Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Results Redirected [ googleads.g.doubleclick.net ]


  • This topic is locked This topic is locked
30 replies to this topic

#1 ovechkin

ovechkin

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 09 March 2009 - 03:44 AM

All Too Familiar

GOOGLE SEARCH RESULTS REDIRECTING TO THIRD PARTY SITES.


HIJACK THIS LOG FOLLOWS

Logfile of random's system information tool 1.05 (written by random/random)
Run by [redacted] at 2009-03-09 01:43:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (3%) free of 110 GB
Total RAM: 2046 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:20 AM, on 3/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32ibmpmsvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.Exe
C:WINDOWSsystem32TpShocks.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:PROGRA~1THINKV~2PrdCtrLPMGR.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:Program FilesCommon FilesLenovoSchedulerscheduler_proxy.exe
C:Program FilesLenovoSafeGuard PrivateDiskpdservice.exe
C:Program FilesLenovoClient Security Solutioncssauth.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe
C:PROGRA~1LenovoPkgMgrHOTKEYTPHKMGR.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesATI TechnologiesATI.ACECLI.EXE
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesLenovoAwayTaskAwaySch.EXE
C:Program FilesLenovoPkgMgrHOTKEYTPONSCR.exe
C:Program FilesLenovoPkgMgrHOTKEY_1TpScrex.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesDigital Line DetectDLG.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:WINDOWSsystem32IPSSVC.EXE
C:WINDOWSsystem32acs.exe
C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe
C:WINDOWSSystem32TPHDEXLG.EXE
C:WINDOWSsystem32TpKmpSVC.exe
C:Program FilesLenovoRescue and Recoveryrrservice.exe
C:Program FilesCommon FilesLenovoSchedulertvtsched.exe
C:Program FilesLenovoRescue and RecoveryADMIUService.exe
C:Program FilesCommon FilesLenovoLoggerlogmon.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
C:Documents and SettingsRish MeisterLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesUTorrentutorrent.exe
C:Program FilesYahoo!MessengerYahooMessenger.exe
C:Program FilesHPDigital Imagingbinhpqste08.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesHPDigital Imagingbinhpqbam08.exe
C:Program FilesHPDigital Imagingbinhpqgpc01.exe
C:Documents and SettingsRish MeisterLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe
C:Program FilesTechSmithSnagIt 8SnagIt32.exe
C:Program FilesTechSmithSnagIt 8TSCHelp.exe
C:Program FilesTechSmithSnagIt 8SnagPriv.exe
C:Documents and SettingsRish MeisterDesktopRSITRSIT.exe
C:Program Filestrend microRish Meister.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O4 - HKLM..Run: [EZEJMNAP] C:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.Exe
O4 - HKLM..Run: [TPKMAPHELPER] C:Program FilesThinkPadUtilitiesTpKmapAp.exe -helper
O4 - HKLM..Run: [TpShocks] TpShocks.exe
O4 - HKLM..Run: [TP4EX] tp4ex.exe
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe"
O4 - HKLM..Run: [LPManager] C:PROGRA~1THINKV~2PrdCtrLPMGR.exe
O4 - HKLM..Run: [DLA] C:WINDOWSSystem32DLADLACTRLW.EXE
O4 - HKLM..Run: [TVT Scheduler Proxy] C:Program FilesCommon FilesLenovoSchedulerscheduler_proxy.exe
O4 - HKLM..Run: [PDService.exe] "C:Program FilesLenovoSafeGuard PrivateDiskpdservice.exe"
O4 - HKLM..Run: [cssauth] "C:Program FilesLenovoClient Security Solutioncssauth.exe" silent
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [LogitechCommunicationsManager] "C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe"
O4 - HKLM..Run: [TPHOTKEY] C:PROGRA~1LenovoPkgMgrHOTKEYTPHKMGR.exe
O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe"
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [AwaySch] C:Program FilesLenovoAwayTaskAwaySch.EXE
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:Program FilesKaspersky LabKaspersky Internet Security 2009ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:Program FilesThinkPadBluetooth Softwarebtsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:Program FilesLenovoClient Security Solutiontvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:Program FilesLenovoClient Security Solutiontvtpwm_ie_com.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Internet Security 2009SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dice.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn.xenoport.com/dana-cached/setup/...perSetupSP1.cab
O20 - AppInit_DLLs: C:PROGRA~1KASPER~2KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~2KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~2KASPER~1adialhk.dll,C:PROGRA~1KASPER~2KASPER~1kloehk.dll
O20 - Winlogon Notify: AwayNotify - C:Program FilesLenovoAwayTaskAwayNotify.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:WINDOWSsystem32acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:WINDOWSsystem32ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:WINDOWSsystem32IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:WINDOWSsystem32PsaSrv.exe (file missing)
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:WINDOWSSystem32TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:WINDOWSsystem32TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:Program FilesLenovoClient Security Solutiontvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:Program FilesLenovoRescue and Recoveryrrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:Program FilesCommon FilesLenovoSchedulertvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:Program FilesLenovoRescue and RecoveryADMIUService.exe

--
End of file - 11333 bytes

======Scheduled tasks folder======

C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-3857646467-3729263414-1636550412-1005.job
C:WINDOWStasksUniblue SpeedUpMyPC Nag.job
C:WINDOWStasksUniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:Program FilesKaspersky LabKaspersky Internet Security 2009ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:Program FilesJavajre6binssv.dll [2009-02-21 320920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:Program FilesJavajre6binjp2ssv.dll [2009-02-21 34816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-02-21 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:Program FilesTechSmithSnagIt 8SnagItIEAddin.dll [2007-05-01 161352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"EZEJMNAP"=C:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.Exe [2006-02-23 237568]
"TPKMAPHELPER"=C:Program FilesThinkPadUtilitiesTpKmapAp.exe [2006-06-02 856064]
"TpShocks"=C:WINDOWSsystem32TpShocks.exe [2006-03-15 106496]
"TP4EX"=C:WINDOWSsystem32tp4ex.exe [2005-10-17 65536]
"SoundMAXPnP"=C:Program FilesAnalog DevicesCoresmax4pnp.exe [2005-05-19 925696]
"ATICCC"=C:Program FilesATI TechnologiesATI.ACECLIStart.exe [2006-05-10 90112]
"LPManager"=C:PROGRA~1THINKV~2PrdCtrLPMGR.exe [2006-07-04 110592]
"DLA"=C:WINDOWSSystem32DLADLACTRLW.EXE [2006-02-02 122940]
"TVT Scheduler Proxy"=C:Program FilesCommon FilesLenovoSchedulerscheduler_proxy.exe [2008-03-04 487424]
"PDService.exe"=C:Program FilesLenovoSafeGuard PrivateDiskpdservice.exe [2006-03-13 41472]
"cssauth"=C:Program FilesLenovoClient Security Solutioncssauth.exe [2006-07-14 2341632]
"TkBellExe"=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-04-23 185896]
"LogitechCommunicationsManager"=C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe [2008-08-14 565008]
"TPHOTKEY"=C:PROGRA~1LenovoPkgMgrHOTKEYTPHKMGR.exe [2006-07-24 94208]
"AVP"=C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-02-24 206088]
"SynTPLpr"=C:Program FilesSynapticsSynTPSynTPLpr.exe [2006-02-13 110592]
"SynTPEnh"=C:Program FilesSynapticsSynTPSynTPEnh.exe [2006-02-13 512000]
"Google Desktop Search"=C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2008-11-14 29744]
"AwaySch"=C:Program FilesLenovoAwayTaskAwaySch.EXE [2006-08-16 69632]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"swg"=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-04-05 68856]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprega3jq3pz54jb8tlxsucfjim6wnthifcwdj98ehvm7jzfd9]
C:DOCUME~1RISHME~1LOCALS~1Tempqae0l3f.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprega3wczfhjwq7zwx1v46wd1gqy369yyxj5ugaq8qhjmkun3leh]
C:DOCUME~1RISHME~1LOCALS~1Tempdblijl0k8.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprega3zob4k4e72oc2xyjtuchk1y9tty6ynxrzqpee9og0q13wz]
C:DOCUME~1RISHME~1LOCALS~1Tempq2lqek.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprega7a3ikwd4nys34w7q5967zd3jizqu5ld736f]
C:DOCUME~1RISHME~1LOCALS~1Tempg85ahqaoq.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprega9ayhm11efj2w60r2f622kfzr]
C:DOCUME~1RISHME~1LOCALS~1Tempnp1oib.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregac64e3ep2s3qminjrfaw70vh6b002]
C:DOCUME~1RISHME~1LOCALS~1Tempajaoje7z2i3.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregaf5bnhs82zaicr5a57wurve4re]
C:DOCUME~1RISHME~1LOCALS~1Tempeykfqmimqwx6p.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregafu2vg3xx44mp13]
C:DOCUME~1RISHME~1LOCALS~1Tempjswb8w42.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregafvyy1vrip6deuiq76nykwmsk]
C:DOCUME~1RISHME~1LOCALS~1Tempm6zrvkmhvw.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregafzrgu66irsy09bhkq]
C:DOCUME~1RISHME~1LOCALS~1Tempz4x247ov7au.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregagb385sduc023szlbxsxed232px18sonfh5ww8qoilsul]
C:DOCUME~1RISHME~1LOCALS~1Tempbeuseq15lkys2.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregagyer1z9yx0ao8zpvgw857ud1kyq7]
C:DOCUME~1RISHME~1LOCALS~1Tempj2xcjszjwg47.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregahmo796i3sv2ee4]
C:DOCUME~1RISHME~1LOCALS~1Tempdt9khm1qugkwp.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregajh8dl69ni]
C:DOCUME~1RISHME~1LOCALS~1Tempxpttrumu3s34h.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregakievj8wha9]
C:DOCUME~1RISHME~1LOCALS~1Tempid1dx2vhkwe.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregalpepmfrngn]
C:DOCUME~1RISHME~1LOCALS~1Tempxq33ntd.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreganto363rri8bg5bvu3cmxlz1fvim8kow3s9w]
C:DOCUME~1RISHME~1LOCALS~1Tempng2oslq2go9j9.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregappba1pqttybtxu1o8pr5cc4qg7io98tozsqe5wvdja2]
C:DOCUME~1RISHME~1LOCALS~1Tempn8ieq155mi0p.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregarik19ulnmhdqoicovh3sbtyi52spqa777d7jy302ogr]
C:DOCUME~1RISHME~1LOCALS~1Tempiuxxq3gpwnct3.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregarrfs9s8upmpaizfpyeepv60pvk5qoqfh4cer42hn4e8uw]
C:DOCUME~1RISHME~1LOCALS~1Tempbx0wcgvkyf6g9.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregas9rgycub4jpbofm47gjha2dij3r]
C:DOCUME~1RISHME~1LOCALS~1Tempqbldho993.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregasg7dxsdm2t91jaqe7thcd]
C:DOCUME~1RISHME~1LOCALS~1Tempvdashkemt3oj5.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregauxkxp646vv]
C:DOCUME~1RISHME~1LOCALS~1Tempu8iep3g9xnb9o.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregaxssruixxmwi]
C:DOCUME~1RISHME~1LOCALS~1Tempmpebmx8yqq7.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregaxy6k5vfqwk9c18tzj6hdspscbcg9daab6r]
C:DOCUME~1RISHME~1LOCALS~1Tempas81kge72zans.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregayy0j6ol5azqnu3u6vpyzma454]
C:DOCUME~1RISHME~1LOCALS~1Temphs1ainkrpmx.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregazwqis47mgzzzpbjhlpoxbp27wxh]
C:DOCUME~1RISHME~1LOCALS~1Tempt7xquju1w5r.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregb381sh7sqfw4c1vek0swoe4lop30j7xwiebnl5uhq01ld]
C:DOCUME~1RISHME~1LOCALS~1Tempj6ovtagw8r.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregb5dl6tktxi16s7]
C:DOCUME~1RISHME~1LOCALS~1Tempkroy8prmk1.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregb5wq1rlm8br2ls6irbfec7yuq]
C:DOCUME~1RISHME~1LOCALS~1Temphi6m5ybuxoljx.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregb98bogwmlwwxu8z4tjn4d49rnjd6dkkrzhjd8wwp3y7hocfbc]
C:DOCUME~1RISHME~1LOCALS~1Tempoeoav2kcvc.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregbbtz3f6vfr8cyt9am]
C:DOCUME~1RISHME~1LOCALS~1Tempji0dn6r52dpec.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregbc8nrsq309p93g9zpkzi90deti3ffdsl3hd]
C:DOCUME~1RISHME~1LOCALS~1Tempyx0aspgmc.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregbdw0qu7edw7y6vxtrs]
C:DOCUME~1RISHME~1LOCALS~1Tempug8jydwd3fg.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregbejujwtob3vbfum65hv1i9skvjkarq32a]
C:DOCUME~1RISHME~1LOCALS~1Temprfd5v6hg8p66.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregbfqfbpl2n3x1dolxq]
C:DOCUME~1RISHME~1LOCALS~1Tempvkalr9.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregbjpotp1qlegs898oxvh5rf8l6tqsew0yjaf2ygo1u3oftef9]
C:DOCUME~1RISHME~1LOCALS~1Tempdty1833pp2p.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregbo8b8e3gkeglqzqsy5zml2o2whu93lktuqczslree]
C:DOCUME~1RISHME~1LOCALS~1Tempm22v1yab2o9.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregbphw5gitt832994ngo7gro0ok12sc]
C:DOCUME~1RISHME~1LOCALS~1Tempqhjthgdn6gg.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregbskykttqa2j2]
C:DOCUME~1RISHME~1LOCALS~1Temppf06xulid3ib0.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregbvf2pdb0ghlwa5mspi9llde896fb66r56lgmnslpia]
C:DOCUME~1RISHME~1LOCALS~1Tempbojysrzwe.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregbwmkzflnum1k0tspbs8efgc4sct26cg96un2wb8f9xop1]
C:DOCUME~1RISHME~1LOCALS~1Templn7gc1tii.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregc2kdprnry5hebjsfek8]
C:DOCUME~1RISHME~1LOCALS~1Templxr0sycy68d.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregc3qfx5dpqldt6o728uf4xi1pgwqnma9i3ci9inzsm1cy]
C:DOCUME~1RISHME~1LOCALS~1Tempav96pgxf11.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregc425u3temeq073rn0uc771dkpz2t4]
C:DOCUME~1RISHME~1LOCALS~1Tempwjb76m6rw5yt.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregc4rsums6mpjwkbh9i35ldx8y3o67ql014z]
C:DOCUME~1RISHME~1LOCALS~1Tempkw2il197.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregc80zc89e953hkw1f0h9xq8]
C:DOCUME~1RISHME~1LOCALS~1Tempmz4ndyt.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregc88gf50vu5j91xgrjemt516qna]
C:DOCUME~1RISHME~1LOCALS~1Temppk6pmcvmsjqs.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregc9lgci0lqqekw5e0uib6k5h92j]
C:DOCUME~1RISHME~1LOCALS~1Tempsuz6tqtw9z.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregca4gdayougc58m]
C:DOCUME~1RISHME~1LOCALS~1Tempd48upabti.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregcahy98kd4f807e2y6xsrb8]
C:DOCUME~1RISHME~1LOCALS~1Temptyq012r8h953.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregccq7h9wdkzw65tu8inm165w7w2qdurzrar]
C:DOCUME~1RISHME~1LOCALS~1Tempkau26fl1ef.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregcecrvlsevbh6kf5dkij5j12tmoxwnqpiy4xyqvn8n1671y]
C:DOCUME~1RISHME~1LOCALS~1Templvu5luwa9p.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregcgni06ktvdao3gae]
C:DOCUME~1RISHME~1LOCALS~1Tempcrncjxj7jj36q.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregcm74a8u3nd26wznha13wmx8e3tfmy60iwati2z]
C:DOCUME~1RISHME~1LOCALS~1Tempca9g3syz.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregcmxeht376kz1tr5h]
C:DOCUME~1RISHME~1LOCALS~1Tempbeoembifl71od.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregcmywcr042n5]
C:DOCUME~1RISHME~1LOCALS~1Tempn7d9fv.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregco87c40k2ik45x25y2fcl510h6vg]
C:DOCUME~1RISHME~1LOCALS~1Tempbmhlbswd.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregcpkc2m0cd1snznw8tbx6bsponjnmu80b0gp4]
C:DOCUME~1RISHME~1LOCALS~1Tempw6mjbtxjxpgs.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregcpu403ga3txep36yd255jav0qn5ldjmqcbupt8n75wc21c2k]
C:DOCUME~1RISHME~1LOCALS~1Tempnlgp20iv.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregct1yfkckkefbuchpqmp3e]
C:DOCUME~1RISHME~1LOCALS~1Tempbxuf2zt.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregd5tst8x5pn1kf26g]
C:DOCUME~1RISHME~1LOCALS~1Tempowreeb9jh2jh.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregd8zzirda92zayf3acxk25jadj99u2xpclajl7ooosdonpom]
C:DOCUME~1RISHME~1LOCALS~1Tempwzanmh.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregd9tkz9bazo3jbe4xu48zlgai0wf98o7y]
C:DOCUME~1RISHME~1LOCALS~1Tempto4wos2ap.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdancjyh1sr5fhwp24tlbpogq9xbih77n8dww8uwe]
C:DOCUME~1RISHME~1LOCALS~1Tempr4c38t8jz5t.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregddwforh0cm]
C:DOCUME~1RISHME~1LOCALS~1Tempnwly21w21p9.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdfq5y84cc]
C:DOCUME~1RISHME~1LOCALS~1Tempv82mgvbbcekm.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdi89m7zalm0wjn2tutst652cve0rs7ire4mqkzo4394]
C:DOCUME~1RISHME~1LOCALS~1Tempwcgw4r.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdk9ccpkvff4672vyce5u0mg]
C:DOCUME~1RISHME~1LOCALS~1Tempz482uqmftop84.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdkn3muvfv52kx5qf3ta8rp6d8]
C:DOCUME~1RISHME~1LOCALS~1Tempbc8n7r6klf.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdm3tpdrsetf5946u160rgj3xs8fgsxkd2wsk42ybgjoo4jww]
C:DOCUME~1RISHME~1LOCALS~1Tempv00osnsbcqfb8.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdpnknqp28]
C:DOCUME~1RISHME~1LOCALS~1Tempdje0s6k91.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdpy4rmx9obr8ek478wz3w0]
C:DOCUME~1RISHME~1LOCALS~1Tempjyxq4g8ej.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdr5l0qkbkes7lj226af]
C:DOCUME~1RISHME~1LOCALS~1Tempa8psi32cekww.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdrrxrtkhhu2jwttmhrjhm7zlrtic1rtfjticfpq6f04]
C:DOCUME~1RISHME~1LOCALS~1Tempd4bvza0xyt.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdv90wp29nlyo0axic3ah6qw]
C:DOCUME~1RISHME~1LOCALS~1Tempdagqbv9indg.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdveh78r0r1094kqn7oysoo]
C:DOCUME~1RISHME~1LOCALS~1Tempqr2ivyl.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregdxsv83esg69hrh0rcscflp3e6vma8pki82757qx]
C:DOCUME~1RISHME~1LOCALS~1Tempchfjfqu.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege05u0kdum1yd9l3tzrar2gm9mh6ypd7njadn17nid]
C:DOCUME~1RISHME~1LOCALS~1Tempirixvu.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege1klxd0r0rvsbqqpwv03m69k]
C:DOCUME~1RISHME~1LOCALS~1Tempmqpiepcezhaw.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege1tym6z8syfsw5ma]
C:DOCUME~1RISHME~1LOCALS~1Tempddkcu7odvmgxn.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege2698rx0dlq36fv5jk6snnff2c6dt1ljl865ko]
C:DOCUME~1RISHME~1LOCALS~1Tempcdlu6w3o9a.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege2zq7uzdkb5t46gl3kd62kyzvabcsnayip]
C:DOCUME~1RISHME~1LOCALS~1Tempatupzbqf9ayj0.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege3g0myaaoojtmdowwhhljao6d24x18ry]
C:DOCUME~1RISHME~1LOCALS~1Tempbff40pqpj.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege4g3rmd4ll7dptw0vjavdgnr]
C:DOCUME~1RISHME~1LOCALS~1Tempzoju7b92dulqj.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege55vcad9dyexgu7u1sa7e6wfceu0g1l30vf850f5bc]
C:DOCUME~1RISHME~1LOCALS~1Tempw4tqvyblrimcf.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege6bnxfdvoblh7vi57i]
C:DOCUME~1RISHME~1LOCALS~1Temptk3302unm64yb.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege6djm4qmg5v6vmryynfgvulnj3kwchvbc2ygr]
C:DOCUME~1RISHME~1LOCALS~1Tempcgqk0svvsqqb.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege7cs6s7ukd9i9b67m7ljc]
C:DOCUME~1RISHME~1LOCALS~1Tempjrl4gnh.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege8i41t8d97l7r539h31nxvwvk9eqs76z565g711dwl]
C:DOCUME~1RISHME~1LOCALS~1Tempnv0d66trvxnp.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartuprege9y68wln9q391sddd95yf2deg]
C:DOCUME~1RISHME~1LOCALS~1Temprfiwdzi1rl3.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreged8hdl4x9out6yh]
C:DOCUME~1RISHME~1LOCALS~1Tempf3jfz7v.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregeed9daclevt98sded3n3dd1vwpau]
C:DOCUME~1RISHME~1LOCALS~1Tempvtdlcpndhxo.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregefk4emyfmthzpiolcmtxt5dpc4js717hf7ed9z]
C:DOCUME~1RISHME~1LOCALS~1Tempuqcdmp.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregegh4wxy10f2kxjksbiwenm371i4ur32lpa0l6]
C:DOCUME~1RISHME~1LOCALS~1Tempr41kztaiu.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregeor07bq1qvsz43995nqns4rhp55itl7bbhh8d3r8fxsil7d]
C:DOCUME~1RISHME~1LOCALS~1Tempmuxvvedc99.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregerfy6ouizodxw6p72k]
C:DOCUME~1RISHME~1LOCALS~1Tempsjii69n.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregeuuxrbv04yvuxmivitvz8v1n391grkdw6sghs5fajjlou]
C:DOCUME~1RISHME~1LOCALS~1Tempc7yaay3k9f0l.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregevxzte9enmj9oef4efk]
C:DOCUME~1RISHME~1LOCALS~1Tempkpvjhmx72.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregey8b7vd45h45m9u3e56rb]
C:DOCUME~1RISHME~1LOCALS~1Tempaxrltxjl2zg0.exe []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:PROGRA~1AdobeACROBA~2.0ReaderREADER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:PROGRA~1ThinkPadBLUETO~1BTTray.exe [2006-05-31 622653]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:PROGRA~1HPDIGITA~1binhpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
"mnmsrvc"=3
"btwdins"=2
"ISSVC"=2
"Irmon"=2
"SUService"=2
"seclogon"=2
"lanmanserver"=2
"Diskeeper"=2
"CryptSvc"=3
"BITS"=3

