrs47s3kyzukm6jnlz16imc] C:\DOCUME~1\Owner\LOCALS~1\Temp\oucddl31x.exe
O4 - HKCU\..\Run: [bg0iqp017dyixdgjtfuxinecd9mwl56ozxes] C:\DOCUME~1\Owner\LOCALS~1\Temp\khoc37eo7h.exe
O4 - HKCU\..\Run: [thzanctlvj1igi83n] C:\DOCUME~1\Owner\LOCALS~1\Temp\hcccn82h7xvnw.exe
O4 - HKCU\..\Run: [smonyt3k8401s2e] C:\DOCUME~1\Owner\LOCALS~1\Temp\r47x21ki9lj9h.exe
O4 - HKCU\..\Run: [krqy80vtuhzwrsjyvuvijdi4zur1h3qj9at42mtt8o] C:\DOCUME~1\Owner\LOCALS~1\Temp\vtjyfxx.exe
O4 - HKCU\..\Run: [k4om2j3ss2wub2iars8r] C:\DOCUME~1\Owner\LOCALS~1\Temp\idwuyjz.exe
O4 - HKCU\..\Run: [pabid1le4breogoaqistnv4] C:\DOCUME~1\Owner\LOCALS~1\Temp\coe71j4.exe
O4 - HKCU\..\Run: [ovn3u8v9gpp7fg3rsd5h2e3d9q3ypsl00x68ng] C:\DOCUME~1\Owner\LOCALS~1\Temp\q1ph14.exe
O4 - HKCU\..\Run: [y34hbwmap53pgy7ec7f60x2d3isb6pa80f] C:\DOCUME~1\Owner\LOCALS~1\Temp\psoa80gcd.exe
O4 - HKCU\..\Run: [nz19y26oao3efc] C:\DOCUME~1\Owner\LOCALS~1\Temp\on2wqh1.exe
O4 - HKCU\..\Run: [n75xbr6lzl2s0yllknb78zm6o3cl4t6gnes8fdkz8fbtk3iqh7] C:\DOCUME~1\Owner\LOCALS~1\Temp\ojzjme6aoo.exe
O4 - HKCU\..\Run: [qh12k6wf54ca3fftuhodj359911m2sng] C:\DOCUME~1\Owner\LOCALS~1\Temp\cqim15d0a6.exe
O4 - HKCU\..\Run: [yuo84o9l42yje] C:\DOCUME~1\Owner\LOCALS~1\Temp\nek8xdk7do.exe
O4 - HKCU\..\Run: [e6enbfl8p2v8vht0utj92dj2r1latl6780j] C:\DOCUME~1\Owner\LOCALS~1\Temp\udragpxj.exe
O4 - HKCU\..\Run: [c0cru5nhbll76ikfh778x319ig7youo2nw4bmtxtmm70sc08pi] C:\DOCUME~1\Owner\LOCALS~1\Temp\uiad662.exe
O4 - HKCU\..\Run: [li3tuqe5s2ly5gsqie81jxvxm1sqr4w8aam] C:\DOCUME~1\Owner\LOCALS~1\Temp\qpcz87bx.exe
O4 - HKCU\..\Run: [l8o4eqsf19hhnudgi64ii002ro762] C:\DOCUME~1\Owner\LOCALS~1\Temp\sulow4w0tv.exe
O4 - HKCU\..\Run: [mjc1oipq1vkelvv44cjym4jheyhokmmpk7ua] C:\DOCUME~1\Owner\LOCALS~1\Temp\x3go6xana.exe
O4 - HKCU\..\Run: [irtk5kppcbanz802orzooiql5703e] C:\DOCUME~1\Owner\LOCALS~1\Temp\lmg7c7cgdj.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...Web.1.0.0.8.cab
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} (CPlayFirstmsiControl Object) - http://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1151970597987
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...web.1.0.0.6.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/free-tri...mesLauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://legacy.aolsvc.aol.com/onlinegames/g...bugs/axhost.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...tg.1.0.0.33.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://download.games.yahoo.com/games/web_...itched/main.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/free-tri...zylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/cinematycoon.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...ia.1.0.0.22.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {72403728-57cd-4d8b-95ee-291c4f8d57ac} - (no file)
O20 - AppInit_DLLs: wqjspp.dll fgiegs.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: ssqQhfdb - ssqQhfdb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: IntelŽ PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: IntelŽ PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: IntelŽ PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 45679 bytes


DDS LOG:



DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 18:32:33.17 on Thu 03/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.256 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\PROGRA~1\AMERIC~1.0\shellmon.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [x56ehsrw44qb3] c:\docume~1\owner\locals~1\temp\k8eja1ki64u.exe
uRun: [xex6ph01jh0zps9drev20lwkzw] c:\docume~1\owner\locals~1\temp\xaj8y9x.exe
uRun: [b4jtlmpdj7ldiudbkd16xml3s84jfyq7jvy] c:\docume~1\owner\locals~1\temp\blq3i6h.exe
uRun: [nwnsfkn08a64] c:\docume~1\owner\locals~1\temp\xx091mgvf9hhl.exe
uRun: [wb4ehxa8rpiqv1gs0g7eky] c:\docume~1\owner\locals~1\temp\jpi2y42q.exe
uRun: [wswviqd2u] c:\docume~1\owner\locals~1\temp\vrawnxgm6h.exe
uRun: [uzhb8cm4h] c:\docume~1\owner\locals~1\temp\tiwa2p.exe
uRun: [b9lp4p99glwl7k7epyxfi349fx0joscm47] c:\docume~1\owner\locals~1\temp\r3h1zt.exe
uRun: [cktpdgb14qokx5c6j1hav1] c:\docume~1\owner\locals~1\temp\yxrielxt9aa1t.exe
uRun: [cjgxb74088xtla2x284omu6mu09sfvtej4] c:\docume~1\owner\locals~1\temp\vijvq5de.exe
uRun: [isqpvt6mcx23mvcfzmufczhtgq0mby] c:\docume~1\owner\locals~1\temp\yldftie.exe
uRun: [bzzypjgx14fzr845eofsyl] c:\docume~1\owner\locals~1\temp\v659o2ua48.exe
uRun: [ujmprpeg6qillqbrnfwnu] c:\docume~1\owner\locals~1\temp\o68ad3ttk7h.exe
uRun: [ovdft5tjlf9uvtc8dus9ym8bttj2p] c:\docume~1\owner\locals~1\temp\zhv6ufntisvh.exe
uRun: [qia4zzdlx28f8arhsv7lboeq093w820j] c:\docume~1\owner\locals~1\temp\da95jbxb3gn.exe
uRun: [mey257g8ekxmii0gmb0vzrn1jzzmic5qahaz3d6b2su7] c:\docume~1\owner\locals~1\temp\w6p0iihkzqp6.exe
uRun: [hs2i639vnctdmxanoxj6pcku4p1000vtqvuxvd56zeoy] c:\docume~1\owner\locals~1\temp\yz1m6tdb2h30.exe
uRun: [yw2cx46zo7kxx8] c:\docume~1\owner\locals~1\temp\rv0y5hx1y85qf.exe
uRun: [y8a1lx2b75v2ff6vw] c:\docume~1\owner\locals~1\temp\qmwq5t.exe
uRun: [nqr1qurqlmzb3s8h2vxos5mp8kj9f19rgisu0xkm] c:\docume~1\owner\locals~1\temp\rmo1oci.exe
uRun: [px8zul3rl7meo] c:\docume~1\owner\locals~1\temp\fj6s3ek.exe
uRun: [dyfnw2a1fjacs9rkzx4ymxg9tuiz60] c:\docume~1\owner\locals~1\temp\g2y3mgwp.exe
uRun: [fhcp790ptsk9jzdyz10jost] c:\docume~1\owner\locals~1\temp\snoap1ry.exe
uRun: [gdpqleez3vbclaeh4nwf0s8zgokj12d4] c:\docume~1\owner\locals~1\temp\mt9kfpei3d.exe
uRun: [gkhadsn2b9ebbrgh7huipx1dms] c:\docume~1\owner\locals~1\temp\xzuu7r5.exe
uRun: [ojdhgv36up1l1j8lfa4ci345ljtls4] c:\docume~1\owner\locals~1\temp\pqpeqxkf08.exe
uRun: [l2b876tqe54rvqgtbtxcjgrs5ba3ungeerxr83d2kohlwqzj] c:\docume~1\owner\locals~1\temp\e33zzkn0qwk0.exe
uRun: [llcpmunhofzd17d461sx] c:\docume~1\owner\locals~1\temp\hsc6kx9cv8p.exe
uRun: [pwvejc2o70fmh4u10aca79r5kx2q3pa1i0ilnc5dtxb1s] c:\docume~1\owner\locals~1\temp\aja1c5fj7.exe
uRun: [c26tkpq24hs293hr54k5d60k67k7stlz] c:\docume~1\owner\locals~1\temp\v6c5hqnryq2od.exe
uRun: [dv3wkfciiupgpj0ftgjsnfvkx6oe8x67mhndmax] c:\docume~1\owner\locals~1\temp\r1xuspk5n9vuj.exe
uRun: [ur1qgbdkm47yniwjvwtt] c:\docume~1\owner\locals~1\temp\cfldz0avx.exe
uRun: [vaf8wy60htm4u] c:\docume~1\owner\locals~1\temp\vvswv2.exe
uRun: [d7yd24lnad6jn5t] c:\docume~1\owner\locals~1\temp\cuzheef9qros.exe
uRun: [xfe8xvkxnal8q0b4aed5gl1kgw] c:\docume~1\owner\locals~1\temp\u2u1x3u.exe
uRun: [xov8ryvtpc420c] c:\docume~1\owner\locals~1\temp\wv5xscz.exe
uRun: [f6amby4udsypdy5000djxs] c:\docume~1\owner\locals~1\temp\or8rd95.exe
uRun: [m0mfcf95hqvof] c:\docume~1\owner\locals~1\temp\jnfstew.exe
uRun: [e7xqvgiiklz2mu0is5zsevnqnhlkz] c:\docume~1\owner\locals~1\temp\cfau9hc.exe
uRun: [hjf4zykhetexm885ll8r3kdadnd] c:\docume~1\owner\locals~1\temp\fz0h4dt.exe
uRun: [c7i4leajir7uu0f8x3lkxr30e57ob3gmkuhpq7jad] c:\docume~1\owner\locals~1\temp\nr5xl7v4ovpo.exe
uRun: [ap3byhw6avhfzz9r5ziwsdxwunlwohjwrn82] c:\docume~1\owner\locals~1\temp\n3tx58j.exe
uRun: [yp9n64ntzdgo9b99awwnylmk7p9ljf31d245qhmqb8] c:\docume~1\owner\locals~1\temp\mxed5t.exe
uRun: [x4htc563q7ap] c:\docume~1\owner\locals~1\temp\ssb9o1l2b.exe
uRun: [dqqql1xcoyvs1vztof] c:\docume~1\owner\locals~1\temp\m8s6mnxfwv5.exe
uRun: [zwz8fwd3xiwxt48edx33ha5otoaze0t] c:\docume~1\owner\locals~1\temp\xrsp9xz8zdoy.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [k0gxiqpwo7w55arjubtimjm] c:\docume~1\owner\locals~1\temp\m4vteyd.exe
uRun: [nob2vyfws8h8hllku] c:\docume~1\owner\locals~1\temp\bcqde4s6yo.exe
uRun: [z3efai9hlays5igqxhym] c:\docume~1\owner\locals~1\temp\sdunuo.exe
uRun: [rjejimvz29zde1s32vpx8z6q9ce8] c:\docume~1\owner\locals~1\temp\wed9hz6o14h.exe
uRun: [ucqywxbcq09w7t5pt7yt2bcf6rrcsp5waxi8r] c:\docume~1\owner\locals~1\temp\a88quhgczdig.exe
uRun: [t5vnsrsm8hksyqebb1kemqlz7if8yba4l1hr853h2nq0oc] c:\docume~1\owner\locals~1\temp\k03b9ryu11n2.exe
uRun: [xlc7imabk5wx2uuz79auzc9wjqcqbdum] c:\docume~1\owner\locals~1\temp\z3mvcy1fhj.exe
uRun: [eqwtfbnf40jklqrzutedk93n81ny48] c:\docume~1\owner\locals~1\temp\citfyddz3vm.exe
uRun: [ssdgeuj69hm2hl] c:\docume~1\owner\locals~1\temp\og0gll4h77ny.exe
uRun: [o4f24gb19pubf] c:\docume~1\owner\locals~1\temp\nj1rcesvxm2.exe
uRun: [up4lnrnxvi38nz5r6mv2tgjmwwgl] c:\docume~1\owner\locals~1\temp\xnkcbp.exe
uRun: [ahs080bp292dncdyc5olun] c:\docume~1\owner\locals~1\temp\u9agu5f.exe
uRun: [a5428at4t420ihrwx53hefjsb1ad2iz8bn4e] c:\docume~1\owner\locals~1\temp\xj5j0lwg8ni.exe
uRun: [fskrl6pe80smq33aeu3nzcqxlne] c:\docume~1\owner\locals~1\temp\lq02muac4.exe
uRun: [tcewaylxe9ome56581al7] c:\docume~1\owner\locals~1\temp\l5e61rfqxh0c.exe
uRun: [e8sgtbjd87e65kwtdwffj45yfos44m] c:\docume~1\owner\locals~1\temp\hll8et79e.exe
uRun: [p6knaoqek3x0f25gzhnr5wi97coeysxqu] c:\docume~1\owner\locals~1\temp\dsnuguz9zb.exe
uRun: [n9njq78bc9t8tmgq3bctwsyasnx1rf] c:\docume~1\owner\locals~1\temp\o6bd6m.exe
uRun: [pzeatmnz5f] c:\docume~1\owner\locals~1\temp\vtdy5gvei.exe
uRun: [axtuxc7imozkn9kx41x] c:\docume~1\owner\locals~1\temp\jm81h6.exe
uRun: [rezi4bqdbk1nomby7lb2vyn42rue] c:\docume~1\owner\locals~1\temp\rq101i.exe
uRun: [crsz8omn5k1ykda4g1hz3vgj3] c:\docume~1\owner\locals~1\temp\po0pdlupf.exe
uRun: [wx25jom0nh4cm73rwy0hdjkszbz9v] c:\docume~1\owner\locals~1\temp\mvrz3wl.exe
uRun: [azbsfz06ltuv9c8d0qnn202zhdb3be] c:\docume~1\owner\locals~1\temp\pkt3ervvbwnw.exe
uRun: [uup69cvgacirqda76828ct6b76m] c:\docume~1\owner\locals~1\temp\w20ox387rr.exe
uRun: [v2oncw7wbxkif65eb6uhvb9fmjrur1ha21q4w0igorkfyj0q0] c:\docume~1\owner\locals~1\temp\d179gy2j.exe
uRun: [bx7kx25ynpn0z949rmkii0vb2v3rmzownsdrfou27hu0y4ji2h] c:\docume~1\owner\locals~1\temp\hq2rtufed9.exe
uRun: [a6fi3zg3ogrxb] c:\docume~1\owner\locals~1\temp\k0xuia.exe
uRun: [iwnuwtfkyrwti] c:\docume~1\owner\locals~1\temp\gx4wvcoxj9f.exe
uRun: [sbo2phcuzchfcb3b6kok] c:\docume~1\owner\locals~1\temp\vj4xyjaig.exe
uRun: [nsonj29ztk48wlnld] c:\docume~1\owner\locals~1\temp\xyksu3.exe
uRun: [wem5tzdpmsso02oliyl] c:\docume~1\owner\locals~1\temp\jmd3gpa9ol.exe
uRun: [rlioaohg8fxf8ihvefmf4ei] c:\docume~1\owner\locals~1\temp\b8v10emi9vs1.exe
uRun: [lpu9hxiqf5r5pnt86fzoqgn9k2dw03zxlsdy5t] c:\docume~1\owner\locals~1\temp\cncz7uiw3v.exe
uRun: [he6o1qzwvjqeayywbs] c:\docume~1\owner\locals~1\temp\okmc6ozmv.exe
uRun: [okthkl7kzemrt] c:\docume~1\owner\locals~1\temp\vn5qm9z5j6l56.exe
uRun: [x1fidx1cdhxa4ssh47] c:\docume~1\owner\locals~1\temp\cmvb5lchzi1.exe
uRun: [npdigriux0rfpffijpyq6dlvgrnfil91azwsk9rzi] c:\docume~1\owner\locals~1\temp\c8yvsxd.exe
uRun: [po7drk3c2tmsvagse4rtugwzy8atgo5t1g] c:\docume~1\owner\locals~1\temp\opycmn.exe
uRun: [vikme86r9s6drd5ughjl8b6mwj3iggyj0m4] c:\docume~1\owner\locals~1\temp\klp7uucz8.exe
uRun: [qpj5qx2cctjnsz88q38vo79e2dzya4] c:\docume~1\owner\locals~1\temp\ppinepl8p.exe
uRun: [q7uzha13grs14wylysl] c:\docume~1\owner\locals~1\temp\mvxgddnar0q4d.exe
uRun: [q5gx7x8s5tiindxsr27436i8gc7d0i5yv0atqwdird1kd] c:\docume~1\owner\locals~1\temp\vhui7ggk.exe
uRun: [er3i359chj0x00vo8nr4xhvnumc8nxiihkn1gpc1tr385lc] c:\docume~1\owner\locals~1\temp\kupmg3jm7g.exe
uRun: [lrc6dlphl8j1cyjiofay53bi1cu] c:\docume~1\owner\locals~1\temp\n9f6lic6tsu.exe
uRun: [nnyfsbjrud] c:\docume~1\owner\locals~1\temp\yxy9h9jwwa0.exe
uRun: [hw37s6ey2tmpynupr] c:\docume~1\owner\locals~1\temp\mzhsnjlpzs0m.exe
uRun: [fy6rvcbjnzftpgwrhix0kezx76nhzovcxg6kv0q] c:\docume~1\owner\locals~1\temp\pj7fzw2n44zj.exe
uRun: [tc2q19xf9j04io3j] c:\docume~1\owner\locals~1\temp\e143h0r3ubi6s.exe