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Digital Line Detect.lnk - C:Program FilesDigital Line DetectDLG.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLS"="C:PROGRA~1KASPER~2KASPER~1mzvkbd.dll,C:PROGRA~1KASPER~2KASPER~1mzvkbd3.dll,C:PROGRA~1KASPER~2KASPER~1adialhk.dll,C:PROGRA~1KASPER~2KASPER~1kloehk.dll"

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2006-09-12 86016]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAwayNotify]
C:Program FilesLenovoAwayTaskAwayNotify.dll [2006-08-16 49152]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon]
C:WINDOWSsystem32klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifypsfus]
C:WINDOWSsystem32psqlpwd.dll [2006-04-25 40448]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifytpfnf2]
C:WINDOWSsystem32notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifytphotkey]
C:WINDOWSsystem32tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesUTorrentutorrent.exe"="C:Program FilesUTorrentutorrent.exe:*:Enabled:µTorrent"
"C:Program FilesYahoo!MessengerYahooMessenger.exe"="C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:Program FilesYahoo!MessengerYServer.exe"="C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server"
"C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup FilesKaspersky Internet Security 7.0.1.325Englishsetup.exe"="C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup FilesKaspersky Internet Security 7.0.1.325Englishsetup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"C:Program FilesRealRealPlayerrealplay.exe"="C:Program FilesRealRealPlayerrealplay.exe:*:Enabled:RealPlayer"
"C:Program FilesGoogleGoogle Talkgoogletalk.exe"="C:Program FilesGoogleGoogle Talkgoogletalk.exe:*:Enabled:Google Talk"
"C:Program FilesTVUPlayerTVUPlayer.exe"="C:Program FilesTVUPlayerTVUPlayer.exe:*:Enabled:TVU Player Component"
"C:Documents and SettingsRish MeisterDesktopTvants.exe"="C:Documents and SettingsRish MeisterDesktopTvants.exe:*:Enabled:TVAnts"
"C:Program FilesSopcastadvSopAdver.exe"="C:Program FilesSopcastadvSopAdver.exe:*:Enabled:SopCast Adver"
"C:Program FilesSopcastSopCast.exe"="C:Program FilesSopcastSopCast.exe:*:Enabled:SopCast Main Application"
"C:Program FilesMozilla Firefoxfirefox.exe"="C:Program FilesMozilla Firefoxfirefox.exe:*:Enabled:Firefox"
"C:Program FilesHPDigital Imagingbinhpqtra08.exe"="C:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:Program FilesHPDigital Imagingbinhpqste08.exe"="C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe"
"C:Program FilesHPDigital Imagingbinhposid01.exe"="C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe"
"C:Program FilesHPDigital Imagingbinhpqkygrp.exe"="C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:Program FilesHPDigital Imagingbinhpiscnapp.exe"="C:Program FilesHPDigital Imagingbinhpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:Program FilesCommon FilesHPDigital ImagingbinhpqPhotoCrm.exe"="C:Program FilesCommon FilesHPDigital ImagingbinhpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:Program FilesHPDigital Imagingbinhpqpsapp.exe"="C:Program FilesHPDigital Imagingbinhpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:Program FilesHPDigital Imagingbinhpqpse.exe"="C:Program FilesHPDigital Imagingbinhpqpse.exe:*:Enabled:hpqpse.exe"
"C:Program FilesHPDigital Imagingbinhpqsudi.exe"="C:Program FilesHPDigital Imagingbinhpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:Program FilesHPDigital Imagingbinhpqgplgtupl.exe"="C:Program FilesHPDigital Imagingbinhpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:Program FilesHPDigital Imagingbinhpqgpc01.exe"="C:Program FilesHPDigital Imagingbinhpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:Program FilesInternet ExplorerIEXPLORE.EXE"="C:Program FilesInternet ExplorerIEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:Documents and SettingsRish MeisterLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.dll"="C:Documents and SettingsRish MeisterLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:Documents and SettingsRish MeisterLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe"="C:Documents and SettingsRish MeisterLocal SettingsApplication DataGoogleGoogle Talk Plugingoogletalkplugin.exe:*:Enabled:Google Talk Plugin"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesHPDigital Imagingbinhpqtra08.exe"="C:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:Program FilesHPDigital Imagingbinhpqste08.exe"="C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe"
"C:Program FilesHPDigital Imagingbinhposid01.exe"="C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe"
"C:Program FilesHPDigital Imagingbinhpqkygrp.exe"="C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:Program FilesHPDigital Imagingbinhpiscnapp.exe"="C:Program FilesHPDigital Imagingbinhpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:Program FilesCommon FilesHPDigital ImagingbinhpqPhotoCrm.exe"="C:Program FilesCommon FilesHPDigital ImagingbinhpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:Program FilesHPDigital Imagingbinhpqpsapp.exe"="C:Program FilesHPDigital Imagingbinhpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:Program FilesHPDigital Imagingbinhpqpse.exe"="C:Program FilesHPDigital Imagingbinhpqpse.exe:*:Enabled:hpqpse.exe"
"C:Program FilesHPDigital Imagingbinhpqsudi.exe"="C:Program FilesHPDigital Imagingbinhpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:Program FilesHPDigital Imagingbinhpqgplgtupl.exe"="C:Program FilesHPDigital Imagingbinhpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:Program FilesHPDigital Imagingbinhpqgpc01.exe"="C:Program FilesHPDigital Imagingbinhpqgpc01.exe:*:Enabled:hpqgpc01.exe"

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{199d9ce2-9500-11dd-9371-001641ae323a}]
shellAutoRuncommand - E:Launch.exe /run


======List of files/folders created in the last 3 months======

2009-03-08 02:06:32 ----A---- C:WINDOWSsystem32MRT.exe
2009-02-26 04:00:38 ----HDC---- C:WINDOWS$NtUninstallKB967715$
2009-02-24 12:41:34 ----D---- C:Program FilesKaspersky Lab
2009-02-24 12:41:34 ----D---- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2009-02-24 12:08:19 ----D---- C:Program FilesKaspersky
2009-02-21 11:43:56 ----A---- C:WINDOWSsystem32deploytk.dll
2009-02-15 11:01:11 ----ASH---- C:WINDOWSsystem32Ppstvyay.ini2
2009-02-15 11:01:11 ----ASH---- C:WINDOWSsystem32Ppstvyay.ini
2009-02-14 13:55:23 ----ASH---- C:WINDOWSsystem32AGfhknpo.ini2
2009-02-14 13:55:23 ----ASH---- C:WINDOWSsystem32AGfhknpo.ini
2009-02-11 01:27:38 ----HDC---- C:WINDOWS$NtUninstallKB960715$
2009-02-05 14:37:05 ----D---- C:Program FilesSongbeat
2009-02-02 20:37:10 ----D---- C:Documents and SettingsRish MeisterApplication DataCOWON
2009-02-02 20:34:40 ----D---- C:Program FilesCommon FilesCOWON
2009-02-02 20:33:18 ----D---- C:Documents and SettingsRish MeisterApplication DataInstallShield
2009-02-02 20:30:55 ----D---- C:Program FilesJetAudio
2009-01-30 13:50:08 ----D---- C:Documents and SettingsRish MeisterApplication DataHelp
2009-01-28 04:20:31 ----HDC---- C:WINDOWS$NtUninstallKB954211$
2009-01-27 14:05:59 ----D---- C:ComboFix
2009-01-27 14:05:59 ----A---- C:WINDOWSsystem32CF25841.exe
2009-01-27 12:25:12 ----SHD---- C:RECYCLER
2009-01-27 12:23:51 ----A---- C:ComboFix.txt
2009-01-27 11:03:22 ----HDC---- C:WINDOWS$NtUninstallKB951376-v2$
2009-01-27 11:03:13 ----HDC---- C:WINDOWS$NtUninstallKB952954$
2009-01-27 11:03:06 ----HDC---- C:WINDOWS$NtUninstallKB946648$
2009-01-27 11:02:59 ----HDC---- C:WINDOWS$NtUninstallKB956803$
2009-01-27 11:02:48 ----HDC---- C:WINDOWS$NtUninstallKB955839$
2009-01-27 11:02:40 ----HDC---- C:WINDOWS$NtUninstallKB956391$
2009-01-27 11:02:27 ----HDC---- C:WINDOWS$NtUninstallKB958215$
2009-01-27 11:02:11 ----HDC---- C:WINDOWS$NtUninstallKB950974$
2009-01-27 11:02:04 ----HDC---- C:WINDOWS$NtUninstallKB951698$
2009-01-27 11:01:49 ----HDC---- C:WINDOWS$NtUninstallKB956841$
2009-01-27 11:01:38 ----HDC---- C:WINDOWS$NtUninstallKB960714$
2009-01-27 11:01:23 ----HDC---- C:WINDOWS$NtUninstallKB925720$
2009-01-27 11:01:12 ----HDC---- C:WINDOWS$NtUninstallKB952069_WM9$
2009-01-27 11:00:47 ----HDC---- C:WINDOWS$NtUninstallKB950762$
2009-01-27 11:00:37 ----HDC---- C:WINDOWS$NtUninstallKB957097$
2009-01-27 11:00:30 ----HDC---- C:WINDOWS$NtUninstallKB958687$
2009-01-27 11:00:21 ----HDC---- C:WINDOWS$NtUninstallKB952287$
2009-01-27 11:00:14 ----HDC---- C:WINDOWS$NtUninstallKB929399$
2009-01-27 10:59:54 ----HDC---- C:WINDOWS$NtUninstallKB939683$
2009-01-27 10:59:36 ----HDC---- C:WINDOWS$NtUninstallKB951066$
2009-01-27 10:59:29 ----HDC---- C:WINDOWS$NtUninstallKB960763$
2009-01-27 10:59:20 ----HDC---- C:WINDOWS$NtUninstallKB951748$
2009-01-27 10:59:12 ----HDC---- C:WINDOWS$NtUninstallKB938464$
2009-01-27 10:59:05 ----HDC---- C:WINDOWS$NtUninstallKB954600$
2009-01-27 10:58:54 ----HDC---- C:WINDOWS$NtUninstallKB958644$
2009-01-27 10:58:40 ----HDC---- C:WINDOWS$NtUninstallKB955069$
2009-01-27 10:58:33 ----HDC---- C:WINDOWS$NtUninstallKB956802$
2009-01-27 10:58:12 ----HDC---- C:WINDOWS$NtUninstallKB954154_WM11$
2009-01-27 10:57:58 ----HDC---- C:WINDOWS$NtUninstallKB936782_WMP11$
2009-01-26 21:19:26 ----D---- C:WINDOWSsystem32CatRoot_bak
2009-01-25 21:14:46 ----A---- C:WINDOWSgmer.ini
2009-01-25 21:14:44 ----A---- C:WINDOWSgmer_uninstall.cmd
2009-01-25 21:14:44 ----A---- C:WINDOWSgmer.exe
2009-01-25 21:14:44 ----A---- C:WINDOWSgmer.dll
2009-01-25 21:10:05 ----D---- C:rsit
2009-01-25 21:10:05 ----D---- C:Program Filestrend micro
2009-01-25 20:18:27 ----D---- C:Documents and SettingsRish MeisterApplication DataMalwarebytes
2009-01-25 20:18:19 ----D---- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-01-25 20:18:18 ----D---- C:Program FilesMalwarebytes' Anti-Malware
2009-01-22 04:13:31 ----D---- C:Program FilesMicrosoft Silverlight
2009-01-22 03:06:57 ----D---- C:Program FilesCommon FilesLogitech
2009-01-20 18:22:15 ----A---- C:WINDOWSsystem32lvci11801048.dll
2009-01-20 18:17:27 ----D---- C:Documents and SettingsAll UsersApplication DataLogishrd
2009-01-20 18:17:23 ----D---- C:Documents and SettingsAll UsersApplication DataLogitech
2009-01-20 18:14:52 ----D---- C:Program FilesLogitech
2009-01-20 17:38:18 ----A---- C:WINDOWSCD_Start.INI
2009-01-16 12:45:04 ----D---- C:WINDOWStemp
2009-01-13 22:55:14 ----A---- C:Boot.bak
2009-01-13 22:55:10 ----RASHD---- C:cmdcons
2009-01-13 22:53:56 ----D---- C:WINDOWSERDNT
2009-01-13 17:56:10 ----A---- C:WINDOWSsystem32fbe31c73-.txt
2009-01-11 20:23:13 ----D---- C:Documents and SettingsAll UsersApplication DataWEBREG
2009-01-11 20:20:38 ----D---- C:Documents and SettingsAll UsersApplication DataHewlett-Packard
2009-01-11 20:20:22 ----RA---- C:WINDOWSsystem32hpzids01.dll
2009-01-11 20:20:20 ----A---- C:WINDOWSsystem32hpz3l5mu.dll
2009-01-11 20:19:45 ----RA---- C:WINDOWSsystem32hppldcoi.dll
2009-01-11 20:19:45 ----RA---- C:WINDOWSsystem32hpovst15.dll
2009-01-11 20:19:45 ----RA---- C:WINDOWSsystem32hpotscl6.dll
2009-01-11 20:19:45 ----RA---- C:WINDOWSsystem32difxapi.dll
2009-01-10 02:59:46 ----D---- C:Documents and SettingsRish MeisterApplication DataHP
2009-01-10 01:45:05 ----D---- C:Documents and SettingsRish MeisterApplication DataHPAppData
2009-01-10 01:10:58 ----D---- C:Documents and SettingsAll UsersApplication DataHP Product Assistant
2009-01-10 01:10:58 ----D---- C:Documents and SettingsAll UsersApplication DataHP
2009-01-10 01:10:36 ----D---- C:Program FilesCommon FilesHP
2009-01-10 01:10:35 ----D---- C:Program FilesHewlett-Packard
2009-01-10 01:10:31 ----D---- C:Program FilesCommon FilesHewlett-Packard
2009-01-10 00:52:09 ----DC---- C:WINDOWSsystem32DRVSTORE
2009-01-10 00:51:22 ----HD---- C:Config.Msi
2009-01-10 00:44:07 ----D---- C:Program FilesHP
2008-12-22 13:17:16 ----D---- C:Program FilesDVDFab 5
2008-12-22 13:16:00 ----D---- C:Program FilesDVDFab
2008-12-22 13:13:27 ----D---- C:Documents and SettingsRish MeisterApplication DataRipIt4Me
2008-12-20 15:12:15 ----D---- C:mynetflixrips
2008-12-15 21:35:28 ----D---- C:Alps
2008-12-10 02:37:31 ----A---- C:WINDOWSsystem32WNASPI32.DLL
2008-12-10 02:37:30 ----A---- C:temp.txt
2008-12-10 02:37:15 ----D---- C:Program FilesXilisoft