uRun: [j8myq4ur8n5fxa5uzqjjwf7n044eywzgsnpeqyji4g8ug9xkee] c:\docume~1\owner\locals~1\temp\w9g4h66r.exe
uRun: [aqv3e5oqgs609n1p5kpugnwtlcjsjk66er0h0p7kw87as] c:\docume~1\owner\locals~1\temp\ivzokd.exe
uRun: [jt3u0pa333jtmi82fwagqtn9xru9tejtizsh69eshugfebxlk1] c:\docume~1\owner\locals~1\temp\d11spy03ch.exe
uRun: [jhhxpj34zwe3bx1zz25eghubmqcbzxs6sb] c:\docume~1\owner\locals~1\temp\esq7utz1.exe
uRun: [ecvr16gzygtdnip6xgq9g8yjf2xlzbf5oqocos32lgmaeh] c:\docume~1\owner\locals~1\temp\qq9d0pec.exe
uRun: [usaqlheejnnp33c2n21pbicyvrkrzsc5rmz56285qt] c:\docume~1\owner\locals~1\temp\e74u97lwyod.exe
uRun: [xxzf0o5gvo8k24l4sqwvn3x] c:\docume~1\owner\locals~1\temp\l6ufs2f8x.exe
uRun: [zauq2wvkdliwezzuw7] c:\docume~1\owner\locals~1\temp\h31y54.exe
uRun: [yatouyyjkosb1j99bb8mbs] c:\docume~1\owner\locals~1\temp\vig6mbss.exe
uRun: [qsoi0zvf9c8m2qrkdsz] c:\docume~1\owner\locals~1\temp\bqitx62t32vk6.exe
uRun: [cnpqmbdjlziad70w35e4f13yum4278hb7ruqb7fs] c:\docume~1\owner\locals~1\temp\ib8y6zk2je.exe
uRun: [udweyrimehxhmhkivcqcsk9c] c:\docume~1\owner\locals~1\temp\tdrhc9mvmwh.exe
uRun: [y91d9npjhma5os5iwrk6ldzj] c:\docume~1\owner\locals~1\temp\u4wf3q66n9cp.exe
uRun: [zxch7ko6ql72tzjt3bo3tq5nzscxkp4fbh8fl30fjggg2twgl] c:\docume~1\owner\locals~1\temp\m03zjvxx6koi.exe
uRun: [a2nl5hntg3lifpelavsjk3brjyow7dqsx] c:\docume~1\owner\locals~1\temp\ewr0ijoope0s.exe
uRun: [h1yi008hh9xjlmhc2ri4mf2p08c6bsea9vy42r] c:\docume~1\owner\locals~1\temp\l005rc6eo.exe
uRun: [pb3kqsi74al1uc5vsvqu6vu3z7rzrniukht3u9ldao2kj] c:\docume~1\owner\locals~1\temp\sye1bsks.exe
uRun: [br7n7o2noz11g7k428bkg75prxvmf8fo0l] c:\docume~1\owner\locals~1\temp\a30puj9.exe
uRun: [gf202zjpwlxet9asbq7tg66mdqo7hh4f1rv6uh] c:\docume~1\owner\locals~1\temp\okqsmp4ct.exe
uRun: [wmtl12rqmcwosmtzj565d97besf8n3h38nstbak] c:\docume~1\owner\locals~1\temp\wj78ql1ihlns.exe
uRun: [xrnpzz9dvbtlxc7r9pa2lmy] c:\docume~1\owner\locals~1\temp\ofes6qs90fzl.exe
uRun: [rff6twfaoivs8k] c:\docume~1\owner\locals~1\temp\csp26blb89r.exe
uRun: [rg4cchcxrji7w] c:\docume~1\owner\locals~1\temp\vf1kdgwdsgyv.exe
uRun: [ltc254dcw1uft79] c:\docume~1\owner\locals~1\temp\jrwnp6fno.exe
uRun: [pe97ys1g0w0cpv7mip5tydka4bg0avscwcmjt4wgey31i3a3] c:\docume~1\owner\locals~1\temp\q50cnfedgm.exe
uRun: [emkam7506l8lkhw2gj2j1v5audrh5] c:\docume~1\owner\locals~1\temp\gdprmhb.exe
uRun: [bhmejdwto1u3] c:\docume~1\owner\locals~1\temp\hnn5kz.exe
uRun: [qz0gz9aafx1] c:\docume~1\owner\locals~1\temp\ordacs18ghh.exe
uRun: [n8rrrbj84e04tu2c41gq2cr6u3s1sita234nn] c:\docume~1\owner\locals~1\temp\cyeapih.exe
uRun: [gefy7bvx0g356l3fof9vam72xcfvoynymzgkt6zpw41bdz] c:\docume~1\owner\locals~1\temp\k279qdq.exe
uRun: [oghyxc5cfs96ax4nuia6zpi7c0ndvd9] c:\docume~1\owner\locals~1\temp\cuew7tp23a.exe
uRun: [z2ne9rpzpb8wrfwxh0abl9cysearg3] c:\docume~1\owner\locals~1\temp\it16hmsv1br4t.exe
uRun: [hn500gay6adv9yg19c2st379fc44] c:\docume~1\owner\locals~1\temp\um6nvde.exe
uRun: [i25m94s4asamfjwmbsevbd23fjq66ts9f0bx20nvq] c:\docume~1\owner\locals~1\temp\j364p3.exe
uRun: [urchy197ioie16w01au37q7p4tuuzzz] c:\docume~1\owner\locals~1\temp\gbzsvvufk65.exe
uRun: [mqbk56s3zle2l80jh4injfopaki0] c:\docume~1\owner\locals~1\temp\m0kf6q4g.exe
uRun: [cu5eqzhaloopng6ae715bwngcnm34cbhckycwdqq8vz] c:\docume~1\owner\locals~1\temp\uiyt4mjm4xj8.exe
uRun: [ikm3pf5akk0u6f5dlgp5ll8j34koekclvuxaquistpu6b7cxd] c:\docume~1\owner\locals~1\temp\fbfh3t3w.exe
uRun: [wy2vz2jin61le68hn8] c:\docume~1\owner\locals~1\temp\bih35ucw8.exe
uRun: [te7g7rss0pywlfil5dl6t2oqfvw1sssv7] c:\docume~1\owner\locals~1\temp\vybg7t.exe
uRun: [na03e43ufyfmmekcz337wf8igbwr4d5avjztaruihjsiq1gar8] c:\docume~1\owner\locals~1\temp\hm4e5lkmpd8.exe
uRun: [t07v8wdek4kx5ko3keli5hx] c:\docume~1\owner\locals~1\temp\pjzcqd2.exe
uRun: [j4x92latsykpwqbdp5vv3o] c:\docume~1\owner\locals~1\temp\ryaod8c.exe
uRun: [a9ti94d0rg8yfxv18q54cx4i4mg7h6yavw0s30wbii8mk3] c:\docume~1\owner\locals~1\temp\udh8in5d.exe
uRun: [yytzh0fslb3ym7kfys8dycw5q3a] c:\docume~1\owner\locals~1\temp\vnm6q4poc.exe
uRun: [gwaot52j61cvl667lnkz27i4x] c:\docume~1\owner\locals~1\temp\j0xgqpiq.exe
uRun: [c838atdn4ybiu5347ufasrm1o5] c:\docume~1\owner\locals~1\temp\bw406u9h.exe
uRun: [ykw9ryor2va53nhkcktlzbqhwz5] c:\docume~1\owner\locals~1\temp\tsb15i08.exe
uRun: [nu4yzmrixvxtb7jozu0qd] c:\docume~1\owner\locals~1\temp\mf4jc4ba6.exe
uRun: [ol40sleombickuh2w2d0hbse43c7pnlolmhqcp4o9] c:\docume~1\owner\locals~1\temp\arimou.exe
uRun: [ghvxw419q0hnghrplk84ytfchdbv9x9x1mx596qnsx] c:\docume~1\owner\locals~1\temp\binkfbe.exe
uRun: [v2erb2bguaax6rtzfnkn0zrn058acimln3i3pinuy7nq5jx] c:\docume~1\owner\locals~1\temp\uoz2mgpx.exe
uRun: [gu9ontv7vrpgu713da2d4r1y3prk52va] c:\docume~1\owner\locals~1\temp\kfhesjar6b2.exe
uRun: [y1lo3flkf0y3bl5gnk88cemv1apeoztic1gmtaqtb] c:\docume~1\owner\locals~1\temp\l6mcj0u275gk.exe
uRun: [xklqwapuy5mshdf6lpiyacqqt1850ncpjp05fa3zr7mfkljz] c:\docume~1\owner\locals~1\temp\sachbtcsr.exe
uRun: [nljdjwiugruoru4e8pid56c2wt] c:\docume~1\owner\locals~1\temp\ngelgek0ihlt3.exe
uRun: [jnbiu5b7ztcx05foah] c:\docume~1\owner\locals~1\temp\r5q3tax.exe
uRun: [tep4shvmvlkc0kj8s19fc7n04] c:\docume~1\owner\locals~1\temp\cjxm0lnlfz8.exe
uRun: [tvwwvunak7gw1o] c:\docume~1\owner\locals~1\temp\nlx56vpeih8n.exe
uRun: [jtndbjyxfqt] c:\docume~1\owner\locals~1\temp\irz9bgg5.exe
uRun: [v26b16heoe05mnhiv9q4] c:\docume~1\owner\locals~1\temp\i1uthwxm6nju.exe
uRun: [fwrjt9jqdqe48hvf10ft5z5] c:\docume~1\owner\locals~1\temp\u66ayo7nh.exe
uRun: [cpf73ljoqlv27piyjpnigp] c:\docume~1\owner\locals~1\temp\a8psah.exe
uRun: [tni0s5rzew02gdx0gxio5khjfiv43xmncwbs] c:\docume~1\owner\locals~1\temp\gn7r69.exe
uRun: [yuwex35pus4d] c:\docume~1\owner\locals~1\temp\ssj8n1bihsi.exe
uRun: [fe9u34bgmg0vh12d81ivv8aajoq40l80q9pcpo] c:\docume~1\owner\locals~1\temp\y6kmt8jay.exe
uRun: [ypnb4zvtvw6k5lrgdynham6qddk7mju2bj851w5ktdkqr] c:\docume~1\owner\locals~1\temp\w1vxj6d9p7q1.exe
uRun: [rhtmiken9l3btywp37hsknb6g89v4he9bhy] c:\docume~1\owner\locals~1\temp\dax2ry.exe
uRun: [vdq7w15yyl3xvhxvtc4ppcavcvgxcwpcsyegx9] c:\docume~1\owner\locals~1\temp\l4ig9vr5abm7g.exe
uRun: [ge2db6c6b7rc81] c:\docume~1\owner\locals~1\temp\quayak.exe
uRun: [oatp599ben9zuifc0zh0mqoizh7uh5eul9b3f01p3lq] c:\docume~1\owner\locals~1\temp\zi6fqxtj.exe
uRun: [txraw4dzqgkoilw2ytqf66qi8niufguw8] c:\docume~1\owner\locals~1\temp\ghd0oj.exe
uRun: [rjqyoemur61d1i4vg496] c:\docume~1\owner\locals~1\temp\dc1h8kgk4.exe
uRun: [cxnfj2eg0eu9hw8nybw776sb3p209159s8mpot3b4yy6yfopj] c:\docume~1\owner\locals~1\temp\kbr2rwa.exe
uRun: [qu9szyam2ql] c:\docume~1\owner\locals~1\temp\vpflh70musk.exe
uRun: [i8dhzqjer] c:\docume~1\owner\locals~1\temp\com60juyt.exe
uRun: [ehg07kqtnj0rekm8qtyljzaazbe7wk9iev0sxv3otzwu5da0] c:\docume~1\owner\locals~1\temp\cy0qpzufma9ff.exe
uRun: [jf1x60hk3qv8qi3] c:\docume~1\owner\locals~1\temp\x4jubk2ny.exe
uRun: [qsi18c1ww3rukz] c:\docume~1\owner\locals~1\temp\tp2wn46s4au.exe
uRun: [dz5lm7tn5h] c:\docume~1\owner\locals~1\temp\byxfxxkf4g.exe
uRun: [c4dsss3r94w6j2dxbxg3ndtrzqji07zeri4ndh1i86cd696yu] c:\docume~1\owner\locals~1\temp\ix40gsxr.exe
uRun: [gzq3emelkxltk0yo31] c:\docume~1\owner\locals~1\temp\d364ld5zws6d.exe
uRun: [f0gd9e8gaesx] c:\docume~1\owner\locals~1\temp\nccrgna3t.exe
uRun: [k7n79coe7vb0] c:\docume~1\owner\locals~1\temp\f9cheohb.exe
uRun: [zd8aaqc40doux892u92f3627hnumncs4c] c:\docume~1\owner\locals~1\temp\qxekaw7i.exe
uRun: [xum0008f949p5rob9rolxdmsr33vy4xlrpn2d1tb] c:\docume~1\owner\locals~1\temp\umx5gadozb4x.exe
uRun: [hrnmtqx8m] c:\docume~1\owner\locals~1\temp\tr6u4q.exe
uRun: [vq8u82cx08tf22ik0hkdbbbaogj] c:\docume~1\owner\locals~1\temp\qpq05a8t.exe
uRun: [o5nnwvcdrmfjrlpx75gf6hecvddp6xlvwr] c:\docume~1\owner\locals~1\temp\gbwcve.exe
uRun: [vbtnshe09f1mi5qg] c:\docume~1\owner\locals~1\temp\krah78.exe
uRun: [n5ow8e901zfg2y4jdcr3qxqevd67frgqo] c:\docume~1\owner\locals~1\temp\mw26v5pa.exe
uRun: [zs9dmibmwnll9d45q95m3l8bf99tz] c:\docume~1\owner\locals~1\temp\vfwkhu9k6ii.exe
uRun: [q5zc8v1i1i1lj4rjz04ljpzdmjb48908t] c:\docume~1\owner\locals~1\temp\z9am37rtcoc2.exe
uRun: [fv5p84zrde3njmoe39fh4nra8tqiygdmc5b41q4fcx5hoyqsbr] c:\docume~1\owner\locals~1\temp\f4s09ez03v.exe
uRun: [ia3h3acfxqmubj4s3f2w6le2j8gfh4jdr9nxp34lvh] c:\docume~1\owner\locals~1\temp\xh64i1j2cjgu.exe
uRun: [piusah5in6zkvtlx5mqoeesd4vtcdhe8x6lj4ea46] c:\docume~1\owner\locals~1\temp\pn88nmra.exe
uRun: [vomsbtuphorcgxj9o3c3] c:\docume~1\owner\locals~1\temp\zcvr79.exe
uRun: [hwso0rcjlhvqf1n517y8c9ij13dbj6qkz8u45ocw42] c:\docume~1\owner\locals~1\temp\ytsxu0yo23r.exe
uRun: [i4uxkft9x23xzuqy87xijtw7e7k95lb6u] c:\docume~1\owner\locals~1\temp\dsswfd.exe
uRun: [rirmv3sqsa7vrg9clhsf9mmzyxeexjnp035oy] c:\docume~1\owner\locals~1\temp\ofiac8m.exe
uRun: [v9x5ojh0c61fo1yua96o3] c:\docume~1\owner\locals~1\temp\vogxei.exe
uRun: [zxq0imk7ttreamg23tah1mypq38pnj44] c:\docume~1\owner\locals~1\temp\fsiidcs01.exe
uRun: [y4obk7t3mkhz] c:\docume~1\owner\locals~1\temp\n6dldmb.exe
uRun: [erqbwhqvl9xgb52mjhp6a8jlug8dqxb4dsmmoqjmja] c:\docume~1\owner\locals~1\temp\uaf6vx0grm.exe
uRun: [ugcu06xnin41lekkwg8my2of6olazuwn7fm] c:\docume~1\owner\locals~1\temp\ng8522sibae.exe
uRun: [si3nkwox5r50vpgmeujp2iewenj8iztktg3] c:\docume~1\owner\locals~1\temp\yzropcdbesx9.exe
uRun: [gb1zph11apxqupsthi80d30jy1qsoalzyys5i40vsljtrmsq] c:\docume~1\owner\locals~1\temp\x8mqhgje40r.exe
uRun: [iazip60w1qtanl70orn6s87cf0huc9gh7l1dgwvh1v9k] c:\docume~1\owner\locals~1\temp\ima97nj.exe
uRun: [rpw2q8ik9y6qgotma8xq78lczzkeaybuh3dhp8f2s] c:\docume~1\owner\locals~1\temp\wfovjd2j2y8g.exe
uRun: [qyqo2twr58i6] c:\docume~1\owner\locals~1\temp\pqjeggizmm2r.exe
uRun: [ncevvb94ahrjzj431855uemodcyzpkslthocstny6kxsv42prr] c:\docume~1\owner\locals~1\temp\ae20v78684pc.exe
uRun: [c5thpmj4ci8wgiiooc0823buy4jqv6sokwtm3c2v] c:\docume~1\owner\locals~1\temp\ohbndu8xxy7hs.exe
uRun: [i4x6jprvzbq87c6c3pjfn] c:\docume~1\owner\locals~1\temp\v6noq9l.exe
uRun: [q4new9tzrsazlu2j1yg24xgwqu7jlfem2] c:\docume~1\owner\locals~1\temp\ocznxvwu.exe
uRun: [gzp9t7ln735aehdymtd34jq71q93louoij] c:\docume~1\owner\locals~1\temp\ulyhd4g.exe
uRun: [zuv3rz66igf3dsxch21lv6] c:\docume~1\owner\locals~1\temp\s2bct0y4v.exe
uRun: [ziun39ob1q59b1uw2mjho] c:\docume~1\owner\locals~1\temp\p9ncg2a.exe
uRun: [jwzu15ajignynfbzq73yuvk9tbu55ve60r9vj5ybv] c:\docume~1\owner\locals~1\temp\dgzvjbou5ngrd.exe
uRun: [kq3sy4xshd3kdtmpabjp7iotznasthr9ebc375ali] c:\docume~1\owner\locals~1\temp\vc6wigflohs1x.exe
uRun: [llvwnnntj27tgkjs636qlfug8obdesafslslrefe9m] c:\docume~1\owner\locals~1\temp\lksu36x3mt4yc.exe
uRun: [pvxfhkutysjw] c:\docume~1\owner\locals~1\temp\njcr2eqw20efq.exe
uRun: [v05bs3d60l4uu] c:\docume~1\owner\locals~1\temp\x2szgm16noc.exe
uRun: [v06lc48u6nsat6jvmfs9m9k31urykjmaswwa04zih4] c:\docume~1\owner\locals~1\temp\lzdgjx9w.exe
uRun: [jjdrqoa4kvk6qb43zrzw3q71ks6s775mw79tywymfn8] c:\docume~1\owner\locals~1\temp\k5mvi8m8k1a.exe
uRun: [dq1ezxg6qbubacyvvfvz3gdyp4] c:\docume~1\owner\locals~1\temp\g2txvaer.exe
uRun: [kjq1ips3tbk1kuxlj0krk0ptkna] c:\docume~1\owner\locals~1\temp\ceemnsso.exe
uRun: [s2qz5dmfqn9su7h9c3kz80] c:\docume~1\owner\locals~1\temp\jw47p4.exe
uRun: [fqwatilm02f] c:\docume~1\owner\locals~1\temp\ec1v05.exe
uRun: [z16pzhme4085fp9u0lyfulz3d919yk5rxrgtzu5o] c:\docume~1\owner\locals~1\temp\a98xd75r3qq.exe
uRun: [y8b2wcdbo7rltqef86pti99v1cp0bfs7w5qzwkkkth] c:\docume~1\owner\locals~1\temp\qrpwndl.exe
uRun: [c2kdprnry5hebjsfek8] c:\docume~1\owner\locals~1\temp\lxr0sycy68d.exe
uRun: [j3tqsm8mo1rq] c:\docume~1\owner\locals~1\temp\e8m2p1se9w7.exe
uRun: [f2kyoljxkx0im6jhcosny59218czy62wb2s5pvntptek] c:\docume~1\owner\locals~1\temp\dfoor21ef033.exe
uRun: [dmw21wvjw57fur5nrowpd9e84w7eue3] c:\docume~1\owner\locals~1\temp\dpj8gz1v.exe
uRun: [fkzy6xpsjx9bi58p9vmka9r0ru8akbcl8gk5faln] c:\docume~1\owner\locals~1\temp\z5qatkte4f2kz.exe
uRun: [rnkxt4r24teqkfkrevc9bqnur7d5] c:\docume~1\owner\locals~1\temp\x0d726b.exe
uRun: [h6boihjn8x8kj7h2o2zkjnnjmly4] c:\docume~1\owner\locals~1\temp\tx8nfkf0yl6xa.exe
uRun: [h2h0j6tsphhzzf4] c:\docume~1\owner\locals~1\temp\tcmabhkv.exe
uRun: [z380bc9fi8] c:\docume~1\owner\locals~1\temp\hajxw5826yys.exe
uRun: [xx29necngrl8k7haj8rmxplbifyp8rm046m56hk] c:\docume~1\owner\locals~1\temp\dqqzsq0lj.exe
uRun: [ri5r12jxy4ydtgullt5l7c90ia6684w1r] c:\docume~1\owner\locals~1\temp\oe92oyqs5.exe
uRun: [v5ofqswfzllnvogtdhik3c6frj4bltk2bmhzs6dr2i74oag2] c:\docume~1\owner\locals~1\temp\gbdt9hrb0aw.exe
uRun: [qdxurmi6ouz4hmxh5fmb3t8] c:\docume~1\owner\locals~1\temp\l4hzdw5yls.exe
uRun: [hyc7l5rocuu3jub4125g] c:\docume~1\owner\locals~1\temp\qzc2w67z.exe
uRun: [r1te808vp8bb49gs7521tpa6] c:\docume~1\owner\locals~1\temp\xyjnfi.exe
uRun: [s65dm4qxojjqg9bhufiase] c:\docume~1\owner\locals~1\temp\disaae.exe
uRun: [bpzpf9xgq8n3r] c:\docume~1\owner\locals~1\temp\veguqj.exe
uRun: [rsx7x4p2hendogufgn4if35ijllm6rsg2di9jhwr] c:\docume~1\owner\locals~1\temp\cd6wsv3v5b5b.exe
uRun: [anp26xv93hpqvkmxkn0wwe6e23vlyr28z2lx46fj] c:\docume~1\owner\locals~1\temp\kwdz8ny.exe
uRun: [v7nx6hkhkc2ozkmossoj355dvz1hdah] c:\docume~1\owner\locals~1\temp\rv3krzsbez5yz.exe
uRun: [krlwjy2dfrksxt3fsvgkauktwvkjumfh5at81gm866cm] c:\docume~1\owner\locals~1\temp\f7y63pu4an.exe
uRun: [a94bimrcn1wsxnlqew4ry3ffj9jlyfoue09] c:\docume~1\owner\locals~1\temp\fthqc6zit.exe
uRun: [uniymjildi69tae2vd9kfuw4d9gk63432nscz9g5oabae1jr8] c:\docume~1\owner\locals~1\temp\ta7t4cuvi0f.exe
uRun: [xcz6mrs3frchi7uujo] c:\docume~1\owner\locals~1\temp\lnlxdzxx8osua.exe
uRun: [mb6sl6q9lmkhltuwgxvoi4ztfbjnicc672omu53b] c:\docume~1\owner\locals~1\temp\wplg09.exe
uRun: [foc9duxnknwvce8q] c:\docume~1\owner\locals~1\temp\vpi5r7pqtc7.exe
uRun: [hd7dazpcdklbq6rrrpz45verf] c:\docume~1\owner\locals~1\temp\ocu4yc0sd0el.exe
uRun: [vu89n6k9mpo3lmzs6t8p0w1yl32y] c:\docume~1\owner\locals~1\temp\zeun4m2lgixch.exe
uRun: [cybwdl8qfc0nk56e5pgj2eeflhymcesfwl6m7erap3egcocp] c:\docume~1\owner\locals~1\temp\cy3agzjjluwql.exe
uRun: [wm6r3fxl4u] c:\docume~1\owner\locals~1\temp\u6fbzoy7.exe
uRun: [fptxhhcjebxvv2s7vi15r] c:\docume~1\owner\locals~1\temp\vgk9q5iic.exe
uRun: [crdts3rai7xi8lm5cp3n1og] c:\docume~1\owner\locals~1\temp\uglocu.exe
uRun: [nveimx3gp1t9m3gsekhqs97khk] c:\docume~1\owner\locals~1\temp\ijqlg9r.exe
uRun: [jdkm6y04fbbmg8p1rzqpet6nhn5qw5rbp] c:\docume~1\owner\locals~1\temp\t7s7chy.exe
uRun: [xov3nrjhb6cd3wgq6bp511z] c:\docume~1\owner\locals~1\temp\ddp99zo0jbbvf.exe
uRun: [lqk6p7a7cmplm] c:\docume~1\owner\locals~1\temp\xtvru5aix.exe
uRun: [zaqtisdvh6s] c:\docume~1\owner\locals~1\temp\uo7mvzamwhf8q.exe
uRun: [cau60exr8velr8ejy04pay0j4xis695gq7afpel9tw] c:\docume~1\owner\locals~1\temp\eouejpe7oie1g.exe
uRun: [icowwh6s6xhtn6e1pze1nkjqj3xllcd6p] c:\docume~1\owner\locals~1\temp\r12drc64m.exe
uRun: [z25gbb82zxgkr5o1] c:\docume~1\owner\locals~1\temp\gzjulhex.exe
uRun: [b76uccuxtu9vfniklyekjf678w4e9qjarzwlx6xh7osgfafaj0] c:\docume~1\owner\locals~1\temp\u9zz72q7.exe
uRun: [u4pjubgswb4ob80gwfza0i1hdx] c:\docume~1\owner\locals~1\temp\nwbye719z.exe
uRun: [pgw7zo0fonn5y49ht9466zb21g1l4u9qiwbmunuxv9i80ktp] c:\docume~1\owner\locals~1\temp\z8zfbyndmx9.exe
uRun: [x1hddl7jofn2bxuhta4nb58h62ti6] c:\docume~1\owner\locals~1\temp\n1u1n56n.exe
uRun: [qnr9x6igq9j8ocmdks0c0jwuljirptrt0grxg] c:\docume~1\owner\locals~1\temp\rq6j0kji5r.exe
uRun: [q1lysbjx0zsabyf] c:\docume~1\owner\locals~1\temp\ejhbk8bsj4wn.exe
uRun: [r3ks0qvev7f3a7e09i3ed8xkgixobllegh2gl] c:\docume~1\owner\locals~1\temp\h37yflsq5ge1.exe
uRun: [c9s9ggimgb0kd6y8suczzfwtfm6ysr7u7b4e8m454hy0pvdt] c:\docume~1\owner\locals~1\temp\tfvftv.exe
uRun: [qv8lhz72signhs66myrtzosh874k] c:\docume~1\owner\locals~1\temp\swsl5ji2cn4.exe
uRun: [ze4sw531am7649bvl138z5tgwkxnp0wuinanb] c:\docume~1\owner\locals~1\temp\ts03fm8n.exe
uRun: [ikrh4s2ksh22j6] c:\docume~1\owner\locals~1\temp\pdj586csqz.exe
uRun: [yhur7kpcm2rcpq2kbfee] c:\docume~1\owner\locals~1\temp\qno3znwkrts.exe
uRun: [gj0uyow1kezl77g1d0uken0pb7s0m776cjdt5du] c:\docume~1\owner\locals~1\temp\bp7m5xydubbi.exe
uRun: [hb0vk8fyfekv4m3k5x7rlp4thimbdnj39qwi15dzi5y6xdt] c:\docume~1\owner\locals~1\temp\whsa0zu.exe
uRun: [m0l755ma6] c:\docume~1\owner\locals~1\temp\dq1iiqymo6q.exe
uRun: [avxezfi2kal3] c:\docume~1\owner\locals~1\temp\ud0svsfuic7h.exe
uRun: [ypxt4scxhciw8bal4u7tmamknj1eii8y41i4t1ytvpqgh0] c:\docume~1\owner\locals~1\temp\qk9yqs0.exe
uRun: [qiutuw0t7] c:\docume~1\owner\locals~1\temp\ofk9gqu8v1.exe
uRun: [dv208jsol71miolwqzb29hridy95] c:\docume~1\owner\locals~1\temp\kw7i2h05w.exe
uRun: [mbwwzqncrf6wc59feb9] c:\docume~1\owner\locals~1\temp\gm940o5j9k.exe