======List of files/folders modified in the last 3 months======

2009-03-09 01:43:07 ----D---- C:Documents and SettingsRish MeisterApplication DatauTorrent
2009-03-09 00:30:01 ----D---- C:WINDOWSPrefetch
2009-03-08 20:12:48 ----D---- C:Program FilesMozilla Firefox
2009-03-08 16:03:28 ----HD---- C:WINDOWSinf
2009-03-08 16:03:27 ----D---- C:WINDOWSsystem32CatRoot2
2009-03-08 02:06:52 ----D---- C:WINDOWSDebug
2009-03-08 02:06:37 ----D---- C:SWSHARE
2009-03-08 02:06:36 ----AD---- C:WINDOWS
2009-03-08 02:06:32 ----AD---- C:WINDOWSsystem32
2009-03-08 02:05:34 ----A---- C:WINDOWSsystem32PROCDB.INI
2009-03-08 02:04:12 ----A---- C:Documents and SettingsAll UsersApplication Datatvt_userinfo.ini
2009-03-07 22:22:47 ----A---- C:WINDOWSSchedLgU.Txt
2009-03-05 21:05:31 ----SHD---- C:WINDOWSCSC
2009-03-01 01:35:43 ----SHD---- C:System Volume Information
2009-02-27 00:14:41 ----D---- C:WINDOWSsystem32CatRoot
2009-02-26 19:19:03 ----RASH---- C:boot.ini
2009-02-26 19:19:03 ----A---- C:WINDOWSwin.ini
2009-02-26 19:19:03 ----A---- C:WINDOWSsystem.ini
2009-02-26 19:18:53 ----D---- C:WINDOWSpss
2009-02-26 04:00:41 ----ASHD---- C:WINDOWSsystem32dllcache
2009-02-25 18:22:08 ----D---- C:WINDOWSsystem32Restore
2009-02-25 08:34:51 ----HD---- C:WINDOWS$hf_mig$
2009-02-24 12:56:30 ----D---- C:WINDOWSsystem32drivers
2009-02-24 12:42:18 ----SHD---- C:WINDOWSInstaller
2009-02-24 12:41:34 ----RD---- C:Program Files
2009-02-24 12:38:45 ----D---- C:Documents and SettingsAll UsersApplication DataKaspersky Lab Setup Files
2009-02-21 11:43:46 ----A---- C:WINDOWSsystem32javaws.exe
2009-02-21 11:43:46 ----A---- C:WINDOWSsystem32javaw.exe
2009-02-21 11:43:46 ----A---- C:WINDOWSsystem32java.exe
2009-02-21 11:43:43 ----D---- C:Program FilesJava
2009-02-13 15:35:29 ----D---- C:Documents and SettingsRish MeisterApplication DataAdobeUM
2009-02-13 15:34:51 ----D---- C:Documents and SettingsAll UsersApplication DataAdobe
2009-02-13 15:32:44 ----D---- C:Program FilesAdobe
2009-02-11 22:04:46 ----D---- C:Documents and Settings
2009-02-11 03:30:32 ----SD---- C:Documents and SettingsRish MeisterApplication DataMicrosoft
2009-02-11 01:27:46 ----A---- C:WINDOWSimsins.BAK
2009-02-10 17:09:58 ----SD---- C:WINDOWSTasks
2009-02-09 01:16:45 ----RSD---- C:WINDOWSFonts
2009-02-07 18:59:17 ----D---- C:Documents and SettingsRish MeisterApplication DataMozilla
2009-02-04 20:46:05 ----D---- C:Documents and SettingsRish MeisterApplication Datadvdcss
2009-02-02 20:34:40 ----D---- C:Program FilesCommon Files
2009-02-02 20:34:37 ----HD---- C:Program FilesInstallShield Installation Information
2009-01-31 15:05:37 ----SD---- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-01-30 13:50:08 ----D---- C:WINDOWSHelp
2009-01-27 12:16:38 ----D---- C:WINDOWSMinidump
2009-01-27 12:15:26 ----D---- C:WINDOWSsystem32config
2009-01-27 12:14:48 ----D---- C:WINDOWSAppPatch
2009-01-27 11:03:08 ----D---- C:Program FilesMessenger
2009-01-27 11:02:31 ----D---- C:Program FilesInternet Explorer
2009-01-27 10:59:13 ----D---- C:WINDOWSWinSxS
2009-01-27 01:01:03 ----SD---- C:WINDOWSDownloaded Program Files
2009-01-20 18:23:18 ----D---- C:Program FilesCommon FilesLogiShrd
2009-01-20 12:32:25 ----D---- C:WINDOWStwain_32
2009-01-16 23:33:32 ----D---- C:Program FilesGoogle
2009-01-16 23:33:09 ----D---- C:Documents and SettingsAll UsersApplication DataGoogle
2009-01-16 12:37:44 ----D---- C:WINDOWSSxsCaPendDel
2009-01-15 15:45:33 ----D---- C:WINDOWSDownloaded Installations
2009-01-04 21:13:49 ----D---- C:Icons
2008-12-30 21:27:42 ----D---- C:Program FilesTVUPlayer
2008-12-12 10:27:54 ----A---- C:WINDOWSsystem32mshtml.dll
2008-12-10 01:17:22 ----A---- C:WINDOWSsystem32pxhpinst.exe
2008-12-10 01:17:19 ----A---- C:WINDOWSsystem32pxsfs.dll
2008-12-10 01:17:18 ----A---- C:WINDOWSsystem32vxblock.dll
2008-12-10 01:17:18 ----A---- C:WINDOWSsystem32pxwave.dll
2008-12-10 01:17:18 ----A---- C:WINDOWSsystem32pxmas.dll
2008-12-10 01:17:18 ----A---- C:WINDOWSsystem32pxdrv.dll
2008-12-10 01:17:18 ----A---- C:WINDOWSsystem32px.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:WINDOWSSystem32DriversDLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:WINDOWSSystem32DriversDLARTL_N.SYS [2005-11-18 22684]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-27 36096]
R1 KLIF;Kaspersky Lab Driver; C:WINDOWSsystem32DRIVERSklif.sys [2009-02-24 226832]
R1 ShockMgr;ShockMgr; C:WINDOWSsystem32driversShockMgr.sys [2005-06-20 4736]
R1 Smapint;Smapint; C:WINDOWSSystem32driversSmapint.sys [2006-08-02 14848]
R1 TDSMAPI;TDSMAPI; C:WINDOWSSystem32driversTDSMAPI.SYS [2006-08-02 9343]
R1 TPHKDRV;TPHKDRV; C:WINDOWSsystem32driversTPHKDRV.sys [2005-07-04 17699]
R1 TSMAPIP;TSMAPIP; C:WINDOWSSystem32driversTSMAPIP.SYS [2006-07-20 7168]
R2 Aspi32;Aspi32; C:WINDOWSSystem32driversaspi32.sys [2008-05-05 16512]
R2 DLABOIOM;DLABOIOM; C:WINDOWSSystem32DLADLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:WINDOWSSystem32DLADLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:WINDOWSSystem32DLADLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:WINDOWSSystem32DLADLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:WINDOWSSystem32DLADLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:WINDOWSSystem32DLADLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:WINDOWSSystem32DLADLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:WINDOWSSystem32DriversDRVNDDM.SYS [2005-11-18 40544]
R2 EGATHDRV;IBM eGatherer; ??C:WINDOWSSYSTEM32EGATHDRV.SYS []
R2 irda;IrDA Protocol; C:WINDOWSsystem32DRIVERSirda.sys [2004-08-04 87424]
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2005-10-04 12544]
R2 pmem;pmem; ??C:WINDOWSSystem32driverspmemnt.sys []
R2 PrivateDisk;PrivateDisk; ??C:Program FilesLenovoSafeGuard PrivateDiskPrivateDiskM.sys []
R2 PROCDD;IPS Helper Driver; C:WINDOWSsystem32DRIVERSPROCDD.SYS [2006-08-16 5120]
R2 smi2;smi2; ??C:Program FilesSMI2smi2.sys []
R2 smihlp;SMI helper driver; ??C:Program FilesThinkVantage Fingerprint Softwaresmihlp.sys []
R2 tvtfilter;tvtfilter; ??C:WINDOWSsystem32driverstvtfilter.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:WINDOWSsystem32driversADIHdAud.sys [2006-01-30 176128]
R3 AEAudioService;AEAudio Service; C:WINDOWSsystem32driversAEAudio.sys [2006-04-26 93824]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:WINDOWSsystem32DRIVERSar5416.sys [2007-06-26 1296800]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2006-09-12 1724416]
R3 atmeltpm;atmeltpm; C:WINDOWSsystem32DRIVERSatmeltpm.sys [2005-05-17 15872]
R3 BTKRNL;Bluetooth Bus Enumerator; C:WINDOWSsystem32DRIVERSbtkrnl.sys [2006-05-31 851434]
R3 CmBatt;Microsoft AC Adapter Driver; C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-04 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:WINDOWSsystem32DRIVERSe1e5132.sys [2006-04-19 181760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:WINDOWSsystem32DRIVERShsx_dpv.sys [2005-12-05 936448]
R3 HSXHWAZL;HSXHWAZL; C:WINDOWSsystem32DRIVERShsxhwazl.sys [2005-12-05 192512]
R3 IBMPMDRV;IBMPMDRV; C:WINDOWSsystem32DRIVERSibmpmdrv.sys [2005-11-10 10112]
R3 Iviaspi;IVI ASPI Shell; C:WINDOWSsystem32driversiviaspi.sys [2003-09-11 21060]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:WINDOWSsystem32DRIVERSklfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:WINDOWSsystem32DRIVERSklim5.sys [2008-04-30 24592]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:WINDOWSsystem32DRIVERSLVPr2Mon.sys [2008-07-26 25624]
R3 NSCIRDA;NSC Infrared Device Driver; C:WINDOWSsystem32DRIVERSnscirda.sys [2004-08-04 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:WINDOWSsystem32DRIVERSpsadd.sys [2007-02-18 21376]
R3 Rasirda;WAN Miniport (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:WINDOWSsystem32DRIVERSSynTP.sys [2006-02-13 177664]
R3 TcUsb;TC USB Kernel Driver; C:WINDOWSSystem32Driverstcusb.sys [2006-04-25 28800]
R3 TVTPktFilter;TVT Packet Filter Service; C:WINDOWSsystem32DRIVERStvtpktfilter.sys [2006-07-14 17664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-09-16 57856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2006-04-19 20608]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERShsx_cnxt.sys [2005-12-05 670208]
R3 WSIMD;wsimd Service; C:WINDOWSsystem32DRIVERSwsimd.sys [2007-05-14 57216]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:WINDOWSsystem32driversac97intc.sys [2001-08-17 96256]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:WINDOWSSystem32Driversbtwusb.sys [2006-05-31 67384]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 E100B;Intel® PRO Adapter Driver; C:WINDOWSsystem32DRIVERSe100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:WINDOWSsystem32DRIVERSlvuvcflt.sys [2008-07-26 23832]
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2008-01-24 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2008-01-24 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2008-01-24 21568]
S3 lvpopflt;Logitech POP Suppression Filter; C:WINDOWSsystem32DRIVERSlvpopflt.sys [2008-07-26 95384]
S3 LVRS;Logitech RightSound Filter Driver; C:WINDOWSsystem32DRIVERSlvrs.sys [2008-07-26 627864]
S3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driversLVUSBSta.sys [2008-07-26 41752]
S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:WINDOWSsystem32DRIVERSlvuvc.sys [2008-07-26 4658584]
S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 SYMIDSCO;SYMIDSCO; ??C:PROGRA~1COMMON~1SYMANT~1SymcDataSCFIDS~120050404.003symidsco.sys []
S3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;USB Video Device (WDM); C:WINDOWSSystem32Driversusbvideo.sys [2004-08-03 78464]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:WINDOWSsystem32DRIVERSagp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:WINDOWSsystem32DRIVERSagpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:WINDOWSsystem32DRIVERSalim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:WINDOWSsystem32DRIVERSamdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:WINDOWSsystem32DRIVERScbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:WINDOWSsystem32DRIVERSintelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:WINDOWSsystem32DRIVERSsisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:WINDOWSsystem32DRIVERSviaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acs;Atheros Configuration Service; C:WINDOWSsystem32acs.exe [2007-04-06 364628]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2006-09-12 413696]
R2 AVP;Kaspersky Internet Security; C:Program FilesKaspersky LabKaspersky Internet Security 2009avp.exe [2009-02-24 206088]
R2 FreeAgentGoNext Service;Seagate Service; C:Program FilesSeagateSeagateManagerSyncFreeAgentService.exe [2008-10-28 156968]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R2 IBMPMSVC;ThinkPad PM Service; C:WINDOWSsystem32ibmpmsvc.exe [2005-11-10 73782]
R2 IPSSVC;IPS Core Service; C:WINDOWSsystem32IPSSVC.EXE [2006-08-16 73728]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-02-21 152984]
R2 LVCOMSer;LVCOMSer; C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe [2008-07-26 150040]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSSystem32svchost.exe [2004-08-04 14336]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:WINDOWSSystem32TPHDEXLG.EXE [2005-06-20 77824]
R2 TpKmpSVC;IBM KCU Service; C:WINDOWSsystem32TpKmpSVC.exe [2005-06-06 32768]
R2 TSSCoreService;TSS Core Service; C:Program FilesLenovoClient Security Solutiontvttcsd.exe [2006-07-14 723712]
R2 TVT Backup Service;TVT Backup Service; C:Program FilesLenovoRescue and Recoveryrrservice.exe [2006-07-14 1974272]
R2 TVT Scheduler;TVT Scheduler; C:Program FilesCommon FilesLenovoSchedulertvtsched.exe [2008-03-04 1122304]
R2 tvtnetwk;tvtnetwk; C:Program FilesLenovoRescue and RecoveryADMIUService.exe [2006-07-14 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R3 hpqcxs08;hpqcxs08; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
S2 Net Driver HPZ12;Net Driver HPZ12; C:WINDOWSSystem32svchost.exe [2004-08-04 14336]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:WINDOWSsystem32regedt32.exe [2004-08-04 3584]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [2008-11-14 29744]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-01-16 137200]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:WINDOWSsystem32PsaSrv.exe []
S4 btwdins;Bluetooth Service; C:Program FilesThinkPadBluetooth Softwarebinbtwdins.exe [2006-05-31 266295]
S4 Irmon;Infrared Monitor; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]
S4 SUService;System Update; c:program fileslenovosystem updatesuservice.exe [2008-10-20 28672]

-----------------EOF-----------------

One example of the landing page to which the TROJAN redirects after clicking on a search result in google.

[ Tip For Those Who Need An INTERIM Fix : Quickly DOUBLE CLICK or MULTIPLE CLICK the SEARCH RESULT YOU WANT. This way IT DOESNT REDIRECT. I know its annoying and thats why its an INTERIM fix ]

Merged posts. ~ OB

Attached Files

  • Attached File  sa.jpg   56.41KB   14 downloads

Edited by Orange Blossom, 09 March 2009 - 11:36 PM.


BC AdBot (Login to Remove)

 


#2 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 09 March 2009 - 11:53 PM

another attachment

Attached Files

  • Attached File  ad.jpg   24.01KB   11 downloads


#3 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 20 March 2009 - 01:30 PM

Hi there

I saw another person who has posted way back on the 21st of Feb only receiving help recently.

I posted this on March 9.

I still need help.

Are you backlogged?If so when can I expect some help? thanks.

There used to be a forum for posting your gripes if your post hasnt been replied to in more than 5 days.

Edited by ovechkin, 20 March 2009 - 03:28 PM.


#4 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 21 March 2009 - 01:42 PM

Hello ovechkin,

I apologise for the delay, the forum is busy.

Are you backlogged?If so when can I expect some help? thanks.

Yes, and i am helping you now :thumbup2:

There used to be a forum for posting your gripes if your post hasnt been replied to in more than 5 days.