uRun: [netkxssspt3p9kmh83] c:\docume~1\owner\locals~1\temp\sv1e6fw.exe
uRun: [enmch7efj] c:\docume~1\owner\locals~1\temp\wpwz9sxa.exe
uRun: [navu83elfw6bn2cf3raqljw1tbsa7vx7poh6fklpy] c:\docume~1\owner\locals~1\temp\om07dsyabk.exe
uRun: [kmj2eioyhrhk1tk] c:\docume~1\owner\locals~1\temp\b5gfr4gy.exe
uRun: [ev9h013ajc3g9v7d5sgkept4m68uqn2wyyx9paf9] c:\docume~1\owner\locals~1\temp\uq61d2609l0l.exe
uRun: [klpflur72gx2d4i] c:\docume~1\owner\locals~1\temp\pirp84j.exe
uRun: [c9jq4v0kobm6yrdpd02njqkaohxma8w] c:\docume~1\owner\locals~1\temp\iamro7i.exe
uRun: [nnb4zhhusge1tkm5wb4ynkaqzkfwbmz3a7ns4nd] c:\docume~1\owner\locals~1\temp\hf2hmmdgpyl.exe
uRun: [a4utvduvw3gia5imzbiwh09hfvwfh8xi5d6zhqonoc59] c:\docume~1\owner\locals~1\temp\hpxkb2d.exe
uRun: [y4q8u7rts28crr7ci28ibk763uzi04p735bms9s9e95jb] c:\docume~1\owner\locals~1\temp\y6nn3r8a7.exe
uRun: [nl3w8v80wyt8c4uh2wt39mdfr6gmqj9yhvvez7c5l8] c:\docume~1\owner\locals~1\temp\ffpssj2mggv.exe
uRun: [xnb4frwgwbqp54] c:\docume~1\owner\locals~1\temp\mvmx4dp9mmv.exe
uRun: [kzus3zv50cl8u4ppnfv1v9bp30da70vyavtgdikplo] c:\docume~1\owner\locals~1\temp\ti5i3o.exe
uRun: [p2nsrsvyd7mn3hhyks9hady2f9kgxst6v7] c:\docume~1\owner\locals~1\temp\ex98yuv605un.exe
uRun: [e52h3fhld77d1fw77thsiww8exc9qa2vp] c:\docume~1\owner\locals~1\temp\z8uwcwr.exe
uRun: [t9huknf7h45u5yk] c:\docume~1\owner\locals~1\temp\og6gc26g2t.exe
uRun: [x20q2vyhc3pgk7wzjuyxcf70vlr96e95pj] c:\docume~1\owner\locals~1\temp\fxwj4r1tannt.exe
uRun: [n50cat6104l] c:\docume~1\owner\locals~1\temp\cipzic895bs.exe
uRun: [hh1v7ejk7fmpitlu09qrolqzibthgjc] c:\docume~1\owner\locals~1\temp\cskjosp.exe
uRun: [s0b0ifpwae9203p6uerbuncytcr] c:\docume~1\owner\locals~1\temp\uaande.exe
uRun: [hdnludm9wmc7bevyv601oinxhdkymd6bm6cr8u] c:\docume~1\owner\locals~1\temp\ec7crmwol356.exe
uRun: [hqtm9khwev2ra2q2955sg5zflfvo7n] c:\docume~1\owner\locals~1\temp\ukcrcce6juap.exe
uRun: [iput7287msc2qtgot4fwjfai57mah0bhic0by8ijp] c:\docume~1\owner\locals~1\temp\t5vtod.exe
uRun: [r8o50mpcxwrz8gpnqk1meq0j9nu4n4v6] c:\docume~1\owner\locals~1\temp\l1jd4i.exe
uRun: [pkt49pfg7rnvqo0c2jdhg2no61x5] c:\docume~1\owner\locals~1\temp\tfqwut3zw8.exe
uRun: [xowmcc0y74fi6lx69cjqit18010l] c:\docume~1\owner\locals~1\temp\eyqf03k2li2.exe
uRun: [noyvotwywyer] c:\docume~1\owner\locals~1\temp\lbxxty901u.exe
uRun: [bo8b8e3gkeglqzqsy5zml2o2whu93lktuqczslree] c:\docume~1\owner\locals~1\temp\m22v1yab2o9.exe
uRun: [rjjs27xaexq1baufoe2tqkwcmm85i] c:\docume~1\owner\locals~1\temp\cop7a2229.exe
uRun: [feik5xqgziaz0trmfhkswql3yyk90zjadh2g5g1z9] c:\docume~1\owner\locals~1\temp\vb1phod4tc.exe
uRun: [i6qxk4f0x954ppru7ietylxx90p0twtv8cr4v] c:\docume~1\owner\locals~1\temp\gdk8nyfxfud.exe
uRun: [d5i3og83wuc] c:\docume~1\owner\locals~1\temp\vlw9n4.exe
uRun: [ymzrl9gw70atp8mjdgyp6gfyy6lfmcsil8tspijfbho8hz85] c:\docume~1\owner\locals~1\temp\z5faor9lkq4.exe
uRun: [y8j9s09hkk5x0d4cst] c:\docume~1\owner\locals~1\temp\g9yc2v.exe
uRun: [i81b4vbde2kycppi7cpg5d2zif0ys0ai3] c:\docume~1\owner\locals~1\temp\feel0af6qp.exe
uRun: [fe9hajs0v7wlxeijty3] c:\docume~1\owner\locals~1\temp\pig6zlllz7uef.exe
uRun: [rpkbqtdd8knb8zwngged3yr8sy93sz2popjr57nekyw5m5vy] c:\docume~1\owner\locals~1\temp\dguck9s9e.exe
uRun: [df1rrwtamwkwpvzarfdk] c:\docume~1\owner\locals~1\temp\wm6bre3byj.exe
uRun: [fgksvyf3a2mqxwqix5c8igusu5] c:\docume~1\owner\locals~1\temp\ld1vakizo7632.exe
uRun: [y3snl87q1pgne32v9sy4m0t4e0b56zs35nsr] c:\docume~1\owner\locals~1\temp\s7pd3y7x4jz5.exe
uRun: [f8vukxamop0cbr01dl66igc4jl1uyi4ukw810rkuoctugf] c:\docume~1\owner\locals~1\temp\e0uuhp.exe
uRun: [m03vznz8cyuqibccog3e8b2u18d07qg4k525] c:\docume~1\owner\locals~1\temp\wrpe0v8py.exe
uRun: [oa4c4h36qxhgh8sheue49fi2eehkd2w88npdzl3bdv] c:\docume~1\owner\locals~1\temp\onwfg0zg0.exe
uRun: [hzj5fmmsz9p5y8tcvtcurtuv77zn7ah32m1w0wtfykg3] c:\docume~1\owner\locals~1\temp\ha8xn5aik1.exe
uRun: [ay2h4iov0mg61bomhi5a] c:\docume~1\owner\locals~1\temp\pe1d7hjriq.exe
uRun: [pw158l9th46o5e48xbnfhpntha95mhaw53x5] c:\docume~1\owner\locals~1\temp\cgrisq.exe
uRun: [ydohheudpx5k46crn1kfru7d8kxkswx0solr3wu8nqaadfl] c:\docume~1\owner\locals~1\temp\clal1sw1n5hil.exe
uRun: [k1ecpbpf395uvrr] c:\docume~1\owner\locals~1\temp\n9coxfdui2y6c.exe
uRun: [flkhx8s4a1qovleqw1b06h4dt54ote8wv4zfosmyagwmzkzfhv] c:\docume~1\owner\locals~1\temp\ysc73p.exe
uRun: [lciamtc526lz25] c:\docume~1\owner\locals~1\temp\f5jpdk4l1wazd.exe
uRun: [x35zllg6n1c56] c:\docume~1\owner\locals~1\temp\clx3o6hy.exe
uRun: [ao241btiy8068yjz] c:\docume~1\owner\locals~1\temp\jzeazx.exe
uRun: [r58b8rtdnn29qba0t7ekh9cf] c:\docume~1\owner\locals~1\temp\r3790s.exe
uRun: [udqwekha6dfcsptf3ahvh9vxvvsf2] c:\docume~1\owner\locals~1\temp\iuswhxqgn8wq.exe
uRun: [qmki95ch2nrs01jiv0jmfwk1sptqgy4ws85qmdi702] c:\docume~1\owner\locals~1\temp\bmnye06wqwqi.exe
uRun: [nmr3yiyrnvncgzq2kysl9x27y1a0nhmlmxqyw8pwxsrykz] c:\docume~1\owner\locals~1\temp\u9zgl5hyakxz2.exe
uRun: [rzxf42bc9zbla5o68g9dfc9ilslkd] c:\docume~1\owner\locals~1\temp\lvp3ms.exe
uRun: [roy3cg6v6gy5smy25] c:\docume~1\owner\locals~1\temp\pp3op98.exe
uRun: [en5rwgzhuj0vlyn9ex5hsroxikgsrs47s3kyzukm6jnlz16imc] c:\docume~1\owner\locals~1\temp\oucddl31x.exe
uRun: [bg0iqp017dyixdgjtfuxinecd9mwl56ozxes] c:\docume~1\owner\locals~1\temp\khoc37eo7h.exe
uRun: [thzanctlvj1igi83n] c:\docume~1\owner\locals~1\temp\hcccn82h7xvnw.exe
uRun: [smonyt3k8401s2e] c:\docume~1\owner\locals~1\temp\r47x21ki9lj9h.exe
uRun: [krqy80vtuhzwrsjyvuvijdi4zur1h3qj9at42mtt8o] c:\docume~1\owner\locals~1\temp\vtjyfxx.exe
uRun: [k4om2j3ss2wub2iars8r] c:\docume~1\owner\locals~1\temp\idwuyjz.exe
uRun: [pabid1le4breogoaqistnv4] c:\docume~1\owner\locals~1\temp\coe71j4.exe
uRun: [ovn3u8v9gpp7fg3rsd5h2e3d9q3ypsl00x68ng] c:\docume~1\owner\locals~1\temp\q1ph14.exe
uRun: [y34hbwmap53pgy7ec7f60x2d3isb6pa80f] c:\docume~1\owner\locals~1\temp\psoa80gcd.exe
uRun: [nz19y26oao3efc] c:\docume~1\owner\locals~1\temp\on2wqh1.exe
uRun: [n75xbr6lzl2s0yllknb78zm6o3cl4t6gnes8fdkz8fbtk3iqh7] c:\docume~1\owner\locals~1\temp\ojzjme6aoo.exe
uRun: [qh12k6wf54ca3fftuhodj359911m2sng] c:\docume~1\owner\locals~1\temp\cqim15d0a6.exe
uRun: [yuo84o9l42yje] c:\docume~1\owner\locals~1\temp\nek8xdk7do.exe
uRun: [e6enbfl8p2v8vht0utj92dj2r1latl6780j] c:\docume~1\owner\locals~1\temp\udragpxj.exe
uRun: [c0cru5nhbll76ikfh778x319ig7youo2nw4bmtxtmm70sc08pi] c:\docume~1\owner\locals~1\temp\uiad662.exe
uRun: [li3tuqe5s2ly5gsqie81jxvxm1sqr4w8aam] c:\docume~1\owner\locals~1\temp\qpcz87bx.exe
uRun: [l8o4eqsf19hhnudgi64ii002ro762] c:\docume~1\owner\locals~1\temp\sulow4w0tv.exe
uRun: [mjc1oipq1vkelvv44cjym4jheyhokmmpk7ua] c:\docume~1\owner\locals~1\temp\x3go6xana.exe
uRun: [irtk5kppcbanz802orzooiql5703e] c:\docume~1\owner\locals~1\temp\lmg7c7cgdj.exe
uRun: [AOL Fast Start] "c:\progra~1\americ~1.0\AOL.EXE" -b
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AOLAspSunset2] c:\documents and settings\all users\application data\aol\userprofiles\all users\antispyware\dat\updates\aspapp\sunsetAsp2.exe
mRun: [HostManager] c:\program files\common files\aol\1152155422\ee\AOLSoftware.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.15.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} - hxxp://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151970597987
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles/dreamweb.1.0.0.6.cab
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/SpinTopGamesLauncher.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://legacy.aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-lotus-deluxe/zylomplayer.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} - hxxp://aolsvc.aol.com/onlinegames/free-trial-sweetopia/Sweetopia.1.0.0.22.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: ssqQhfdb - ssqQhfdb.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: wqjspp.dll fgiegs.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [2006-7-3 78336]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-5 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-5 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-5 107272]
R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-5 298264]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-7-3 1251720]
R3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]

=============== Created Last 30 ================

2009-03-05 18:27 --d----- c:\program files\Trend Micro
2009-03-05 17:14 1,836 a------- c:\windows\system32\tmp.reg
2009-03-05 05:06 --d-h--- C:\$AVG8.VAULT$
2009-03-05 04:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-05 04:58 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-05 04:58 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-05 04:57 --d----- c:\windows\system32\drivers\Avg
2009-03-05 04:57 --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2009-03-05 04:56 --d----- c:\program files\AVG
2009-03-05 04:56 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-05 04:10 --d----- c:\program files\common files\Software Update Utility
2009-03-04 19:49 --d----- c:\windows\ERUNT
2009-03-04 19:48 --d----- C:\SDFix
2009-03-04 04:04 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-04 04:03 --d----- c:\program files\SUPERAntiSpyware
2009-03-04 04:03 --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-03-04 04:03 --d----- c:\program files\common files\Wise Installation Wizard
2009-03-03 20:51 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-03 20:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-03 20:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 20:26 --d----- c:\program files\EsetOnlineScanner
2009-03-03 19:59 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 19:59 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-03 18:55 --d----- c:\docume~1\owner\applic~1\IObit
2009-03-03 18:55 --d----- c:\program files\IObit
2009-03-03 16:47 --d----- c:\program files\Spybot - Search & Destroy
2009-03-03 16:47 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-28 09:29 439 a------- c:\windows\system32\win32hlp.cnf
2009-02-28 09:27 718 a------- c:\windows\system32\test.ttt
2009-02-26 16:16 132,608 a------- c:\windows\ibidigipa.dll
2009-02-14 15:15 120 a--sh--- c:\windows\system32\atfsiwsf.ini

==================== Find3M ====================

2009-02-28 09:28 104,960 a------- c:\windows\system32\userinit.exe
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2006-09-18 19:29 490 a------- c:\docume~1\owner\applic~1\wklnhst.dat

============= FINISH: 18:33:19.51 ===============

Edited by Orange Blossom, 14 March 2009 - 11:06 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:09:44 AM

Posted 18 March 2009 - 09:07 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:08:44 AM

Posted 19 March 2009 - 07:59 AM

Thanks for getting to me. I realize that everyone is very busy. I have played around with the system quite a bit since my last post on AII. I'm not even sure what all was done, so if we can start over at this point, that would be great.

The primary issues at this time are when I am online, none of the graphics show up (that was a big reason why I sought your help!). Wherever there should be a graphic, I see a placeholder (small square with a red square, blue triangle and green circle).

I also noticed that I cannot change the "Automatic Updates" settings. I have XP SP2 and I was hoping to update to SP3 to see if that alleviated the graphics issue. I tried to use the red sheild in the tray, but it told me it could not do it that way. It suggested that I use control panel, system. So I did. It says its enabled. Then, when I click the red sheild, again, it shows as disabled. I went directly to Microsoft updates on the web, and got an error message about auto updates and BIT, or something. The instructions on the page suggested running Start>Run>services.msc. When I attempt to change the setting for Auto Update from disable to Automatic, I get an "Access Denied" message.

So, needless to say, I still need help. Last night I ran Super, AVG and MBAM in safe mode. All showed clean. I also ran a full scan using gmer.exe (I had a rootkit on another computer in the house). That scan also showed nothing.

Here is the DDS log, and "Attach.txt" is attached.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 7:45:16.20 on Thu 03/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.179 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.15.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} - hxxp://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151970597987
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles/dreamweb.1.0.0.6.cab
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/SpinTopGamesLauncher.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://legacy.aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-lotus-deluxe/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} - hxxp://aolsvc.aol.com/onlinegames/free-trial-sweetopia/Sweetopia.1.0.0.22.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-5 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-5 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-5 107272]
R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-5 298264]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-7-3 1251720]
R3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-3 38496]

=============== Created Last 30 ================

2009-03-16 21:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-16 21:40 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-14 12:16 <DIR> --d----- C:\gmer
2009-03-14 09:18 <DIR> a-dshr-- C:\cmdcons
2009-03-14 08:02 <DIR> --d----- c:\windows\pss
2009-03-14 07:59 <DIR> --d----- c:\windows\SxsCaPendDel
2009-03-05 21:27 <DIR> --d----- c:\program files\Trend Micro
2009-03-05 08:06 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-05 07:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-05 07:58 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-05 07:58 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-05 07:57 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-05 07:57 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2009-03-05 07:56 <DIR> --d----- c:\program files\AVG
2009-03-05 07:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-04 22:49 <DIR> --d----- c:\windows\ERUNT
2009-03-04 07:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-04 07:03 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-04 07:03 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-03-04 07:03 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-03 23:51 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-03 23:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-03 23:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 22:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 22:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-03 21:55 <DIR> --d----- c:\docume~1\owner\applic~1\IObit
2009-03-03 21:55 <DIR> --d----- c:\program files\IObit
2009-03-03 19:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-03 19:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2006-09-18 22:29 490 a------- c:\docume~1\owner\applic~1\wklnhst.dat

============= FINISH: 7:45:53.34 ===============

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:44 PM

Posted 19 March 2009 - 02:16 PM

Hi

Have you run ComboFix by yourself (not recommended!)? Some signs tell me that might be the case. If so, please post contents of ComboFix.txt file (search for the file).