It's closed due to the backlogs.
----------------------------------------------
I will be assisting you with your malware issues.
  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
  • If you fail to reply in 5 days period from now, this thread will close, and you will have to open another topic, and wait for another helper.
----------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Checked (tick) all items except items in the C:\System Volume Information folder, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.
----------------------------------------------
I want you to use msconfig and undo all the changes you made to prevent items running on start-up.
----------------------------------------------
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
----------------------------------------------
Post back:
Malwarebytes' Anti-Malware report.
A HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#5 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 22 March 2009 - 07:53 PM

Malwarebytes' Anti-Malware 1.34
Database version: 1887
Windows 5.1.2600 Service Pack 2

3/22/2009 5:49:21 PM
mbam-log-2009-03-22 (17-49-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 172441
Time elapsed: 51 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 22 March 2009 - 07:56 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:44 PM, on 3/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\UTorrent\utorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [zxch7ko6ql72tzjt3bo3tq5nzscxkp4fbh8fl30fjggg2twgl] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m03zjvxx6koi.exe
O4 - HKCU\..\Run: [zvrgucryypsgh9jk8qer8wud26n7v2dqhy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\d2plm110h3.exe
O4 - HKCU\..\Run: [zsnat4hm8f3dj1le5fbsxd79hemak9wj1ixtacqvrmyk2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\o6qb3npsdmbe.exe
O4 - HKCU\..\Run: [zqbz9vh2pdfpgvg3punkl6dmcc7bwxt7n2pw0jpbf] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jh16khd4y.exe
O4 - HKCU\..\Run: [zpycqbf4pluivkxnduh47j953nal9n08dibx9wpxgyi1p] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\evczbhb.exe
O4 - HKCU\..\Run: [zp50e04nz81aiupg7f2leksouiyhi19yck8thzranv99] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qmuyv0v4x9.exe
O4 - HKCU\..\Run: [zkt0wn7hxrm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yshq28b8cc.exe
O4 - HKCU\..\Run: [zkagl91zvq1fjnev1i8rch] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\i6wkar4xc.exe
O4 - HKCU\..\Run: [zjufg2rao8tyjbvs05qaa0hexh9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yy0huy51.exe
O4 - HKCU\..\Run: [zfl7ensw7fpvpvwrkjwz7dmialmd9h3n] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\k1f65dvc.exe
O4 - HKCU\..\Run: [zfe2xm24ddpqcogfhe52lk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vefdylk5l5ai.exe
O4 - HKCU\..\Run: [zcafvhyuipidfdilp1g3flfov4dqj2ey3z] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kghbl4q56cs.exe
O4 - HKCU\..\Run: [z4u214qwfns6angoiabup906pk81ab5pcitmmwts8sr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ak2mmk.exe
O4 - HKCU\..\Run: [z4r8exams3btzx6qijloy08c] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\khah306muy.exe
O4 - HKCU\..\Run: [z3rl7ojvz7q8sg4tn1prxd38cassupk3287ys888onh95] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lzqwaipc2t.exe
O4 - HKCU\..\Run: [z0pi0vpsnurw3di5pvf8dwk5bhsafxq6rkl63] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ouchkuchwod.exe
O4 - HKCU\..\Run: [yu45kvzd2xv3tjek2qzm3] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\uzk1oiq1g6l.exe
O4 - HKCU\..\Run: [ysz5j01kcgl7lbgrqhi070p3soe6qtvqm83on3d8p9ri47729] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m210cs1.exe
O4 - HKCU\..\Run: [ypxt4scxhciw8bal4u7tmamknj1eii8y41i4t1ytvpqgh0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qk9yqs0.exe
O4 - HKCU\..\Run: [ykqz8a8hybt0fgzjqiq5ljxce2jp3525noed3if] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j79czrbmp.exe
O4 - HKCU\..\Run: [yhtva26xszn694] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\v7yj9qt.exe
O4 - HKCU\..\Run: [ygw18y99owr3ueuv0a] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\e8b6namt3af.exe
O4 - HKCU\..\Run: [yd5heg3tjfebcm5a] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nqzwzqf8o.exe
O4 - HKCU\..\Run: [ybo2il98r7xo7hqf3g87sc4lz4fd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mldihq0.exe
O4 - HKCU\..\Run: [yb5wh2hfwizfs] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mbgaa2u5fu1.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ya7pixkcyr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\awkdhpkvrso.exe
O4 - HKCU\..\Run: [y7w2h0t4pzpjb360jqy3rdi910gupuzt1zffk6embkspmie] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\g0qohgslpt6ah.exe
O4 - HKCU\..\Run: [y5fpgpyuopnz9g72] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\h5i2qg9yl92ky.exe
O4 - HKCU\..\Run: [y4fybuba48f3oiqjytc9fghjp9tyu1ufm17ybuyec] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m1rtfdbl3.exe
O4 - HKCU\..\Run: [xzpt1a4i2xzahy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yp2ltd.exe
O4 - HKCU\..\Run: [xv13fjrywu2w5zji5iluoxx15oudc9v799ohidh2n] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jmo3p88ttzfh.exe
O4 - HKCU\..\Run: [xqc5aa1bfl6nb32yyjo7krhb60fgl2iqeua] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bh9xnlxkh.exe
O4 - HKCU\..\Run: [xmmduykcx3sx1xintk7or1dehjhq5npkhfoe8vp0a3q6ikpdm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\i1d0kazjcb.exe
O4 - HKCU\..\Run: [xm4zsmkt2i6xh3hec8rsivluqxsaj2dhfi6ce39tp39cfts] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\te1appdey83ur.exe
O4 - HKCU\..\Run: [xl9wf4fa3irthwuqikmucury] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lhnl9rowmhk.exe
O4 - HKCU\..\Run: [xiv6psriqihvha0fbmt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dk7u1al.exe
O4 - HKCU\..\Run: [xgjnwd31yi1eb24pgub6nh2d1k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\g6uqj03ehaqv.exe
O4 - HKCU\..\Run: [xfl34nvrj4tsztfoavqlynawi48r6ul] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\r65igwjhh4qv.exe
O4 - HKCU\..\Run: [xf5r2fmzid6fhfpu5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\elwvulxqeye77.exe
O4 - HKCU\..\Run: [xdlzs1awkbd95] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ygn98qlcr.exe
O4 - HKCU\..\Run: [xc6n4i30n0xmq6l3507usszct] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\b5dh1rxxjrm.exe
O4 - HKCU\..\Run: [xbg9z1l0nfa54s5zsu5wi4hihv6stgmg4su] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jncd353rg9.exe
O4 - HKCU\..\Run: [xbammyts1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cdss3l.exe
O4 - HKCU\..\Run: [x86k07n5ao3uj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\q1un7f2llodl.exe
O4 - HKCU\..\Run: [wwgb2yjnopgr9lrhrhz4s9by2v428wgv677z9ki8t4m93ph7j] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\enpa2o.exe
O4 - HKCU\..\Run: [wv0dsr6anzqz7e52s68736xadwpiz7ptdh5l2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\frp0ocbd.exe
O4 - HKCU\..\Run: [wti1xb9xdyxa6il6y91634m0ikte4lsfdii09zda0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j5jfpc1n1yfu.exe
O4 - HKCU\..\Run: [wtbyz1bop124j4de] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\sfhpijyqlcw.exe
O4 - HKCU\..\Run: [ws01v4x334qbr867snuk5phaklc6vg0v1y38gy54rffblmd5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\biuq9km4fer1q.exe
O4 - HKCU\..\Run: [wraz6qw4a5wcumkw3bm5qansyyws2pzo2uaucxpupgibp1w] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wayy0rs7yax2.exe
O4 - HKCU\..\Run: [wr0kfwtbwwxjsra7m7b6pw2lw9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kfdmfwqyx.exe
O4 - HKCU\..\Run: [wk2gvbw737am4sc813x089] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\i76rmgz.exe
O4 - HKCU\..\Run: [wjhfu5w568f9amoxhmg9guafvesqsbzwom1dne761hvrg30e29] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bjuxstsj0rz2.exe
O4 - HKCU\..\Run: [whjkbltl960gdh92xng4po] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vd4sq3c.exe
O4 - HKCU\..\Run: [wgtuyrld8zxry1yuxbhif0j06k6l0dw8grlmxmmyh9j] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\eq4fbj43so.exe
O4 - HKCU\..\Run: [wgj4d7l3n33lgui] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\z1p3pl0843vdi.exe
O4 - HKCU\..\Run: [wfuvsj2yvqdkpt7y55jj6o926503glm0p9x31wd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\clfq1hy69fdrm.exe
O4 - HKCU\..\Run: [wd4756vrzaxnngmhh1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kgot75uen6.exe
O4 - HKCU\..\Run: [wco7n3olj34gw5x8qxq88tduoh4pj9w] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jag8odd0r7pf7.exe
O4 - HKCU\..\Run: [w89gy0z4gwqj2s9ovj5ggj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vtzh4zrzsxbiq.exe
O4 - HKCU\..\Run: [w4pu67dtbct] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\byg3hu5.exe
O4 - HKCU\..\Run: [w38rnrlhk0kur2dtlv1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\imz9y4lp1d4hj.exe
O4 - HKCU\..\Run: [vu29k5t689uyvtivynvpx6c6elcjttjo3s50ct] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\szqtsqjgzurbw.exe
O4 - HKCU\..\Run: [vs05jaj96nk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\odlucq82.exe
O4 - HKCU\..\Run: [vp85ru39p0omofu8j7qvy5s3sxd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wsulintptoik.exe
O4 - HKCU\..\Run: [votli4viamg0t65qw85a9bj590ndv0z5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\e9mdfjq9t1ik.exe
O4 - HKCU\..\Run: [vnmky79kqta9s1qsptj9dbvz1k9cfbwb5lshtbswaxh41klbc1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\d64xem3byk2oc.exe
O4 - HKCU\..\Run: [vmrxlsre3kmnd2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mszdsndva.exe
O4 - HKCU\..\Run: [vgqrb9t2eckih4xxz07nf7] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\eyhejj8zz94.exe
O4 - HKCU\..\Run: [vdc2ot2za2bdt3b2slnz6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pt40zb.exe
O4 - HKCU\..\Run: [vaf8wy60htm4u] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vvswv2.exe
O4 - HKCU\..\Run: [v8suocvbq0yemro3h4bevm5mdsx5wl638l9db1c4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dpdr6izfdz.exe
O4 - HKCU\..\Run: [v7te9fhelwpmgdjzew3iaq17l9vmjd19058ykn] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\x4w14h24.exe
O4 - HKCU\..\Run: [v6l2rr6k5i6xw0isqxfkydu0zy3qv19p7l] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\elsfeks0zxk6u.exe
O4 - HKCU\..\Run: [v2hssm8vfvpdn8q4z86pj0bpnw04b] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pg5guaggfjoo.exe
O4 - HKCU\..\Run: [v06lc48u6nsat6jvmfs9m9k31urykjmaswwa04zih4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lzdgjx9w.exe
O4 - HKCU\..\Run: [uxujn3mlaqdg8g05udexirn4ehow5wx88k6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\b168zpgssmwt3.exe
O4 - HKCU\..\Run: [uxkzb6mnlawat7z8zxbtr3rov917l6j2e14b55efj1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\a920lsmikda.exe
O4 - HKCU\..\Run: [uvx4gxrdwgwd9n273y7zo3ww3cnj5lv6ho0y6yqvsox4b] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\r3qd71n2.exe
O4 - HKCU\..\Run: [usgpwpnzb56bfqr42nx6p4hmvljbs0mpaia874g10000vo0y] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\hghpkdb.exe
O4 - HKCU\..\Run: [us2sez9wi1msx12y5x7bc6o] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\df5qfoneb3a5.exe
O4 - HKCU\..\Run: [urywt2pu11ba5wjw4eyjveiewuf63ugqldt65h8upscguq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kvpaicp1s.exe
O4 - HKCU\..\Run: [ury0bthohloblk209oodfys92bgfc3eb] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\re9op8mq8dwm6.exe
O4 - HKCU\..\Run: [urkcz7x6abwdtqp51w6ktxcmjw40mbqot4xikauhhcerbkh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nqodq7h.exe
O4 - HKCU\..\Run: [uqn7xmlmmlmlmpswy9vdtzlr35jucu8jc127bxj6djvsjpoy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\eaflnd.exe
O4 - HKCU\..\Run: [upr1wuqxmou82uwmm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\d7x5mz8.exe
O4 - HKCU\..\Run: [ujqn4rxa9cwn1z4j2qt53] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yimsx2qpm9.exe
O4 - HKCU\..\Run: [ugcu06xnin41lekkwg8my2of6olazuwn7fm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ng8522sibae.exe
O4 - HKCU\..\Run: [ugb9r1yd5kvfw35b5uygah6g7hjl1w5ib2you4h2j] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tghmu86pv.exe
O4 - HKCU\..\Run: [ug7qq28ymnekg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ue7j70xktjzzc.exe
O4 - HKCU\..\Run: [ubsgotwcpnuh9o4fdg0qjbvmhu0nsgj6wbpcn3fzlvntetf5g3] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mv82nnhszhx.exe
O4 - HKCU\..\Run: [u8zsc06g9sj01331qp38kvqkrim9tfhjad4o] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wzg0ppg7nc.exe
O4 - HKCU\..\Run: [u4dyo3il55h04mn2fuhl4vnelimh66oyvh7d4hil7ybkqj0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\evacgai945ioz.exe
O4 - HKCU\..\Run: [u2h45ipvuevjdjbxhvv5xw6y8l79frkrnzxk7ma5fbz1no] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\estjsvv.exe
O4 - HKCU\..\Run: [u2clrg4o7hh44mrgma27d5w9po66ovjdxezjjzv8equm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tweibxxk41hu.exe
O4 - HKCU\..\Run: [u172hzp6r0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m1g753h3vdl.exe
O4 - HKCU\..\Run: [tyci5q0zvem7mf] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gzlhgoq4uo.exe
O4 - HKCU\..\Run: [tyc6f4c434mc4zki6tgy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bz4ut24j.exe
O4 - HKCU\..\Run: [txh544um5w3f1jrf7ns7vt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fcfpi729ulq.exe
O4 - HKCU\..\Run: [ttqgxh6g66psmqadllqm6qf2cmbfeprerlfrfa10jjcw27xieh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\uwsctzm4r.exe
O4 - HKCU\..\Run: [tnxritnkvu9b80jynp] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tvf8oh42g392.exe
O4 - HKCU\..\Run: [tm2tz10dh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gm488e1e.exe
O4 - HKCU\..\Run: [tlz1radp29j9v28zyvdux7n14cyt2w6q8nzudofoend1qsh3v] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j4rh5608s.exe
O4 - HKCU\..\Run: [tblpu9c87znyar2pzjq5mvs3lxsy4paav9snqsuxxj4ey16gkx] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bl6e2j9.exe
O4 - HKCU\..\Run: [t8jo8q0a8em2k5uw] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\q499gay0.exe
O4 - HKCU\..\Run: [t81yom53ke2gxnpj68up6dxdk96ao] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vbvpz9.exe
O4 - HKCU\..\Run: [t5k673rmfyl4d31f47750z6e] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\stv5v7e.exe
O4 - HKCU\..\Run: [t5dyzx89dmvk9wrpk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tuyn6iu4f.exe
O4 - HKCU\..\Run: [t36v1572zyedc1i19dxp6jwnmbxn99x3h0uqx13rq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qa8jfcree.exe
O4 - HKCU\..\Run: [t122kog96q3z7] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\c6n3ipz4jox.exe
O4 - HKCU\..\Run: [t0l2x91toron32n463boxmxlbo97gzlg19wmbb613zv5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\myc76if6qqx6o.exe
O4 - HKCU\..\Run: [sz8nltvtngvlhjpqq41hs3bmcehnwfa3r] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\meqwkeuz166.exe
O4 - HKCU\..\Run: [sxfus7hjstzoz789v3vh9986rtrn2t1mtyzc3972zt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wiwnz3t.exe
O4 - HKCU\..\Run: [ss9265hglc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\se6iqabavl.exe
O4 - HKCU\..\Run: [sj6qic09k83dejktxha30] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\t32vbdylji.exe
O4 - HKCU\..\Run: [sgeh9jubvi7pl43p18yj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wafe4mz9.exe
O4 - HKCU\..\Run: [scu6biyvcvci9iizzvkrdla126u5g] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mp3bwxax4.exe
O4 - HKCU\..\Run: [sbo2phcuzchfcb3b6kok] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vj4xyjaig.exe
O4 - HKCU\..\Run: [s6c33vgt2evnw1ml6wqpcutd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m3k8ngm0lc.exe
O4 - HKCU\..\Run: [s5scjc96i6htj213v2fc0tjyvvj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\amea2q5dt83r8.exe
O4 - HKCU\..\Run: [s54jhvnjb8xx0e3nv6hcj66i9r] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nzm9rsowj.exe
O4 - HKCU\..\Run: [rviqry091cor9niehdg6le9hpmiust7fyo64475uxasre] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ippegifojeu.exe
O4 - HKCU\..\Run: [rvchu34bg48] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\byrmqu3dw.exe
O4 - HKCU\..\Run: [rucig5b2t7lj86ajao9aaurpb5s912b] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nm2fkskck14.exe
O4 - HKCU\..\Run: [rtvbhjezc1lrdu2uzyqkc5va9d0ai] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\b7pzrfalwzr.exe
O4 - HKCU\..\Run: [rqmabhzc47nzy5fw7sya9z64vmqi0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\n9mqv0500mvah.exe
O4 - HKCU\..\Run: [rnkxt4r24teqkfkrevc9bqnur7d5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\x0d726b.exe
O4 - HKCU\..\Run: [rkftyk2kzyrqwepqreyqx5azeihl0im6kxdwdpjnh4cy5fftcb] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dmtmk1goee6nx.exe
O4 - HKCU\..\Run: [rj81juyrqkxs81wm4561uxafms] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qjcdmo5u5.exe
O4 - HKCU\..\Run: [rehzuaio7ve] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qdt5uybk1qe.exe
O4 - HKCU\..\Run: [rdk10kotqeidsikg26j219w35m91it4wvue3x3] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yqkhfvriiwsoh.exe
O4 - HKCU\..\Run: [rcnljcjjyrzl6srw0a2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jm9qkf.exe
O4 - HKCU\..\Run: [rc9vck6bznk2d8uf] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tztnksaz.exe
O4 - HKCU\..\Run: [rbqdxlbt5g3ca905r8cqlidhwp2y6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wew3c1j17b0no.exe
O4 - HKCU\..\Run: [rayfri5ognfn2vjplz0rncah7tdkvh2jsbyho8y6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fb4iqyft4d.exe
O4 - HKCU\..\Run: [r8o50mpcxwrz8gpnqk1meq0j9nu4n4v6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\l1jd4i.exe
O4 - HKCU\..\Run: [r0v9y4lxrzex5x7ukq1twf0im8z3rbroj6sys] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\upphi29.exe
O4 - HKCU\..\Run: [qzisydas45jewo] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\c7st47.exe
O4 - HKCU\..\Run: [qzcfbbs6jghacophwroxuyq7bs4if1cho47tafxg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\sjt1wslxt.exe
O4 - HKCU\..\Run: [qy2q0nu7y] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cchu0frysfn.exe
O4 - HKCU\..\Run: [qxp7b8s258ebdgnfngmf9s] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\oe1k3183bm2lu.exe
O4 - HKCU\..\Run: [qxcyw8bxre9sbanvv87a3iioog2p15cw7kiib40io2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\eyrl3gx9rei.exe
O4 - HKCU\..\Run: [qv5af8f6uldxtd05ifzuqfmbw942kl22xzacogjo] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\i906t32b3kq.exe
O4 - HKCU\..\Run: [qldsv37ow7cdqzm45kf6ibapkxpfem9s70pyx4tvh1bhtd2h] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dhtu70ovfq9.exe
O4 - HKCU\..\Run: [qjoedeywtlygpwtto53nwzw2jfbpdu9jg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ri40mysxx6r.exe
O4 - HKCU\..\Run: [qgp5h5tbp1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ccbd9fp347qkt.exe
O4 - HKCU\..\Run: [qggxgckvf4nmbshvb3op7eo4wo] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\rmm9ej73tpc.exe
O4 - HKCU\..\Run: [qf9031a2klbwr2e21wexq73mp6femp8qos01lfs8bpq4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\rcz9hmbbqvgr.exe
O4 - HKCU\..\Run: [qc32t1jle9aomq199hmh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\v3fpbnx50.exe
O4 - HKCU\..\Run: [q65qw51yoe20dvna92p7m4to7im3f3j5zmpnzfurjad] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pfn3p9lrdvpih.exe
O4 - HKCU\..\Run: [q5ruwxt54hxbg3cv0fzlro62ameh9cf] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ptr5ri2.exe
O4 - HKCU\..\Run: [q51f7s47cf08czy4h9jio2aw9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lgg4qo6d03l.exe
O4 - HKCU\..\Run: [pyqb77wjnsdrw0r5vh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\futmoo98y8.exe
O4 - HKCU\..\Run: [pwvejc2o70fmh4u10aca79r5kx2q3pa1i0ilnc5dtxb1s] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\aja1c5fj7.exe
O4 - HKCU\..\Run: [pwl7a1iikklcy7csppqpf] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jwtsnu.exe
O4 - HKCU\..\Run: [pvajdtpcvorvtja] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\t8lk7i8p.exe
O4 - HKCU\..\Run: [pt1nte4mar0y1xn] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\n2c9v1k3kn.exe
O4 - HKCU\..\Run: [pn2bl1ld0zpwnh3is65] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\f2f3d867ana.exe
O4 - HKCU\..\Run: [pjihnryhyio4n5amao65ngpsnngamytgbzdxlzp8004dv4k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qzqljk1.exe
O4 - HKCU\..\Run: [pf2c7upwzki5iyaakbpytudpy7pms1yc1dzak88gh663gh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xg9ejsqzm.exe
O4 - HKCU\..\Run: [pdq1zgwcukcm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vaadczkxipl.exe
O4 - HKCU\..\Run: [pb3kqsi74al1uc5vsvqu6vu3z7rzrniukht3u9ldao2kj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\sye1bsks.exe
O4 - HKCU\..\Run: [pacbeyn26n96o7r4wj5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ki3ofpio.exe
O4 - HKCU\..\Run: [p3sgrtzu4ecu983kdsair2alfojnv1tj0w] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xkaq1d.exe
O4 - HKCU\..\Run: [p2f3xq0jf8c0euy36] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\p4by1u.exe
O4 - HKCU\..\Run: [p2b79zudkz09gf6t4ljfmmlfidi21oz9bq2h] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jw4bddeg.exe
O4 - HKCU\..\Run: [p188zl6oftv188sxxt5wljp4ftd2yp4pm1act4a] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mx10eqbqhzun.exe
O4 - HKCU\..\Run: [p1469xx0uz0g29fi51iixckhoj67wt2h934fuz1ppcbh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\me1wtxsj6k15q.exe
O4 - HKCU\..\Run: [p004ab30izva396071o0ie] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\a1ye84.exe
O4 - HKCU\..\Run: [owuldoq6zxwow36n] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xkgqsdjwyvlq.exe
O4 - HKCU\..\Run: [ovw1lyiwk2o21uh5p0upt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fkrzp9ggy8lq.exe
O4 - HKCU\..\Run: [omywt52vcy85ngfnh7w5hx1mjxuvoa56xqcq985942] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\l60wjjh.exe
O4 - HKCU\..\Run: [omx1wdaob4zqggucyw801q8o] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nxfuwb0a4.exe
O4 - HKCU\..\Run: [omvyj03rbh0qy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kvmp4qe.exe
O4 - HKCU\..\Run: [om9986f4rnq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ts1sievg.exe
O4 - HKCU\..\Run: [om3edos6eq0c9cyrvtmca] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pa92yucf4n.exe
O4 - HKCU\..\Run: [okkn141y5kgxj1stwve5lyvb5l6qvdlx5m4v6p2znrfnwv] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lzkymyw.exe
O4 - HKCU\..\Run: [ogbi0iqcmn] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\s1051rbo.exe
O4 - HKCU\..\Run: [og0r6ffchwcuiur8uunbb0ow8kn86rw9sa3xiwrc9ou] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\zsrqoja0n35.exe
O4 - HKCU\..\Run: [ob4v8mu0dqe81y9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\r9vnyadxz5.exe
O4 - HKCU\..\Run: [o65q4a1df9hrxini7xwg8pwa06c] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gz8bcy.exe
O4 - HKCU\..\Run: [nxryvpgy3i1qogk8q6ei594a0n] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\e4bo39b.exe
O4 - HKCU\..\Run: [nxibdprqfukv] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nl5t09ta.exe
O4 - HKCU\..\Run: [nroz403r1kl21b9e9u641934m] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pxmpq0dp.exe
O4 - HKCU\..\Run: [nptjxtc0bt6yovymd86xeigv0ie2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gv748z.exe
O4 - HKCU\..\Run: [nncte3dfq4tlaap0org7gq0myfmzv9kp7j] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\n0ug56wp0fvyf.exe
O4 - HKCU\..\Run: [nmxdhqbiexgzdx9pj9o8tevjiihggmbe0x] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fhtqs5.exe
O4 - HKCU\..\Run: [nmwjayhatjhosl6qoi2y] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bn3o5bpe7.exe
O4 - HKCU\..\Run: [nmo7p9lwe78llfw9np056ymcc210k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qvb98gzci2f1.exe
O4 - HKCU\..\Run: [nmmpfclij6ttz919wm9zodm34ako30r4sasjhk6ps2k2wa4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fvgmuqcw.exe
O4 - HKCU\..\Run: [nl9ng2dmgt0zq678hqwgrqma4pippmlxly] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yc315cfwiwf1.exe
O4 - HKCU\..\Run: [nkwkc0g0950fllmtf9tyfpzdfzciqn] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\v105tt1mwv.exe
O4 - HKCU\..\Run: [nkhq10jzlshiv5rddgczizurv] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\auigbj.exe
O4 - HKCU\..\Run: [nhv90iv1yar71jv0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\d5t7mdzvptzm.exe
O4 - HKCU\..\Run: [nh35zldcztjajkrsbmjxhvlbn4kk3gp7vbf06jfc5rleeu7zxd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\secihrd9.exe
O4 - HKCU\..\Run: [n62j5ykikmwelslt0grc7duqn76a29grvxjtruaudie] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\usa31x7fv.exe
O4 - HKCU\..\Run: [n3i16nhts5ptpvx4uagwbjs3ai] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\trj1xnyp2pi73.exe
O4 - HKCU\..\Run: [mtfogihriine7karwa5nkjzxpvb819h7cbor655my] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nzx90smxo5m.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mqzbewtchy3bcdxahjr36gz] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ks16bebbq.exe
O4 - HKCU\..\Run: [mp851o3r9hydm3euicij4291lromydfbyj5lstrpco] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ic78tfd1qc.exe
O4 - HKCU\..\Run: [mp7swwkmp9al5sgqh77aupydnglvxtshiwvd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\hz2sv4ub9kwt.exe
O4 - HKCU\..\Run: [mhxuvftymiabff1vmn442pdvc62wt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xh2amrta.exe