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:08:44 AM

Posted 19 March 2009 - 02:55 PM

I think I ran it several times. I ran it once, and it seemed fine, but then didn't finish. After I saved the log, I had to do a hard shut down. When I restarted, the clock was (still is) messed up, so I figured Combo had not finished. So, I ran it again, hoping that it would finish. It got stuck the second time, again, so another hard shut down, and I gave up on running it. I know I shouldn't have, but it looked like that's what people are always asked to do (and, yes, I have seen the warning in the posts...). I am sorry, and I will not run anything else without your specific instructions.

This is the log from the last time I ran it:

ComboFix 09-03-13.02 - Owner 2009-03-16 19:56:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.191 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
.

2009-03-16 19:40 . 2009-03-16 19:40 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-16 19:40 . 2009-03-16 19:40 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-14 10:16 . 2009-03-14 10:16 <DIR> d-------- C:\gmer
2009-03-14 10:15 . 2009-03-14 10:34 277,914 --a------ C:\gmer.zip
2009-03-14 07:51 . 2009-03-14 07:51 <DIR> d-------- c:\program files\CCleaner
2009-03-14 07:26 . 2009-03-16 19:33 <DIR> d-------- C:\MGtools
2009-03-14 07:26 . 2009-03-14 07:27 61,597 --a------ C:\MGlogs.zip
2009-03-14 07:13 . 2009-03-14 08:25 1,339,834 --a------ C:\MGtools.exe
2009-03-14 05:59 . 2009-03-14 06:00 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-05 19:27 . 2009-03-05 19:27 <DIR> d-------- c:\program files\Trend Micro
2009-03-05 06:06 . 2009-03-05 14:16 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-05 05:58 . 2009-03-05 05:58 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-05 05:58 . 2009-03-05 05:58 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-05 05:58 . 2009-03-05 05:58 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-05 05:57 . 2009-03-14 05:30 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-05 05:57 . 2009-03-05 18:25 <DIR> d-------- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-03-05 05:56 . 2009-03-05 05:56 <DIR> d-------- c:\program files\AVG
2009-03-05 05:56 . 2009-03-05 06:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-05 05:02 . 2009-03-05 05:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-03-04 20:49 . 2009-03-04 20:50 <DIR> d-------- c:\windows\ERUNT
2009-03-04 20:48 . 2009-03-04 20:59 <DIR> d-------- C:\SDFix
2009-03-04 20:36 . 2009-03-04 20:36 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Malwarebytes
2009-03-04 16:27 . 2009-03-04 16:27 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\SUPERAntiSpyware.com
2009-03-04 05:04 . 2009-03-04 05:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-04 05:03 . 2009-03-04 05:03 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-04 05:03 . 2009-03-04 05:03 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-04 05:03 . 2009-03-04 05:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-03-03 21:51 . 2009-03-03 21:51 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-03 21:49 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 21:49 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-03 21:26 . 2009-03-03 21:30 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-03 21:22 . 2009-03-03 21:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-03-03 20:59 . 2009-03-03 21:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 20:59 . 2009-03-03 20:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-03 20:35 . 2009-03-03 20:35 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Viewpoint
2009-03-03 19:55 . 2009-03-03 19:55 <DIR> d-------- c:\program files\IObit
2009-03-03 19:55 . 2009-03-03 19:55 <DIR> d-------- c:\documents and settings\Owner\Application Data\IObit
2009-03-03 17:47 . 2009-03-03 20:15 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-03 17:47 . 2009-03-14 07:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-03 17:35 . 2006-01-18 21:22 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\WINDOWS
2009-03-03 17:35 . 2006-01-18 21:48 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\You've Got Pictures Screensaver
2009-03-03 17:35 . 2006-01-18 21:20 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\toshiba
2009-03-03 17:35 . 2006-02-06 17:33 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Intuit
2009-03-03 17:35 . 2006-07-03 16:43 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Intel
2009-03-03 17:35 . 2006-07-03 17:01 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\AOL
2009-03-03 17:35 . 2009-03-14 08:00 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER
2009-03-03 17:31 . 2009-03-03 17:31 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2009-03-03 17:31 . 2006-01-18 21:22 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2009-03-03 17:31 . 2009-03-03 17:31 <DIR> d-------- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 02:40 --------- d-----w c:\program files\Java
2009-03-14 14:09 --------- d-----w c:\program files\Common
2009-03-14 13:15 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-14 13:13 --------- d-----w c:\program files\TOSHIBA
2009-03-14 13:11 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-14 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-14 13:06 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-14 13:00 --------- d-----w c:\program files\Common Files\AOL
2009-03-14 12:58 --------- d-----w c:\documents and settings\Owner\Application Data\AOL
2009-03-05 13:15 --------- d-----w c:\program files\Symantec
2009-02-27 00:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 23:35 --------- d-----w c:\program files\Lx_cats
2006-09-19 03:29 490 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-16_19.44.35.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-17 02:52:36 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-05 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-16 148888]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-05 05:58 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-05 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-05 107272]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-05 298264]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles/dreamweb.1.0.0.6.cab
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/SpinTopGamesLauncher.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://legacy.aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-lotus-deluxe/zylomplayer.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 19:58:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-16 19:59:47
ComboFix-quarantined-files.txt 2009-03-17 02:59:45
ComboFix2.txt 2009-03-17 02:45:50
ComboFix3.txt 2009-03-14 14:25:33

Pre-Run: 85,774,032,896 bytes free
Post-Run: 85,756,477,440 bytes free

151 --- E O F --- 2008-12-22 01:04:59

Edited by bomber1712, 19 March 2009 - 03:35 PM.


#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:44 PM

Posted 20 March 2009 - 10:36 AM

Hi

Delete old copy of ComboFix.exe and then please follow instructions below:


1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh dds log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:08:44 AM

Posted 20 March 2009 - 10:47 AM

Thank you so much for staying with me. I was a little worried that since I had been a dumb #$%, you would cut me loose. I will run Combo when I get home tonight, and post the new log. And, just to reiterate, I will not do anything else without your specific instructions going forward.

I read your warning at the end of the post, and I understand. Do you see evidence of irreparable damage to the system in the logs I have posted so far?

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:44 PM

Posted 20 March 2009 - 11:10 AM

Hi

No, there doesn't seem to be anything irreparable there :thumbup2: Shall wait for the logs.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:08:44 AM

Posted 20 March 2009 - 05:53 PM

Well, I tried to run Combofix, again. It went just like the last time. It runs all the way through, and produces a log (attached). After I save close the log, my computer "hangs" with just a "splash" screen (this particular system is a Toshiba Satellite, so the splash is a funky screen with "Satellite" in the upper right).

I tried the ctrl+alt+del. There are many (31) processes running, but none of the ones you listed in the last post. If you want a list, I can create one for you. I have not done anything with the computer and I will leave it as is until I hear from you. Since I am stuck, I cannot run DDS and post that log, yet.

Anxiously awaiting your reply.

Here is the log Combo created:

ComboFix 09-03-19.01 - Owner 2009-03-20 17:19:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.180 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-16 21:40 . 2009-03-16 21:40 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-16 21:40 . 2009-03-16 21:40 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-14 12:16 . 2009-03-14 12:16 <DIR> d-------- C:\gmer
2009-03-14 07:59 . 2009-03-14 08:00 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-05 21:27 . 2009-03-05 21:27 <DIR> d-------- c:\program files\Trend Micro
2009-03-05 08:06 . 2009-03-05 16:16 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-05 07:58 . 2009-03-05 07:58 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-05 07:58 . 2009-03-05 07:58 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-05 07:58 . 2009-03-05 07:58 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-05 07:57 . 2009-03-18 21:26 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-05 07:57 . 2009-03-05 20:25 <DIR> d-------- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-03-05 07:56 . 2009-03-05 07:56 <DIR> d-------- c:\program files\AVG
2009-03-05 07:56 . 2009-03-05 08:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-05 07:02 . 2009-03-05 07:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-03-04 22:49 . 2009-03-04 22:50 <DIR> d-------- c:\windows\ERUNT
2009-03-04 22:36 . 2009-03-04 22:36 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Malwarebytes
2009-03-04 18:27 . 2009-03-04 18:27 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\SUPERAntiSpyware.com
2009-03-04 07:04 . 2009-03-04 07:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-04 07:03 . 2009-03-04 07:03 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-04 07:03 . 2009-03-04 07:03 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-04 07:03 . 2009-03-04 07:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-03-03 23:51 . 2009-03-03 23:51 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-03 23:49 . 2009-02-11 13:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 23:49 . 2009-02-11 13:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-03 23:22 . 2009-03-03 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-03-03 22:59 . 2009-03-03 23:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 22:59 . 2009-03-03 22:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-03 22:35 . 2009-03-03 22:35 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Viewpoint
2009-03-03 21:55 . 2009-03-03 21:55 <DIR> d-------- c:\program files\IObit
2009-03-03 21:55 . 2009-03-03 21:55 <DIR> d-------- c:\documents and settings\Owner\Application Data\IObit
2009-03-03 19:47 . 2009-03-18 20:44 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-03 19:47 . 2009-03-18 20:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-03 19:35 . 2006-01-18 23:22 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\WINDOWS
2009-03-03 19:35 . 2006-01-18 23:48 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\You've Got Pictures Screensaver
2009-03-03 19:35 . 2006-01-18 23:20 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\toshiba
2009-03-03 19:35 . 2006-02-06 19:33 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Intuit
2009-03-03 19:35 . 2006-07-03 18:43 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Intel
2009-03-03 19:35 . 2006-07-03 19:01 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\AOL
2009-03-03 19:35 . 2009-03-14 10:00 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER
2009-03-03 19:31 . 2009-03-03 19:31 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2009-03-03 19:31 . 2006-01-18 23:22 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2009-03-03 19:31 . 2009-03-03 19:31 <DIR> d-------- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 02:40 --------- d-----w c:\program files\Java
2009-03-14 14:09 --------- d-----w c:\program files\Common
2009-03-14 13:15 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-14 13:13 --------- d-----w c:\program files\TOSHIBA
2009-03-14 13:11 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-14 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-14 13:06 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-14 13:00 --------- d-----w c:\program files\Common Files\AOL
2009-03-14 12:58 --------- d-----w c:\documents and settings\Owner\Application Data\AOL
2009-03-05 13:15 --------- d-----w c:\program files\Symantec
2009-02-27 00:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 23:35 --------- d-----w c:\program files\Lx_cats
2006-09-19 03:29 490 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-05 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-16 148888]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 14:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-05 07:58 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-05 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-05 107272]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-05 298264]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-03-03 38496]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles/dreamweb.1.0.0.6.cab
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/SpinTopGamesLauncher.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://legacy.aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-lotus-deluxe/zylomplayer.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 17:20:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-20 17:22:30
ComboFix-quarantined-files.txt 2009-03-20 22:22:24