O4 - HKCU\..\Run: [mgxo8n55u8pnzrvtigy9nry7] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\awmes5h47.exe
O4 - HKCU\..\Run: [mfpi3ksqbukbsksy0o54371q07bq8m] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tr6ybz7.exe
O4 - HKCU\..\Run: [mdv4igwsm7] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\h2xxq4b3d0j.exe
O4 - HKCU\..\Run: [mds1xerusvnfgu86iw5bcie5rh6dp6voj73] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\u49logxe.exe
O4 - HKCU\..\Run: [m7q3rsf7h6w4e5eb5ahqjplg36q8y8bnmp9oya5a0q4a2dutnd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mqeio6edu3.exe
O4 - HKCU\..\Run: [m4ud1495cy0bvq07egk7el] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\c7nr1f5jn1.exe
O4 - HKCU\..\Run: [lyxur5s5dmcznk4lfhm1zmonf4ox95] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jwaogl7zxc44.exe
O4 - HKCU\..\Run: [lsknx97qg6qweg0e3yho1em00qwe] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cqwnf8adqa.exe
O4 - HKCU\..\Run: [lrv6fmd510ase7qpyhykvm1yk5h5exbc5c4qcso0bhj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ks5mrfx1o.exe
O4 - HKCU\..\Run: [lpu9hxiqf5r5pnt86fzoqgn9k2dw03zxlsdy5t] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cncz7uiw3v.exe
O4 - HKCU\..\Run: [lirkja3p68n4nyf0qllswr4yi4qcu4wrwc6cyowcr2igovchz] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\y5lyq2m5njn5.exe
O4 - HKCU\..\Run: [l4gqg1hbdmz69pte0vkcte0cemgy5qrpmwevtq492] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mn6xptu9.exe
O4 - HKCU\..\Run: [l2b876tqe54rvqgtbtxcjgrs5ba3ungeerxr83d2kohlwqzj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\e33zzkn0qwk0.exe
O4 - HKCU\..\Run: [kx515701zf3] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bb46i9gyrw.exe
O4 - HKCU\..\Run: [kw7za4vs1rdcaix] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mnhgytsat7.exe
O4 - HKCU\..\Run: [kp7mvl9on1p8vcdzssns8kaoupir103lsv2boc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dfoojl.exe
O4 - HKCU\..\Run: [kp7arpfbvzxrr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\in9jb3c.exe
O4 - HKCU\..\Run: [ko1mgg37p6m5s1fg0jk24qul5uv6okylw7ax7038g] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\om0nhn5.exe
O4 - HKCU\..\Run: [kmb864rkmlinsv4dvtdfjk1nswy5srn8zklipxvok13yppmnz] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\eqyfk22neh11.exe
O4 - HKCU\..\Run: [klft6gfqwxjwozqfv6wwqtw4c] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\izkn0ou61v4c.exe
O4 - HKCU\..\Run: [kj2zwyherscv8nvxgrwv4ty] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\w3eitz.exe
O4 - HKCU\..\Run: [khvd173xzixpw7nvfl] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\agk010djkhde7.exe
O4 - HKCU\..\Run: [kh0d3tay4e45l68p7fwfa4lj72mbhrvtyd54ccndsnqu] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ii9x62sspt.exe
O4 - HKCU\..\Run: [kepc71uwym4gbv6qf68e0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jhu0q85volx.exe
O4 - HKCU\..\Run: [kcosqxonpys9hkd1w7j5qfno1fwh8lb8won2cx2jv3gbysm15d] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pyynnzsim9.exe
O4 - HKCU\..\Run: [k9c86fu4e52c1jgrh3qdglp4gl2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m9cvtg26.exe
O4 - HKCU\..\Run: [k3xt63slnvwpx1u5ovls7uoltjl9ny] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\otv7qwh2zj.exe
O4 - HKCU\..\Run: [k1yag37q23gwtv1kmdamggn8xk79i6wr7kqox5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\c7no0o.exe
O4 - HKCU\..\Run: [k0ds56ypxkfkvpukj8kxka1ab69po76w3nof] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vl1s5nq6we.exe
O4 - HKCU\..\Run: [jyr3dx6wp1aeqxw6rha] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vgi8wplswa6.exe
O4 - HKCU\..\Run: [jyel17b26p0axqi3tzntey163] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pddoh6atvdsn.exe
O4 - HKCU\..\Run: [jyde7yaa26kj5hg426en4cw7hxecjmk0zb58] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ucj4cj9fezig5.exe
O4 - HKCU\..\Run: [jy63wu99q8pwszig7neraugt31s8pyz] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qsum5567pd.exe
O4 - HKCU\..\Run: [jxc09j7c22sfgya6uagcyionw051jix95s] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\socl599b.exe
O4 - HKCU\..\Run: [jwz8sy5v5pz998w793rvch7pkrltg0e885rr3m6calmahdy6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gp3n6g.exe
O4 - HKCU\..\Run: [juof062ou7h57joq07l35mdsgntf135zx5mj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gaeltnkt82j.exe
O4 - HKCU\..\Run: [juf7hol0noi6koiylpbiiptok0bwl2zfeaszsjjwu3] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j8fqo8h.exe
O4 - HKCU\..\Run: [ju4q2emc62x0nelizyu8cvcchth7ugqzopjz49ryee4ib] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nmgwl9o.exe
O4 - HKCU\..\Run: [jtlncxl7qsjd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\c6cmv3ac2nc8.exe
O4 - HKCU\..\Run: [jqscdd2bdrjit] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fhtuge31.exe
O4 - HKCU\..\Run: [jo50yz15uzn7ijk7d0g4h7s5hokfs06omzk5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lrlv8xpaa3ajr.exe
O4 - HKCU\..\Run: [jmd2e3i17ii3n3p9rs03bg38ohgknd11hl5gn7v9prv4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fz3z9g9n89b8u.exe
O4 - HKCU\..\Run: [jhpa7ox99cgrwyp7x7vfaiftqf3kge7lb03dhgb] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ddumpffn57n.exe
O4 - HKCU\..\Run: [jhjfryaogobatkvr7urlyvit7mo043tn3a] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jalrnw921.exe
O4 - HKCU\..\Run: [jhja6r1eool8psbtmvr3bdpff3l9qt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dbnhn38pykpi.exe
O4 - HKCU\..\Run: [jej1eg707altmk427l5fzdvk02zdeel] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\q75bqkbpzalh1.exe
O4 - HKCU\..\Run: [j89eeayrxtm293r9tftuww8lfh8woodqzfo4humc6w] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\b42a9itha0.exe
O4 - HKCU\..\Run: [j1hhghwv4la9zovlyo0qj87vb9ff28qqjc5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\l9m668p463d7.exe
O4 - HKCU\..\Run: [j12z10zbbj6ersc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\f89dvyykje0.exe
O4 - HKCU\..\Run: [j10jce76ectny57u0vqf27sfzlaqgyafp2qo5oh6wx6d] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qnimp6u4w7nsk.exe
O4 - HKCU\..\Run: [iym3z5xz4r3l50p4gvd5n] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\o484ss3tkli.exe
O4 - HKCU\..\Run: [ixv3n2pe14275p17wehu94mzczflzo0l8yvaj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ey8177x.exe
O4 - HKCU\..\Run: [ivnxax4wv0bo1757gtgas537kn01asjbe6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mubeisqjn.exe
O4 - HKCU\..\Run: [ist7ttgz57c8np2zj9e0zan4mcjsn4jwn291ccnbefrn4k6gov] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\k40sopt7o5.exe
O4 - HKCU\..\Run: [ip67maa6ukr5wp] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\y3j1kwa.exe
O4 - HKCU\..\Run: [inpuq8xoerdteaqkdnu] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ayu8cnlc.exe
O4 - HKCU\..\Run: [inbjy1e92ex5wzodtstfs5hs4q05m3oqods4zy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\igrifgpg2.exe
O4 - HKCU\..\Run: [ikrh4s2ksh22j6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pdj586csqz.exe
O4 - HKCU\..\Run: [igye0cr820cjmg0boxzgoz9jly7anezuvvvg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\l0651t8.exe
O4 - HKCU\..\Run: [igmkoekvg8x3b8dkf9a8s3] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gm9r7xxz8tt4.exe
O4 - HKCU\..\Run: [ifpfkoqsi7qu3pngen3tfuguwvucb] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xijy50z.exe
O4 - HKCU\..\Run: [icfw29ex0dj4g50x1h3y4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kj6byfkfk301p.exe
O4 - HKCU\..\Run: [ib16j2bc3x3kz1pui7pyyz8iv79j00] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\rrhqstnyvib.exe
O4 - HKCU\..\Run: [ia3zkge95rmsn6h57h6rhrc3tf0k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fv4tggdo7zy.exe
O4 - HKCU\..\Run: [i5kp9bqt64jwor2g0t7x61f] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lax9r8k4ghn.exe
O4 - HKCU\..\Run: [i2kspf3dw42qke69tllx1qrq9qvjm9eo] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\r78yde17i3r.exe
O4 - HKCU\..\Run: [hy7lqbgltqq0ktf33vem7ggd7pkwavp0akbk77hj0u99jxp8] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\s45j6wod.exe
O4 - HKCU\..\Run: [hx33yow3yiqeawgjlqkgoc3hfbyj3ol0u47jpneuho343gaen] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\w9b5gzht.exe
O4 - HKCU\..\Run: [hw031rw0kwt84k4ps5ndpvf9v21n90txc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gvucaw.exe
O4 - HKCU\..\Run: [hv04rar0m1na] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\y02vhlhrn00bv.exe
O4 - HKCU\..\Run: [hs04d94pxx] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wdd39mo5.exe
O4 - HKCU\..\Run: [hozy3n6qjpokunfmhggeer22uzkg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\oee7oribi.exe
O4 - HKCU\..\Run: [hlaap6on2gwvl5t0em8pe5m] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nndmc17sas7g.exe
O4 - HKCU\..\Run: [hkscaljekwfcihxc3sst8ladpowae41awj7fm64nc1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\es8db5d2fgyfm.exe
O4 - HKCU\..\Run: [hfysht71b] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cs0lwujcdrttx.exe
O4 - HKCU\..\Run: [hfrx33uyr02ilmfir2x9k21746t7vdxllx3smp2qz4yn7b4j5n] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\g0wo8guk3fb.exe
O4 - HKCU\..\Run: [helpsroa0cgako74kwqd9ijjxkb7t2di1skw] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lxspc7zr4j4.exe
O4 - HKCU\..\Run: [hdzw2hnmcl02srjy328j] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\u0fk7y4e75.exe
O4 - HKCU\..\Run: [h8xzve7g7s7i47u0hlor0qh39tinnxgb8ydospo1od9zq0nsxt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\swytb29ez0.exe
O4 - HKCU\..\Run: [h855t4alof6wf12ye5xt84kx] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\g0l5zxw0y.exe
O4 - HKCU\..\Run: [h5qru8egv5dps61xfkyxqdtuj18osrac4a488qkjt48mtnq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\t2lcfbxw62.exe
O4 - HKCU\..\Run: [h4k80byckg8bv8r53fi7e3klmemu8ly6urmvffzdy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\zw6jgn.exe
O4 - HKCU\..\Run: [h2u1418e7ehf986c7q1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jju4bko2z0.exe
O4 - HKCU\..\Run: [h2nonuzl93qwqavmje9v4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\zl4a5x2pqq7b.exe
O4 - HKCU\..\Run: [gv79liwx9jsfct6vny2c6hjzg9zh5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\y113gfo9frun9.exe
O4 - HKCU\..\Run: [gs6d9zq9uuk78eai5phkwsv82j7wn5yeeeywogmc1p8c4ece] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kclg32z9gcrum.exe
O4 - HKCU\..\Run: [goa2basfhpjvbjjt6eyyal7cplwtr610cip1zwmu2u4wue8] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\o1y65q.exe
O4 - HKCU\..\Run: [glvmuyqz6ye35brd6sl4mu4m1q05] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vavn8p17g.exe
O4 - HKCU\..\Run: [gkvnhy6wazw430lcmisqcdiip81k0pi9sug3xzy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\avy1o8.exe
O4 - HKCU\..\Run: [gjiy9rhoslpm7lfwztaaugmjkwcmk8ihnmsmnqsia] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lm2bzv.exe
O4 - HKCU\..\Run: [gf8l5gpvxcifepoa] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vyw526sr0x.exe
O4 - HKCU\..\Run: [gcf6vz6g4l2hfyopcck1vlx39tp] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j9akvn5m.exe
O4 - HKCU\..\Run: [g15k8q7igejdh5gnwvp30374nepsus98895xy6phmjfy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\y9if50h1rn.exe
O4 - HKCU\..\Run: [fzyjglutvpac9rg8qkh95a3kbq3en1ppgdi01i0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vfe7y66l.exe
O4 - HKCU\..\Run: [fyenkoltiag3t] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vjt09a8fxgj.exe
O4 - HKCU\..\Run: [fwt8zq70z6zndvhkonqtjgnok] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ir7x5ukierzz.exe
O4 - HKCU\..\Run: [fvdtvojtexa86o44zrj9tvlah2yap5xpvwi56psezf2k47n1h] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cdbfrxzg.exe
O4 - HKCU\..\Run: [fv5p84zrde3njmoe39fh4nra8tqiygdmc5b41q4fcx5hoyqsbr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\f4s09ez03v.exe
O4 - HKCU\..\Run: [fp7w4c1iqfun9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\epao657pcx5ai.exe
O4 - HKCU\..\Run: [fp2hgibjq4ozuc700bsgal48oobb] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ltkbkmtxx.exe
O4 - HKCU\..\Run: [focmgies651bjs8yaxtdhle60uml0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m6s722t6.exe
O4 - HKCU\..\Run: [fj5ozlp1ljpbiiw7emqt30ry5qz67] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\psrsw3f.exe
O4 - HKCU\..\Run: [fj3gwlq2sjw04qo1vc6bnqq8igaomgk33wjsy7y] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\hjst6qwb.exe
O4 - HKCU\..\Run: [fibmmmjumgnnbkegans5x7lk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\sma7z3x2mbz.exe
O4 - HKCU\..\Run: [fh5kgh7mcmgqq2kivpdp3miga4wi8rwmbkl1930ku0az86q4n2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\e674zf.exe
O4 - HKCU\..\Run: [ffanv3qpqe3lk5wg5teronddjcnfdklmydntr6gs] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\zjwu1c.exe
O4 - HKCU\..\Run: [fe8s8gfaekq98462umqo] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xaw5py4yexzz.exe
O4 - HKCU\..\Run: [fc1q1r6dzkhwqt3xbxxvbajzqeb7oz8jbjvveeas32cla4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fsv5h228py80e.exe
O4 - HKCU\..\Run: [f8yd1j2h1akwkah] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\chuxzwuwxcmt.exe
O4 - HKCU\..\Run: [f6yv1xn3gcxv3bbp4derqvuemu9t0yrpe5pqcxoopk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ybvbry77.exe
O4 - HKCU\..\Run: [f69ygohaijn5h8s4rirpfsd3g2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ud7yp1n3b9.exe
O4 - HKCU\..\Run: [f3q1g67t7zbi3bftlouuq5mksyhbiew] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\uytbt41.exe
O4 - HKCU\..\Run: [ey8b7vd45h45m9u3e56rb] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\axrltxjl2zg0.exe
O4 - HKCU\..\Run: [evxzte9enmj9oef4efk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kpvjhmx72.exe
O4 - HKCU\..\Run: [euuxrbv04yvuxmivitvz8v1n391grkdw6sghs5fajjlou] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\c7yaay3k9f0l.exe
O4 - HKCU\..\Run: [erfy6ouizodxw6p72k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\sjii69n.exe
O4 - HKCU\..\Run: [eor07bq1qvsz43995nqns4rhp55itl7bbhh8d3r8fxsil7d] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\muxvvedc99.exe
O4 - HKCU\..\Run: [egh4wxy10f2kxjksbiwenm371i4ur32lpa0l6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\r41kztaiu.exe
O4 - HKCU\..\Run: [efk4emyfmthzpiolcmtxt5dpc4js717hf7ed9z] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\uqcdmp.exe
O4 - HKCU\..\Run: [eed9daclevt98sded3n3dd1vwpau] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vtdlcpndhxo.exe
O4 - HKCU\..\Run: [ed8hdl4x9out6yh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\f3jfz7v.exe
O4 - HKCU\..\Run: [e9y68wln9q391sddd95yf2deg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\rfiwdzi1rl3.exe
O4 - HKCU\..\Run: [e8i41t8d97l7r539h31nxvwvk9eqs76z565g711dwl] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nv0d66trvxnp.exe
O4 - HKCU\..\Run: [e7cs6s7ukd9i9b67m7ljc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jrl4gnh.exe
O4 - HKCU\..\Run: [e6djm4qmg5v6vmryynfgvulnj3kwchvbc2ygr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cgqk0svvsqqb.exe
O4 - HKCU\..\Run: [e6bnxfdvoblh7vi57i] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tk3302unm64yb.exe
O4 - HKCU\..\Run: [e55vcad9dyexgu7u1sa7e6wfceu0g1l30vf850f5bc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\w4tqvyblrimcf.exe
O4 - HKCU\..\Run: [e4g3rmd4ll7dptw0vjavdgnr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\zoju7b92dulqj.exe
O4 - HKCU\..\Run: [e3g0myaaoojtmdowwhhljao6d24x18ry] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bff40pqpj.exe
O4 - HKCU\..\Run: [e2zq7uzdkb5t46gl3kd62kyzvabcsnayip] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\atupzbqf9ayj0.exe
O4 - HKCU\..\Run: [e2698rx0dlq36fv5jk6snnff2c6dt1ljl865ko] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cdlu6w3o9a.exe
O4 - HKCU\..\Run: [e1tym6z8syfsw5ma] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ddkcu7odvmgxn.exe
O4 - HKCU\..\Run: [e1klxd0r0rvsbqqpwv03m69k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mqpiepcezhaw.exe
O4 - HKCU\..\Run: [e05u0kdum1yd9l3tzrar2gm9mh6ypd7njadn17nid] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\irixvu.exe
O4 - HKCU\..\Run: [dxsv83esg69hrh0rcscflp3e6vma8pki82757qx] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\chfjfqu.exe
O4 - HKCU\..\Run: [dveh78r0r1094kqn7oysoo] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qr2ivyl.exe
O4 - HKCU\..\Run: [dv90wp29nlyo0axic3ah6qw] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dagqbv9indg.exe
O4 - HKCU\..\Run: [drrxrtkhhu2jwttmhrjhm7zlrtic1rtfjticfpq6f04] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\d4bvza0xyt.exe
O4 - HKCU\..\Run: [dr5l0qkbkes7lj226af] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\a8psi32cekww.exe
O4 - HKCU\..\Run: [dpy4rmx9obr8ek478wz3w0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jyxq4g8ej.exe
O4 - HKCU\..\Run: [dpnknqp28] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dje0s6k91.exe
O4 - HKCU\..\Run: [dm3tpdrsetf5946u160rgj3xs8fgsxkd2wsk42ybgjoo4jww] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\v00osnsbcqfb8.exe
O4 - HKCU\..\Run: [dkn3muvfv52kx5qf3ta8rp6d8] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bc8n7r6klf.exe
O4 - HKCU\..\Run: [dk9ccpkvff4672vyce5u0mg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\z482uqmftop84.exe
O4 - HKCU\..\Run: [di89m7zalm0wjn2tutst652cve0rs7ire4mqkzo4394] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wcgw4r.exe
O4 - HKCU\..\Run: [dfq5y84cc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\v82mgvbbcekm.exe
O4 - HKCU\..\Run: [ddwforh0cm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nwly21w21p9.exe
O4 - HKCU\..\Run: [dancjyh1sr5fhwp24tlbpogq9xbih77n8dww8uwe] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\r4c38t8jz5t.exe
O4 - HKCU\..\Run: [d9tkz9bazo3jbe4xu48zlgai0wf98o7y] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\to4wos2ap.exe
O4 - HKCU\..\Run: [d8zzirda92zayf3acxk25jadj99u2xpclajl7ooosdonpom] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wzanmh.exe
O4 - HKCU\..\Run: [d5tst8x5pn1kf26g] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\owreeb9jh2jh.exe
O4 - HKCU\..\Run: [ct1yfkckkefbuchpqmp3e] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bxuf2zt.exe
O4 - HKCU\..\Run: [cpu403ga3txep36yd255jav0qn5ldjmqcbupt8n75wc21c2k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nlgp20iv.exe
O4 - HKCU\..\Run: [cpkc2m0cd1snznw8tbx6bsponjnmu80b0gp4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\w6mjbtxjxpgs.exe
O4 - HKCU\..\Run: [co87c40k2ik45x25y2fcl510h6vg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bmhlbswd.exe
O4 - HKCU\..\Run: [cmywcr042n5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\n7d9fv.exe
O4 - HKCU\..\Run: [cmxeht376kz1tr5h] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\beoembifl71od.exe
O4 - HKCU\..\Run: [cm74a8u3nd26wznha13wmx8e3tfmy60iwati2z] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ca9g3syz.exe
O4 - HKCU\..\Run: [cgni06ktvdao3gae] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\crncjxj7jj36q.exe
O4 - HKCU\..\Run: [cecrvlsevbh6kf5dkij5j12tmoxwnqpiy4xyqvn8n1671y] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lvu5luwa9p.exe
O4 - HKCU\..\Run: [ccq7h9wdkzw65tu8inm165w7w2qdurzrar] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kau26fl1ef.exe
O4 - HKCU\..\Run: [cahy98kd4f807e2y6xsrb8] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tyq012r8h953.exe
O4 - HKCU\..\Run: [ca4gdayougc58m] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\d48upabti.exe
O4 - HKCU\..\Run: [c9lgci0lqqekw5e0uib6k5h92j] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\suz6tqtw9z.exe
O4 - HKCU\..\Run: [c88gf50vu5j91xgrjemt516qna] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pk6pmcvmsjqs.exe
O4 - HKCU\..\Run: [c80zc89e953hkw1f0h9xq8] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mz4ndyt.exe
O4 - HKCU\..\Run: [c4rsums6mpjwkbh9i35ldx8y3o67ql014z] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kw2il197.exe
O4 - HKCU\..\Run: [c425u3temeq073rn0uc771dkpz2t4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wjb76m6rw5yt.exe
O4 - HKCU\..\Run: [c3qfx5dpqldt6o728uf4xi1pgwqnma9i3ci9inzsm1cy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\av96pgxf11.exe
O4 - HKCU\..\Run: [c2kdprnry5hebjsfek8] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lxr0sycy68d.exe
O4 - HKCU\..\Run: [bwmkzflnum1k0tspbs8efgc4sct26cg96un2wb8f9xop1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ln7gc1tii.exe
O4 - HKCU\..\Run: [bvf2pdb0ghlwa5mspi9llde896fb66r56lgmnslpia] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bojysrzwe.exe
O4 - HKCU\..\Run: [bskykttqa2j2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pf06xulid3ib0.exe
O4 - HKCU\..\Run: [bphw5gitt832994ngo7gro0ok12sc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qhjthgdn6gg.exe
O4 - HKCU\..\Run: [bo8b8e3gkeglqzqsy5zml2o2whu93lktuqczslree] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m22v1yab2o9.exe
O4 - HKCU\..\Run: [bjpotp1qlegs898oxvh5rf8l6tqsew0yjaf2ygo1u3oftef9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dty1833pp2p.exe
O4 - HKCU\..\Run: [bfqfbpl2n3x1dolxq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vkalr9.exe
O4 - HKCU\..\Run: [bejujwtob3vbfum65hv1i9skvjkarq32a] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\rfd5v6hg8p66.exe
O4 - HKCU\..\Run: [bdw0qu7edw7y6vxtrs] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ug8jydwd3fg.exe
O4 - HKCU\..\Run: [bc8nrsq309p93g9zpkzi90deti3ffdsl3hd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yx0aspgmc.exe
O4 - HKCU\..\Run: [bbtz3f6vfr8cyt9am] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ji0dn6r52dpec.exe
O4 - HKCU\..\Run: [b98bogwmlwwxu8z4tjn4d49rnjd6dkkrzhjd8wwp3y7hocfbc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\oeoav2kcvc.exe
O4 - HKCU\..\Run: [b5wq1rlm8br2ls6irbfec7yuq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\hi6m5ybuxoljx.exe
O4 - HKCU\..\Run: [b5dl6tktxi16s7] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kroy8prmk1.exe
O4 - HKCU\..\Run: [b381sh7sqfw4c1vek0swoe4lop30j7xwiebnl5uhq01ld] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j6ovtagw8r.exe
O4 - HKCU\..\Run: [azwqis47mgzzzpbjhlpoxbp27wxh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\t7xquju1w5r.exe
O4 - HKCU\..\Run: [ayy0j6ol5azqnu3u6vpyzma454] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\hs1ainkrpmx.exe
O4 - HKCU\..\Run: [axy6k5vfqwk9c18tzj6hdspscbcg9daab6r] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\as81kge72zans.exe
O4 - HKCU\..\Run: [axssruixxmwi] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mpebmx8yqq7.exe
O4 - HKCU\..\Run: [auxkxp646vv] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\u8iep3g9xnb9o.exe
O4 - HKCU\..\Run: [asg7dxsdm2t91jaqe7thcd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vdashkemt3oj5.exe
O4 - HKCU\..\Run: [as9rgycub4jpbofm47gjha2dij3r] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qbldho993.exe
O4 - HKCU\..\Run: [arrfs9s8upmpaizfpyeepv60pvk5qoqfh4cer42hn4e8uw] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bx0wcgvkyf6g9.exe
O4 - HKCU\..\Run: [arik19ulnmhdqoicovh3sbtyi52spqa777d7jy302ogr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\iuxxq3gpwnct3.exe
O4 - HKCU\..\Run: [appba1pqttybtxu1o8pr5cc4qg7io98tozsqe5wvdja2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\n8ieq155mi0p.exe
O4 - HKCU\..\Run: [anto363rri8bg5bvu3cmxlz1fvim8kow3s9w] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ng2oslq2go9j9.exe
O4 - HKCU\..\Run: [alpepmfrngn] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xq33ntd.exe
O4 - HKCU\..\Run: [akievj8wha9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\id1dx2vhkwe.exe
O4 - HKCU\..\Run: [ajh8dl69ni] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xpttrumu3s34h.exe
O4 - HKCU\..\Run: [ahmo796i3sv2ee4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dt9khm1qugkwp.exe
O4 - HKCU\..\Run: [agyer1z9yx0ao8zpvgw857ud1kyq7] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j2xcjszjwg47.exe
O4 - HKCU\..\Run: [agb385sduc023szlbxsxed232px18sonfh5ww8qoilsul] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\beuseq15lkys2.exe
O4 - HKCU\..\Run: [afzrgu66irsy09bhkq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\z4x247ov7au.exe
O4 - HKCU\..\Run: [afvyy1vrip6deuiq76nykwmsk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m6zrvkmhvw.exe
O4 - HKCU\..\Run: [afu2vg3xx44mp13] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jswb8w42.exe
O4 - HKCU\..\Run: [af5bnhs82zaicr5a57wurve4re] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\eykfqmimqwx6p.exe
O4 - HKCU\..\Run: [ac64e3ep2s3qminjrfaw70vh6b002] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ajaoje7z2i3.exe
O4 - HKCU\..\Run: [a9ayhm11efj2w60r2f622kfzr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\np1oib.exe
O4 - HKCU\..\Run: [a7a3ikwd4nys34w7q5967zd3jizqu5ld736f] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\g85ahqaoq.exe
O4 - HKCU\..\Run: [a3zob4k4e72oc2xyjtuchk1y9tty6ynxrzqpee9og0q13wz] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\q2lqek.exe
O4 - HKCU\..\Run: [a3wczfhjwq7zwx1v46wd1gqy369yyxj5ugaq8qhjmkun3leh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dblijl0k8.exe
O4 - HKCU\..\Run: [a3jq3pz54jb8tlxsucfjim6wnthifcwdj98ehvm7jzfd9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qae0l3f.exe
O4 - S-1-5-18 Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dice.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn.xenoport.com/dana-cached/setup/...perSetupSP1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 55546 bytes

#7 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 23 March 2009 - 09:30 AM

Hello ovechkin,

I see Kaspersky Internet Security 2009 on your pc. Is it updated any running? If it does, did it warn you that you have infections, and ask you to allow it to quarantee them?

You are seriously infected. You need to be patient as this may take a while.
Because of the serious infections, i don't want to risk getting reinfected during the clean up process, so please remove UTorrent and any other P2P programs which excist on your pc.
----------------------------------------------
P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

UTorrent

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
See Clean/Infected P2P Programs here

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.
----------------------------------------------
Please download ATF cleaner
Make sure that all browser windows are closed. << Very importantDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
----------------------------------------------
Now i will explain in a few words what i want you to do, so we'll clean up "a 1st round" your HijackThis log.

I will post here a lot of lines i want you to fix. As there are too many, and i dont' want you to fix a good line which is in the middle of the bad lines, i will make red those you will have to fix, and black with a special note for those you will not have to fix.
So fix only the red lines.

As the lines are too many, and i have to make them red, this is going to be tiring for your eyes. So make it slowly, go away from the pc, for 5-10 minutes, to give chance to your eyes to get rest from red colour, and come back and continue, untill you are done with all the fixing.
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKCU\..\Run: [zxch7ko6ql72tzjt3bo3tq5nzscxkp4fbh8fl30fjggg2twgl] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m03zjvxx6koi.exe
O4 - HKCU\..\Run: [zvrgucryypsgh9jk8qer8wud26n7v2dqhy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\d2plm110h3.exe
O4 - HKCU\..\Run: [zsnat4hm8f3dj1le5fbsxd79hemak9wj1ixtacqvrmyk2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\o6qb3npsdmbe.exe
O4 - HKCU\..\Run: [zqbz9vh2pdfpgvg3punkl6dmcc7bwxt7n2pw0jpbf] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jh16khd4y.exe
O4 - HKCU\..\Run: [zpycqbf4pluivkxnduh47j953nal9n08dibx9wpxgyi1p] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\evczbhb.exe
O4 - HKCU\..\Run: [zp50e04nz81aiupg7f2leksouiyhi19yck8thzranv99] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qmuyv0v4x9.exe
O4 - HKCU\..\Run: [zkt0wn7hxrm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yshq28b8cc.exe
O4 - HKCU\..\Run: [zkagl91zvq1fjnev1i8rch] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\i6wkar4xc.exe
O4 - HKCU\..\Run: [zjufg2rao8tyjbvs05qaa0hexh9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yy0huy51.exe
O4 - HKCU\..\Run: [zfl7ensw7fpvpvwrkjwz7dmialmd9h3n] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\k1f65dvc.exe
O4 - HKCU\..\Run: [zfe2xm24ddpqcogfhe52lk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vefdylk5l5ai.exe
O4 - HKCU\..\Run: [zcafvhyuipidfdilp1g3flfov4dqj2ey3z] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kghbl4q56cs.exe
O4 - HKCU\..\Run: [z4u214qwfns6angoiabup906pk81ab5pcitmmwts8sr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ak2mmk.exe
O4 - HKCU\..\Run: [z4r8exams3btzx6qijloy08c] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\khah306muy.exe
O4 - HKCU\..\Run: [z3rl7ojvz7q8sg4tn1prxd38cassupk3287ys888onh95] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lzqwaipc2t.exe
O4 - HKCU\..\Run: [z0pi0vpsnurw3di5pvf8dwk5bhsafxq6rkl63] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ouchkuchwod.exe
O4 - HKCU\..\Run: [yu45kvzd2xv3tjek2qzm3] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\uzk1oiq1g6l.exe
O4 - HKCU\..\Run: [ysz5j01kcgl7lbgrqhi070p3soe6qtvqm83on3d8p9ri47729] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m210cs1.exe
O4 - HKCU\..\Run: [ypxt4scxhciw8bal4u7tmamknj1eii8y41i4t1ytvpqgh0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qk9yqs0.exe
O4 - HKCU\..\Run: [ykqz8a8hybt0fgzjqiq5ljxce2jp3525noed3if] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j79czrbmp.exe
O4 - HKCU\..\Run: [yhtva26xszn694] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\v7yj9qt.exe
O4 - HKCU\..\Run: [ygw18y99owr3ueuv0a] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\e8b6namt3af.exe
O4 - HKCU\..\Run: [yd5heg3tjfebcm5a] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nqzwzqf8o.exe
O4 - HKCU\..\Run: [ybo2il98r7xo7hqf3g87sc4lz4fd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mldihq0.exe
O4 - HKCU\..\Run: [yb5wh2hfwizfs] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mbgaa2u5fu1.exe


O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet << This is a good line do not fix it.