Pre-Run: 87,683,751,936 bytes free
Post-Run: 87,666,642,944 bytes free

137 --- E O F --- 2008-12-22 01:04:59

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:44 PM

Posted 21 March 2009 - 04:36 AM

Hi

Please reboot to get a fresh dds log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:08:44 AM

Posted 21 March 2009 - 08:58 AM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 8:44:10.87 on Sat 03/21/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.189 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.15.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} - hxxp://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151970597987
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles/dreamweb.1.0.0.6.cab
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/SpinTopGamesLauncher.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://legacy.aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-lotus-deluxe/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} - hxxp://aolsvc.aol.com/onlinegames/free-trial-sweetopia/Sweetopia.1.0.0.22.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-5 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-5 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-5 107272]
R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-5 298264]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-7-3 1251720]
R3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-3 38496]

=============== Created Last 30 ================

2009-03-20 17:18 161,792 a------- c:\windows\SWREG.exe
2009-03-20 17:18 98,816 a------- c:\windows\sed.exe
2009-03-16 21:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-16 21:40 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-14 12:16 <DIR> --d----- C:\gmer
2009-03-14 09:18 <DIR> a-dshr-- C:\cmdcons
2009-03-14 08:02 <DIR> --d----- c:\windows\pss
2009-03-14 07:59 <DIR> --d----- c:\windows\SxsCaPendDel
2009-03-05 21:27 <DIR> --d----- c:\program files\Trend Micro
2009-03-05 08:06 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-05 07:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-05 07:58 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-05 07:58 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-05 07:57 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-05 07:57 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2009-03-05 07:56 <DIR> --d----- c:\program files\AVG
2009-03-05 07:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-04 22:49 <DIR> --d----- c:\windows\ERUNT
2009-03-04 07:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-04 07:03 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-04 07:03 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-03-04 07:03 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-03 23:51 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-03 23:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-03 23:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 22:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 22:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-03 21:55 <DIR> --d----- c:\docume~1\owner\applic~1\IObit
2009-03-03 21:55 <DIR> --d----- c:\program files\IObit
2009-03-03 19:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-03 19:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2006-09-18 22:29 490 a------- c:\docume~1\owner\applic~1\wklnhst.dat

============= FINISH: 8:44:47.26 ===============

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:44 PM

Posted 21 March 2009 - 10:00 AM

Hi

Please use this tool to remove leftovers of Symantec.

Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!


Open notepad and copy/paste the text in the quotebox below into it:

DDS::
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - 
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows (this one included). Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) CleanerŠ by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:08:44 AM

Posted 21 March 2009 - 12:20 PM

Just FYI, I still get no graphics when online.....

Online Scanner Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, March 21, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, March 21, 2009 16:40:48
Records in database: 1945614
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 53188
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:01:31


File name / Threat name / Threats count
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.


ComboFix Log:

ComboFix 09-03-19.02 - Owner 2009-03-21 10:28:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.252 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))
.

2009-03-21 10:22 . 2009-03-21 10:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-16 21:40 . 2009-03-16 21:40 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-16 21:40 . 2009-03-16 21:40 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-14 12:16 . 2009-03-14 12:16 <DIR> d-------- C:\gmer
2009-03-14 07:59 . 2009-03-14 08:00 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-05 21:27 . 2009-03-05 21:27 <DIR> d-------- c:\program files\Trend Micro
2009-03-05 08:06 . 2009-03-05 16:16 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-05 07:58 . 2009-03-05 07:58 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-05 07:58 . 2009-03-05 07:58 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-05 07:58 . 2009-03-05 07:58 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-05 07:57 . 2009-03-21 08:49 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-05 07:57 . 2009-03-05 20:25 <DIR> d-------- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-03-05 07:56 . 2009-03-05 07:56 <DIR> d-------- c:\program files\AVG
2009-03-05 07:56 . 2009-03-05 08:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-05 07:02 . 2009-03-05 07:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-03-04 22:49 . 2009-03-04 22:50 <DIR> d-------- c:\windows\ERUNT
2009-03-04 22:36 . 2009-03-04 22:36 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Malwarebytes
2009-03-04 18:27 . 2009-03-04 18:27 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\SUPERAntiSpyware.com
2009-03-04 07:04 . 2009-03-04 07:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-04 07:03 . 2009-03-04 07:03 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-04 07:03 . 2009-03-04 07:03 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-04 07:03 . 2009-03-04 07:03 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-03-03 23:51 . 2009-03-03 23:51 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-03 23:49 . 2009-02-11 13:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 23:49 . 2009-02-11 13:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-03 23:22 . 2009-03-03 23:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-03-03 22:59 . 2009-03-03 23:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 22:59 . 2009-03-03 22:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-03 22:35 . 2009-03-03 22:35 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Viewpoint
2009-03-03 21:55 . 2009-03-03 21:55 <DIR> d-------- c:\program files\IObit
2009-03-03 21:55 . 2009-03-03 21:55 <DIR> d-------- c:\documents and settings\Owner\Application Data\IObit
2009-03-03 19:47 . 2009-03-18 20:44 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-03 19:47 . 2009-03-18 20:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-03 19:35 . 2006-01-18 23:22 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\WINDOWS
2009-03-03 19:35 . 2006-01-18 23:48 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\You've Got Pictures Screensaver
2009-03-03 19:35 . 2006-01-18 23:20 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\toshiba
2009-03-03 19:35 . 2006-02-06 19:33 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Intuit
2009-03-03 19:35 . 2006-07-03 18:43 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\Intel
2009-03-03 19:35 . 2006-07-03 19:01 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER\Application Data\AOL
2009-03-03 19:35 . 2009-03-14 10:00 <DIR> d-------- c:\documents and settings\Administrator.TOSHIBA-USER
2009-03-03 19:31 . 2009-03-03 19:31 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
2009-03-03 19:31 . 2006-01-18 23:22 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2009-03-03 19:31 . 2009-03-03 19:31 <DIR> d-------- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 15:22 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-17 02:40 --------- d-----w c:\program files\Java
2009-03-14 14:09 --------- d-----w c:\program files\Common
2009-03-14 13:15 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-14 13:13 --------- d-----w c:\program files\TOSHIBA
2009-03-14 13:06 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-14 13:00 --------- d-----w c:\program files\Common Files\AOL
2009-03-14 12:58 --------- d-----w c:\documents and settings\Owner\Application Data\AOL
2009-02-27 00:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 23:35 --------- d-----w c:\program files\Lx_cats
2006-09-19 03:29 490 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-20_17.21.19.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-20 22:15:57 16,384 ----atw c:\windows\temp\Perflib_Perfdata_13c.dat
+ 2009-03-21 13:39:34 16,384 ----atw c:\windows\temp\Perflib_Perfdata_13c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-05 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-16 148888]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 14:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-05 07:58 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-05 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-05 107272]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-05 298264]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles/dreamweb.1.0.0.6.cab
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/SpinTopGamesLauncher.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://legacy.aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-lotus-deluxe/zylomplayer.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 10:29:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-21 10:31:09
ComboFix-quarantined-files.txt 2009-03-21 15:31:08
ComboFix2.txt 2009-03-20 22:22:31

Pre-Run: 87,644,160,000 bytes free
Post-Run: 87,655,673,856 bytes free

137 --- E O F --- 2008-12-22 01:04:59


DDS Log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 12:15:51.95 on Sat 03/21/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.15.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} - hxxp://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151970597987
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dream-chronicles/dreamweb.1.0.0.6.cab
DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-solitaire-secret-island/SpinTopGamesLauncher.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://legacy.aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} - hxxp://aolsvc.aol.com/onlinegames/free-trial-diner-dash-flo-on-the-go/ddfotg.1.0.0.33.cab
DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} - hxxp://download.games.yahoo.com/games/web_games/sony/bewitched/main.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-lotus-deluxe/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} - hxxp://aolsvc.aol.com/onlinegames/free-trial-sweetopia/Sweetopia.1.0.0.22.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-21 10:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-03-20 17:18 161,792 a------- c:\windows\SWREG.exe
2009-03-20 17:18 98,816 a------- c:\windows\sed.exe
2009-03-16 21:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-16 21:40 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-14 12:16 <DIR> --d----- C:\gmer
2009-03-14 09:18 <DIR> a-dshr-- C:\cmdcons
2009-03-14 08:02 <DIR> --d----- c:\windows\pss
2009-03-14 07:59 <DIR> --d----- c:\windows\SxsCaPendDel
2009-03-05 21:27 <DIR> --d----- c:\program files\Trend Micro
2009-03-05 08:06 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-05 07:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-05 07:58 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-05 07:58 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-05 07:57 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-05 07:57 <DIR> --d----- c:\docume~1\owner\applic~1\AVGTOOLBAR
2009-03-05 07:56 <DIR> --d----- c:\program files\AVG
2009-03-05 07:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-04 22:49 <DIR> --d----- c:\windows\ERUNT
2009-03-04 07:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-04 07:03 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-04 07:03 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-03-04 07:03 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-03-03 23:51 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-03-03 23:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-03 23:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 22:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 22:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-03 21:55 <DIR> --d----- c:\docume~1\owner\applic~1\IObit
2009-03-03 21:55 <DIR> --d----- c:\program files\IObit
2009-03-03 19:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-03 19:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2006-09-18 22:29 490 a------- c:\docume~1\owner\applic~1\wklnhst.dat

============= FINISH: 12:16:47.98 ===============

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:44 PM

Posted 21 March 2009 - 01:18 PM

Hi

Delete C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe file.

Just FYI, I still get no graphics when online.....

Please see Microsoft article here.

Let me know how it goes.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 bomber1712

bomber1712
  • Topic Starter

  • Members
  • 464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wisconsin, USA
  • Local time:08:44 AM

Posted 21 March 2009 - 01:40 PM

OK, I deleted the file. I also followed the instructions in the link you provided, and YAY! I see graphics, again! I ran MBAM and AVG with clean results! I also ran SAS.... found 1 item. Log is below.

3 issues that I have left:

1. I cannot turn on Automatic Updates
2. The clock is on"24 hour" mode, ever since Combofix got stuck
3. What do I do with ComboFix, DDS, and this other one that I found and used, SmitFraudFix?


SAS Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/21/2009 at 03:41 PM

Application Version : 4.25.1014

Core Rules Database Version : 3808
Trace Rules Database Version: 1763

Scan type : Complete Scan
Total Scan Time : 01:28:58

Memory items scanned : 401
Memory threats detected : 0
Registry items scanned : 5385
Registry threats detected : 0
File items scanned : 54081
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt

Trace.Known Threat Sources
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CJEWUKZP\virusremover2009[1].jpg

Edited by bomber1712, 21 March 2009 - 05:12 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users