O4 - HKCU\..\Run: [ya7pixkcyr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\awkdhpkvrso.exe
O4 - HKCU\..\Run: [y7w2h0t4pzpjb360jqy3rdi910gupuzt1zffk6embkspmie] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\g0qohgslpt6ah.exe
O4 - HKCU\..\Run: [y5fpgpyuopnz9g72] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\h5i2qg9yl92ky.exe
O4 - HKCU\..\Run: [y4fybuba48f3oiqjytc9fghjp9tyu1ufm17ybuyec] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m1rtfdbl3.exe
O4 - HKCU\..\Run: [xzpt1a4i2xzahy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yp2ltd.exe
O4 - HKCU\..\Run: [xv13fjrywu2w5zji5iluoxx15oudc9v799ohidh2n] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jmo3p88ttzfh.exe
O4 - HKCU\..\Run: [xqc5aa1bfl6nb32yyjo7krhb60fgl2iqeua] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bh9xnlxkh.exe
O4 - HKCU\..\Run: [xmmduykcx3sx1xintk7or1dehjhq5npkhfoe8vp0a3q6ikpdm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\i1d0kazjcb.exe
O4 - HKCU\..\Run: [xm4zsmkt2i6xh3hec8rsivluqxsaj2dhfi6ce39tp39cfts] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\te1appdey83ur.exe
O4 - HKCU\..\Run: [xl9wf4fa3irthwuqikmucury] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lhnl9rowmhk.exe
O4 - HKCU\..\Run: [xiv6psriqihvha0fbmt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dk7u1al.exe
O4 - HKCU\..\Run: [xgjnwd31yi1eb24pgub6nh2d1k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\g6uqj03ehaqv.exe
O4 - HKCU\..\Run: [xfl34nvrj4tsztfoavqlynawi48r6ul] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\r65igwjhh4qv.exe
O4 - HKCU\..\Run: [xf5r2fmzid6fhfpu5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\elwvulxqeye77.exe
O4 - HKCU\..\Run: [xdlzs1awkbd95] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ygn98qlcr.exe
O4 - HKCU\..\Run: [xc6n4i30n0xmq6l3507usszct] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\b5dh1rxxjrm.exe
O4 - HKCU\..\Run: [xbg9z1l0nfa54s5zsu5wi4hihv6stgmg4su] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jncd353rg9.exe
O4 - HKCU\..\Run: [xbammyts1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cdss3l.exe
O4 - HKCU\..\Run: [x86k07n5ao3uj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\q1un7f2llodl.exe
O4 - HKCU\..\Run: [wwgb2yjnopgr9lrhrhz4s9by2v428wgv677z9ki8t4m93ph7j] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\enpa2o.exe
O4 - HKCU\..\Run: [wv0dsr6anzqz7e52s68736xadwpiz7ptdh5l2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\frp0ocbd.exe
O4 - HKCU\..\Run: [wti1xb9xdyxa6il6y91634m0ikte4lsfdii09zda0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j5jfpc1n1yfu.exe
O4 - HKCU\..\Run: [wtbyz1bop124j4de] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\sfhpijyqlcw.exe
O4 - HKCU\..\Run: [ws01v4x334qbr867snuk5phaklc6vg0v1y38gy54rffblmd5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\biuq9km4fer1q.exe
O4 - HKCU\..\Run: [wraz6qw4a5wcumkw3bm5qansyyws2pzo2uaucxpupgibp1w] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wayy0rs7yax2.exe
O4 - HKCU\..\Run: [wr0kfwtbwwxjsra7m7b6pw2lw9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kfdmfwqyx.exe
O4 - HKCU\..\Run: [wk2gvbw737am4sc813x089] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\i76rmgz.exe
O4 - HKCU\..\Run: [wjhfu5w568f9amoxhmg9guafvesqsbzwom1dne761hvrg30e29] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bjuxstsj0rz2.exe
O4 - HKCU\..\Run: [whjkbltl960gdh92xng4po] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vd4sq3c.exe
O4 - HKCU\..\Run: [wgtuyrld8zxry1yuxbhif0j06k6l0dw8grlmxmmyh9j] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\eq4fbj43so.exe
O4 - HKCU\..\Run: [wgj4d7l3n33lgui] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\z1p3pl0843vdi.exe
O4 - HKCU\..\Run: [wfuvsj2yvqdkpt7y55jj6o926503glm0p9x31wd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\clfq1hy69fdrm.exe
O4 - HKCU\..\Run: [wd4756vrzaxnngmhh1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kgot75uen6.exe
O4 - HKCU\..\Run: [wco7n3olj34gw5x8qxq88tduoh4pj9w] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jag8odd0r7pf7.exe
O4 - HKCU\..\Run: [w89gy0z4gwqj2s9ovj5ggj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vtzh4zrzsxbiq.exe
O4 - HKCU\..\Run: [w4pu67dtbct] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\byg3hu5.exe
O4 - HKCU\..\Run: [w38rnrlhk0kur2dtlv1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\imz9y4lp1d4hj.exe
O4 - HKCU\..\Run: [vu29k5t689uyvtivynvpx6c6elcjttjo3s50ct] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\szqtsqjgzurbw.exe
O4 - HKCU\..\Run: [vs05jaj96nk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\odlucq82.exe
O4 - HKCU\..\Run: [vp85ru39p0omofu8j7qvy5s3sxd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wsulintptoik.exe
O4 - HKCU\..\Run: [votli4viamg0t65qw85a9bj590ndv0z5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\e9mdfjq9t1ik.exe
O4 - HKCU\..\Run: [vnmky79kqta9s1qsptj9dbvz1k9cfbwb5lshtbswaxh41klbc1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\d64xem3byk2oc.exe
O4 - HKCU\..\Run: [vmrxlsre3kmnd2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mszdsndva.exe
O4 - HKCU\..\Run: [vgqrb9t2eckih4xxz07nf7] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\eyhejj8zz94.exe
O4 - HKCU\..\Run: [vdc2ot2za2bdt3b2slnz6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pt40zb.exe
O4 - HKCU\..\Run: [vaf8wy60htm4u] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vvswv2.exe
O4 - HKCU\..\Run: [v8suocvbq0yemro3h4bevm5mdsx5wl638l9db1c4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dpdr6izfdz.exe
O4 - HKCU\..\Run: [v7te9fhelwpmgdjzew3iaq17l9vmjd19058ykn] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\x4w14h24.exe
O4 - HKCU\..\Run: [v6l2rr6k5i6xw0isqxfkydu0zy3qv19p7l] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\elsfeks0zxk6u.exe
O4 - HKCU\..\Run: [v2hssm8vfvpdn8q4z86pj0bpnw04b] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pg5guaggfjoo.exe
O4 - HKCU\..\Run: [v06lc48u6nsat6jvmfs9m9k31urykjmaswwa04zih4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lzdgjx9w.exe
O4 - HKCU\..\Run: [uxujn3mlaqdg8g05udexirn4ehow5wx88k6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\b168zpgssmwt3.exe
O4 - HKCU\..\Run: [uxkzb6mnlawat7z8zxbtr3rov917l6j2e14b55efj1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\a920lsmikda.exe
O4 - HKCU\..\Run: [uvx4gxrdwgwd9n273y7zo3ww3cnj5lv6ho0y6yqvsox4b] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\r3qd71n2.exe
O4 - HKCU\..\Run: [usgpwpnzb56bfqr42nx6p4hmvljbs0mpaia874g10000vo0y] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\hghpkdb.exe
O4 - HKCU\..\Run: [us2sez9wi1msx12y5x7bc6o] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\df5qfoneb3a5.exe
O4 - HKCU\..\Run: [urywt2pu11ba5wjw4eyjveiewuf63ugqldt65h8upscguq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kvpaicp1s.exe
O4 - HKCU\..\Run: [ury0bthohloblk209oodfys92bgfc3eb] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\re9op8mq8dwm6.exe
O4 - HKCU\..\Run: [urkcz7x6abwdtqp51w6ktxcmjw40mbqot4xikauhhcerbkh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nqodq7h.exe
O4 - HKCU\..\Run: [uqn7xmlmmlmlmpswy9vdtzlr35jucu8jc127bxj6djvsjpoy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\eaflnd.exe
O4 - HKCU\..\Run: [upr1wuqxmou82uwmm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\d7x5mz8.exe
O4 - HKCU\..\Run: [ujqn4rxa9cwn1z4j2qt53] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yimsx2qpm9.exe
O4 - HKCU\..\Run: [ugcu06xnin41lekkwg8my2of6olazuwn7fm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ng8522sibae.exe
O4 - HKCU\..\Run: [ugb9r1yd5kvfw35b5uygah6g7hjl1w5ib2you4h2j] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tghmu86pv.exe
O4 - HKCU\..\Run: [ug7qq28ymnekg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ue7j70xktjzzc.exe
O4 - HKCU\..\Run: [ubsgotwcpnuh9o4fdg0qjbvmhu0nsgj6wbpcn3fzlvntetf5g3] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mv82nnhszhx.exe
O4 - HKCU\..\Run: [u8zsc06g9sj01331qp38kvqkrim9tfhjad4o] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wzg0ppg7nc.exe
O4 - HKCU\..\Run: [u4dyo3il55h04mn2fuhl4vnelimh66oyvh7d4hil7ybkqj0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\evacgai945ioz.exe
O4 - HKCU\..\Run: [u2h45ipvuevjdjbxhvv5xw6y8l79frkrnzxk7ma5fbz1no] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\estjsvv.exe
O4 - HKCU\..\Run: [u2clrg4o7hh44mrgma27d5w9po66ovjdxezjjzv8equm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tweibxxk41hu.exe
O4 - HKCU\..\Run: [u172hzp6r0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m1g753h3vdl.exe
O4 - HKCU\..\Run: [tyci5q0zvem7mf] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gzlhgoq4uo.exe
O4 - HKCU\..\Run: [tyc6f4c434mc4zki6tgy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bz4ut24j.exe
O4 - HKCU\..\Run: [txh544um5w3f1jrf7ns7vt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fcfpi729ulq.exe
O4 - HKCU\..\Run: [ttqgxh6g66psmqadllqm6qf2cmbfeprerlfrfa10jjcw27xieh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\uwsctzm4r.exe
O4 - HKCU\..\Run: [tnxritnkvu9b80jynp] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tvf8oh42g392.exe
O4 - HKCU\..\Run: [tm2tz10dh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gm488e1e.exe
O4 - HKCU\..\Run: [tlz1radp29j9v28zyvdux7n14cyt2w6q8nzudofoend1qsh3v] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j4rh5608s.exe
O4 - HKCU\..\Run: [tblpu9c87znyar2pzjq5mvs3lxsy4paav9snqsuxxj4ey16gkx] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bl6e2j9.exe
O4 - HKCU\..\Run: [t8jo8q0a8em2k5uw] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\q499gay0.exe
O4 - HKCU\..\Run: [t81yom53ke2gxnpj68up6dxdk96ao] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vbvpz9.exe
O4 - HKCU\..\Run: [t5k673rmfyl4d31f47750z6e] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\stv5v7e.exe
O4 - HKCU\..\Run: [t5dyzx89dmvk9wrpk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tuyn6iu4f.exe
O4 - HKCU\..\Run: [t36v1572zyedc1i19dxp6jwnmbxn99x3h0uqx13rq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qa8jfcree.exe
O4 - HKCU\..\Run: [t122kog96q3z7] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\c6n3ipz4jox.exe
O4 - HKCU\..\Run: [t0l2x91toron32n463boxmxlbo97gzlg19wmbb613zv5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\myc76if6qqx6o.exe
O4 - HKCU\..\Run: [sz8nltvtngvlhjpqq41hs3bmcehnwfa3r] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\meqwkeuz166.exe
O4 - HKCU\..\Run: [sxfus7hjstzoz789v3vh9986rtrn2t1mtyzc3972zt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wiwnz3t.exe
O4 - HKCU\..\Run: [ss9265hglc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\se6iqabavl.exe
O4 - HKCU\..\Run: [sj6qic09k83dejktxha30] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\t32vbdylji.exe
O4 - HKCU\..\Run: [sgeh9jubvi7pl43p18yj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wafe4mz9.exe
O4 - HKCU\..\Run: [scu6biyvcvci9iizzvkrdla126u5g] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mp3bwxax4.exe
O4 - HKCU\..\Run: [sbo2phcuzchfcb3b6kok] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vj4xyjaig.exe
O4 - HKCU\..\Run: [s6c33vgt2evnw1ml6wqpcutd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m3k8ngm0lc.exe
O4 - HKCU\..\Run: [s5scjc96i6htj213v2fc0tjyvvj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\amea2q5dt83r8.exe
O4 - HKCU\..\Run: [s54jhvnjb8xx0e3nv6hcj66i9r] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nzm9rsowj.exe
O4 - HKCU\..\Run: [rviqry091cor9niehdg6le9hpmiust7fyo64475uxasre] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ippegifojeu.exe
O4 - HKCU\..\Run: [rvchu34bg48] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\byrmqu3dw.exe
O4 - HKCU\..\Run: [rucig5b2t7lj86ajao9aaurpb5s912b] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nm2fkskck14.exe
O4 - HKCU\..\Run: [rtvbhjezc1lrdu2uzyqkc5va9d0ai] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\b7pzrfalwzr.exe
O4 - HKCU\..\Run: [rqmabhzc47nzy5fw7sya9z64vmqi0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\n9mqv0500mvah.exe
O4 - HKCU\..\Run: [rnkxt4r24teqkfkrevc9bqnur7d5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\x0d726b.exe
O4 - HKCU\..\Run: [rkftyk2kzyrqwepqreyqx5azeihl0im6kxdwdpjnh4cy5fftcb] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dmtmk1goee6nx.exe
O4 - HKCU\..\Run: [rj81juyrqkxs81wm4561uxafms] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qjcdmo5u5.exe
O4 - HKCU\..\Run: [rehzuaio7ve] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qdt5uybk1qe.exe
O4 - HKCU\..\Run: [rdk10kotqeidsikg26j219w35m91it4wvue3x3] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yqkhfvriiwsoh.exe
O4 - HKCU\..\Run: [rcnljcjjyrzl6srw0a2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jm9qkf.exe
O4 - HKCU\..\Run: [rc9vck6bznk2d8uf] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tztnksaz.exe
O4 - HKCU\..\Run: [rbqdxlbt5g3ca905r8cqlidhwp2y6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wew3c1j17b0no.exe
O4 - HKCU\..\Run: [rayfri5ognfn2vjplz0rncah7tdkvh2jsbyho8y6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fb4iqyft4d.exe
O4 - HKCU\..\Run: [r8o50mpcxwrz8gpnqk1meq0j9nu4n4v6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\l1jd4i.exe
O4 - HKCU\..\Run: [r0v9y4lxrzex5x7ukq1twf0im8z3rbroj6sys] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\upphi29.exe
O4 - HKCU\..\Run: [qzisydas45jewo] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\c7st47.exe
O4 - HKCU\..\Run: [qzcfbbs6jghacophwroxuyq7bs4if1cho47tafxg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\sjt1wslxt.exe
O4 - HKCU\..\Run: [qy2q0nu7y] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cchu0frysfn.exe
O4 - HKCU\..\Run: [qxp7b8s258ebdgnfngmf9s] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\oe1k3183bm2lu.exe
O4 - HKCU\..\Run: [qxcyw8bxre9sbanvv87a3iioog2p15cw7kiib40io2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\eyrl3gx9rei.exe
O4 - HKCU\..\Run: [qv5af8f6uldxtd05ifzuqfmbw942kl22xzacogjo] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\i906t32b3kq.exe
O4 - HKCU\..\Run: [qldsv37ow7cdqzm45kf6ibapkxpfem9s70pyx4tvh1bhtd2h] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dhtu70ovfq9.exe
O4 - HKCU\..\Run: [qjoedeywtlygpwtto53nwzw2jfbpdu9jg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ri40mysxx6r.exe
O4 - HKCU\..\Run: [qgp5h5tbp1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ccbd9fp347qkt.exe
O4 - HKCU\..\Run: [qggxgckvf4nmbshvb3op7eo4wo] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\rmm9ej73tpc.exe
O4 - HKCU\..\Run: [qf9031a2klbwr2e21wexq73mp6femp8qos01lfs8bpq4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\rcz9hmbbqvgr.exe
O4 - HKCU\..\Run: [qc32t1jle9aomq199hmh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\v3fpbnx50.exe
O4 - HKCU\..\Run: [q65qw51yoe20dvna92p7m4to7im3f3j5zmpnzfurjad] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pfn3p9lrdvpih.exe
O4 - HKCU\..\Run: [q5ruwxt54hxbg3cv0fzlro62ameh9cf] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ptr5ri2.exe
O4 - HKCU\..\Run: [q51f7s47cf08czy4h9jio2aw9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lgg4qo6d03l.exe
O4 - HKCU\..\Run: [pyqb77wjnsdrw0r5vh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\futmoo98y8.exe
O4 - HKCU\..\Run: [pwvejc2o70fmh4u10aca79r5kx2q3pa1i0ilnc5dtxb1s] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\aja1c5fj7.exe
O4 - HKCU\..\Run: [pwl7a1iikklcy7csppqpf] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jwtsnu.exe
O4 - HKCU\..\Run: [pvajdtpcvorvtja] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\t8lk7i8p.exe
O4 - HKCU\..\Run: [pt1nte4mar0y1xn] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\n2c9v1k3kn.exe
O4 - HKCU\..\Run: [pn2bl1ld0zpwnh3is65] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\f2f3d867ana.exe
O4 - HKCU\..\Run: [pjihnryhyio4n5amao65ngpsnngamytgbzdxlzp8004dv4k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qzqljk1.exe
O4 - HKCU\..\Run: [pf2c7upwzki5iyaakbpytudpy7pms1yc1dzak88gh663gh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xg9ejsqzm.exe
O4 - HKCU\..\Run: [pdq1zgwcukcm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vaadczkxipl.exe
O4 - HKCU\..\Run: [pb3kqsi74al1uc5vsvqu6vu3z7rzrniukht3u9ldao2kj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\sye1bsks.exe
O4 - HKCU\..\Run: [pacbeyn26n96o7r4wj5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ki3ofpio.exe
O4 - HKCU\..\Run: [p3sgrtzu4ecu983kdsair2alfojnv1tj0w] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xkaq1d.exe
O4 - HKCU\..\Run: [p2f3xq0jf8c0euy36] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\p4by1u.exe
O4 - HKCU\..\Run: [p2b79zudkz09gf6t4ljfmmlfidi21oz9bq2h] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jw4bddeg.exe
O4 - HKCU\..\Run: [p188zl6oftv188sxxt5wljp4ftd2yp4pm1act4a] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mx10eqbqhzun.exe
O4 - HKCU\..\Run: [p1469xx0uz0g29fi51iixckhoj67wt2h934fuz1ppcbh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\me1wtxsj6k15q.exe
O4 - HKCU\..\Run: [p004ab30izva396071o0ie] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\a1ye84.exe
O4 - HKCU\..\Run: [owuldoq6zxwow36n] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xkgqsdjwyvlq.exe
O4 - HKCU\..\Run: [ovw1lyiwk2o21uh5p0upt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fkrzp9ggy8lq.exe
O4 - HKCU\..\Run: [omywt52vcy85ngfnh7w5hx1mjxuvoa56xqcq985942] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\l60wjjh.exe
O4 - HKCU\..\Run: [omx1wdaob4zqggucyw801q8o] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nxfuwb0a4.exe
O4 - HKCU\..\Run: [omvyj03rbh0qy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kvmp4qe.exe
O4 - HKCU\..\Run: [om9986f4rnq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ts1sievg.exe
O4 - HKCU\..\Run: [om3edos6eq0c9cyrvtmca] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pa92yucf4n.exe
O4 - HKCU\..\Run: [okkn141y5kgxj1stwve5lyvb5l6qvdlx5m4v6p2znrfnwv] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lzkymyw.exe
O4 - HKCU\..\Run: [ogbi0iqcmn] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\s1051rbo.exe
O4 - HKCU\..\Run: [og0r6ffchwcuiur8uunbb0ow8kn86rw9sa3xiwrc9ou] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\zsrqoja0n35.exe
O4 - HKCU\..\Run: [ob4v8mu0dqe81y9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\r9vnyadxz5.exe
O4 - HKCU\..\Run: [o65q4a1df9hrxini7xwg8pwa06c] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gz8bcy.exe
O4 - HKCU\..\Run: [nxryvpgy3i1qogk8q6ei594a0n] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\e4bo39b.exe
O4 - HKCU\..\Run: [nxibdprqfukv] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nl5t09ta.exe
O4 - HKCU\..\Run: [nroz403r1kl21b9e9u641934m] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pxmpq0dp.exe
O4 - HKCU\..\Run: [nptjxtc0bt6yovymd86xeigv0ie2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gv748z.exe
O4 - HKCU\..\Run: [nncte3dfq4tlaap0org7gq0myfmzv9kp7j] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\n0ug56wp0fvyf.exe
O4 - HKCU\..\Run: [nmxdhqbiexgzdx9pj9o8tevjiihggmbe0x] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fhtqs5.exe
O4 - HKCU\..\Run: [nmwjayhatjhosl6qoi2y] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bn3o5bpe7.exe
O4 - HKCU\..\Run: [nmo7p9lwe78llfw9np056ymcc210k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qvb98gzci2f1.exe
O4 - HKCU\..\Run: [nmmpfclij6ttz919wm9zodm34ako30r4sasjhk6ps2k2wa4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fvgmuqcw.exe
O4 - HKCU\..\Run: [nl9ng2dmgt0zq678hqwgrqma4pippmlxly] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yc315cfwiwf1.exe
O4 - HKCU\..\Run: [nkwkc0g0950fllmtf9tyfpzdfzciqn] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\v105tt1mwv.exe
O4 - HKCU\..\Run: [nkhq10jzlshiv5rddgczizurv] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\auigbj.exe
O4 - HKCU\..\Run: [nhv90iv1yar71jv0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\d5t7mdzvptzm.exe
O4 - HKCU\..\Run: [nh35zldcztjajkrsbmjxhvlbn4kk3gp7vbf06jfc5rleeu7zxd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\secihrd9.exe
O4 - HKCU\..\Run: [n62j5ykikmwelslt0grc7duqn76a29grvxjtruaudie] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\usa31x7fv.exe
O4 - HKCU\..\Run: [n3i16nhts5ptpvx4uagwbjs3ai] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\trj1xnyp2pi73.exe
O4 - HKCU\..\Run: [mtfogihriine7karwa5nkjzxpvb819h7cbor655my] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nzx90smxo5m.exe


O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background << This is a good line do not fix it.

O4 - HKCU\..\Run: [mqzbewtchy3bcdxahjr36gz] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ks16bebbq.exe
O4 - HKCU\..\Run: [mp851o3r9hydm3euicij4291lromydfbyj5lstrpco] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ic78tfd1qc.exe
O4 - HKCU\..\Run: [mp7swwkmp9al5sgqh77aupydnglvxtshiwvd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\hz2sv4ub9kwt.exe
O4 - HKCU\..\Run: [mhxuvftymiabff1vmn442pdvc62wt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xh2amrta.exe
O4 - HKCU\..\Run: [mgxo8n55u8pnzrvtigy9nry7] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\awmes5h47.exe
O4 - HKCU\..\Run: [mfpi3ksqbukbsksy0o54371q07bq8m] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tr6ybz7.exe
O4 - HKCU\..\Run: [mdv4igwsm7] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\h2xxq4b3d0j.exe
O4 - HKCU\..\Run: [mds1xerusvnfgu86iw5bcie5rh6dp6voj73] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\u49logxe.exe
O4 - HKCU\..\Run: [m7q3rsf7h6w4e5eb5ahqjplg36q8y8bnmp9oya5a0q4a2dutnd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mqeio6edu3.exe
O4 - HKCU\..\Run: [m4ud1495cy0bvq07egk7el] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\c7nr1f5jn1.exe
O4 - HKCU\..\Run: [lyxur5s5dmcznk4lfhm1zmonf4ox95] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jwaogl7zxc44.exe
O4 - HKCU\..\Run: [lsknx97qg6qweg0e3yho1em00qwe] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cqwnf8adqa.exe
O4 - HKCU\..\Run: [lrv6fmd510ase7qpyhykvm1yk5h5exbc5c4qcso0bhj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ks5mrfx1o.exe
O4 - HKCU\..\Run: [lpu9hxiqf5r5pnt86fzoqgn9k2dw03zxlsdy5t] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cncz7uiw3v.exe
O4 - HKCU\..\Run: [lirkja3p68n4nyf0qllswr4yi4qcu4wrwc6cyowcr2igovchz] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\y5lyq2m5njn5.exe
O4 - HKCU\..\Run: [l4gqg1hbdmz69pte0vkcte0cemgy5qrpmwevtq492] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mn6xptu9.exe
O4 - HKCU\..\Run: [l2b876tqe54rvqgtbtxcjgrs5ba3ungeerxr83d2kohlwqzj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\e33zzkn0qwk0.exe
O4 - HKCU\..\Run: [kx515701zf3] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bb46i9gyrw.exe
O4 - HKCU\..\Run: [kw7za4vs1rdcaix] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mnhgytsat7.exe
O4 - HKCU\..\Run: [kp7mvl9on1p8vcdzssns8kaoupir103lsv2boc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dfoojl.exe
O4 - HKCU\..\Run: [kp7arpfbvzxrr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\in9jb3c.exe
O4 - HKCU\..\Run: [ko1mgg37p6m5s1fg0jk24qul5uv6okylw7ax7038g] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\om0nhn5.exe
O4 - HKCU\..\Run: [kmb864rkmlinsv4dvtdfjk1nswy5srn8zklipxvok13yppmnz] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\eqyfk22neh11.exe
O4 - HKCU\..\Run: [klft6gfqwxjwozqfv6wwqtw4c] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\izkn0ou61v4c.exe
O4 - HKCU\..\Run: [kj2zwyherscv8nvxgrwv4ty] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\w3eitz.exe
O4 - HKCU\..\Run: [khvd173xzixpw7nvfl] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\agk010djkhde7.exe
O4 - HKCU\..\Run: [kh0d3tay4e45l68p7fwfa4lj72mbhrvtyd54ccndsnqu] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ii9x62sspt.exe
O4 - HKCU\..\Run: [kepc71uwym4gbv6qf68e0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jhu0q85volx.exe
O4 - HKCU\..\Run: [kcosqxonpys9hkd1w7j5qfno1fwh8lb8won2cx2jv3gbysm15d] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pyynnzsim9.exe
O4 - HKCU\..\Run: [k9c86fu4e52c1jgrh3qdglp4gl2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m9cvtg26.exe
O4 - HKCU\..\Run: [k3xt63slnvwpx1u5ovls7uoltjl9ny] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\otv7qwh2zj.exe
O4 - HKCU\..\Run: [k1yag37q23gwtv1kmdamggn8xk79i6wr7kqox5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\c7no0o.exe
O4 - HKCU\..\Run: [k0ds56ypxkfkvpukj8kxka1ab69po76w3nof] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vl1s5nq6we.exe
O4 - HKCU\..\Run: [jyr3dx6wp1aeqxw6rha] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vgi8wplswa6.exe
O4 - HKCU\..\Run: [jyel17b26p0axqi3tzntey163] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pddoh6atvdsn.exe
O4 - HKCU\..\Run: [jyde7yaa26kj5hg426en4cw7hxecjmk0zb58] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ucj4cj9fezig5.exe
O4 - HKCU\..\Run: [jy63wu99q8pwszig7neraugt31s8pyz] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qsum5567pd.exe
O4 - HKCU\..\Run: [jxc09j7c22sfgya6uagcyionw051jix95s] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\socl599b.exe
O4 - HKCU\..\Run: [jwz8sy5v5pz998w793rvch7pkrltg0e885rr3m6calmahdy6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gp3n6g.exe
O4 - HKCU\..\Run: [juof062ou7h57joq07l35mdsgntf135zx5mj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gaeltnkt82j.exe
O4 - HKCU\..\Run: [juf7hol0noi6koiylpbiiptok0bwl2zfeaszsjjwu3] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j8fqo8h.exe
O4 - HKCU\..\Run: [ju4q2emc62x0nelizyu8cvcchth7ugqzopjz49ryee4ib] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nmgwl9o.exe
O4 - HKCU\..\Run: [jtlncxl7qsjd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\c6cmv3ac2nc8.exe
O4 - HKCU\..\Run: [jqscdd2bdrjit] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fhtuge31.exe
O4 - HKCU\..\Run: [jo50yz15uzn7ijk7d0g4h7s5hokfs06omzk5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lrlv8xpaa3ajr.exe
O4 - HKCU\..\Run: [jmd2e3i17ii3n3p9rs03bg38ohgknd11hl5gn7v9prv4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fz3z9g9n89b8u.exe
O4 - HKCU\..\Run: [jhpa7ox99cgrwyp7x7vfaiftqf3kge7lb03dhgb] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ddumpffn57n.exe
O4 - HKCU\..\Run: [jhjfryaogobatkvr7urlyvit7mo043tn3a] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jalrnw921.exe
O4 - HKCU\..\Run: [jhja6r1eool8psbtmvr3bdpff3l9qt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dbnhn38pykpi.exe
O4 - HKCU\..\Run: [jej1eg707altmk427l5fzdvk02zdeel] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\q75bqkbpzalh1.exe
O4 - HKCU\..\Run: [j89eeayrxtm293r9tftuww8lfh8woodqzfo4humc6w] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\b42a9itha0.exe
O4 - HKCU\..\Run: [j1hhghwv4la9zovlyo0qj87vb9ff28qqjc5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\l9m668p463d7.exe
O4 - HKCU\..\Run: [j12z10zbbj6ersc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\f89dvyykje0.exe
O4 - HKCU\..\Run: [j10jce76ectny57u0vqf27sfzlaqgyafp2qo5oh6wx6d] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qnimp6u4w7nsk.exe
O4 - HKCU\..\Run: [iym3z5xz4r3l50p4gvd5n] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\o484ss3tkli.exe
O4 - HKCU\..\Run: [ixv3n2pe14275p17wehu94mzczflzo0l8yvaj] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ey8177x.exe
O4 - HKCU\..\Run: [ivnxax4wv0bo1757gtgas537kn01asjbe6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mubeisqjn.exe
O4 - HKCU\..\Run: [ist7ttgz57c8np2zj9e0zan4mcjsn4jwn291ccnbefrn4k6gov] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\k40sopt7o5.exe
O4 - HKCU\..\Run: [ip67maa6ukr5wp] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\y3j1kwa.exe
O4 - HKCU\..\Run: [inpuq8xoerdteaqkdnu] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ayu8cnlc.exe
O4 - HKCU\..\Run: [inbjy1e92ex5wzodtstfs5hs4q05m3oqods4zy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\igrifgpg2.exe
O4 - HKCU\..\Run: [ikrh4s2ksh22j6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pdj586csqz.exe
O4 - HKCU\..\Run: [igye0cr820cjmg0boxzgoz9jly7anezuvvvg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\l0651t8.exe
O4 - HKCU\..\Run: [igmkoekvg8x3b8dkf9a8s3] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gm9r7xxz8tt4.exe
O4 - HKCU\..\Run: [ifpfkoqsi7qu3pngen3tfuguwvucb] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xijy50z.exe
O4 - HKCU\..\Run: [icfw29ex0dj4g50x1h3y4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kj6byfkfk301p.exe
O4 - HKCU\..\Run: [ib16j2bc3x3kz1pui7pyyz8iv79j00] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\rrhqstnyvib.exe
O4 - HKCU\..\Run: [ia3zkge95rmsn6h57h6rhrc3tf0k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fv4tggdo7zy.exe
O4 - HKCU\..\Run: [i5kp9bqt64jwor2g0t7x61f] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lax9r8k4ghn.exe
O4 - HKCU\..\Run: [i2kspf3dw42qke69tllx1qrq9qvjm9eo] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\r78yde17i3r.exe
O4 - HKCU\..\Run: [hy7lqbgltqq0ktf33vem7ggd7pkwavp0akbk77hj0u99jxp8] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\s45j6wod.exe
O4 - HKCU\..\Run: [hx33yow3yiqeawgjlqkgoc3hfbyj3ol0u47jpneuho343gaen] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\w9b5gzht.exe
O4 - HKCU\..\Run: [hw031rw0kwt84k4ps5ndpvf9v21n90txc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\gvucaw.exe
O4 - HKCU\..\Run: [hv04rar0m1na] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\y02vhlhrn00bv.exe
O4 - HKCU\..\Run: [hs04d94pxx] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wdd39mo5.exe
O4 - HKCU\..\Run: [hozy3n6qjpokunfmhggeer22uzkg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\oee7oribi.exe
O4 - HKCU\..\Run: [hlaap6on2gwvl5t0em8pe5m] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nndmc17sas7g.exe
O4 - HKCU\..\Run: [hkscaljekwfcihxc3sst8ladpowae41awj7fm64nc1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\es8db5d2fgyfm.exe
O4 - HKCU\..\Run: [hfysht71b] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cs0lwujcdrttx.exe
O4 - HKCU\..\Run: [hfrx33uyr02ilmfir2x9k21746t7vdxllx3smp2qz4yn7b4j5n] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\g0wo8guk3fb.exe
O4 - HKCU\..\Run: [helpsroa0cgako74kwqd9ijjxkb7t2di1skw] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lxspc7zr4j4.exe
O4 - HKCU\..\Run: [hdzw2hnmcl02srjy328j] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\u0fk7y4e75.exe
O4 - HKCU\..\Run: [h8xzve7g7s7i47u0hlor0qh39tinnxgb8ydospo1od9zq0nsxt] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\swytb29ez0.exe
O4 - HKCU\..\Run: [h855t4alof6wf12ye5xt84kx] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\g0l5zxw0y.exe
O4 - HKCU\..\Run: [h5qru8egv5dps61xfkyxqdtuj18osrac4a488qkjt48mtnq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\t2lcfbxw62.exe
O4 - HKCU\..\Run: [h4k80byckg8bv8r53fi7e3klmemu8ly6urmvffzdy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\zw6jgn.exe
O4 - HKCU\..\Run: [h2u1418e7ehf986c7q1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jju4bko2z0.exe
O4 - HKCU\..\Run: [h2nonuzl93qwqavmje9v4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\zl4a5x2pqq7b.exe
O4 - HKCU\..\Run: [gv79liwx9jsfct6vny2c6hjzg9zh5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\y113gfo9frun9.exe
O4 - HKCU\..\Run: [gs6d9zq9uuk78eai5phkwsv82j7wn5yeeeywogmc1p8c4ece] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kclg32z9gcrum.exe
O4 - HKCU\..\Run: [goa2basfhpjvbjjt6eyyal7cplwtr610cip1zwmu2u4wue8] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\o1y65q.exe
O4 - HKCU\..\Run: [glvmuyqz6ye35brd6sl4mu4m1q05] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vavn8p17g.exe
O4 - HKCU\..\Run: [gkvnhy6wazw430lcmisqcdiip81k0pi9sug3xzy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\avy1o8.exe
O4 - HKCU\..\Run: [gjiy9rhoslpm7lfwztaaugmjkwcmk8ihnmsmnqsia] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lm2bzv.exe
O4 - HKCU\..\Run: [gf8l5gpvxcifepoa] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vyw526sr0x.exe
O4 - HKCU\..\Run: [gcf6vz6g4l2hfyopcck1vlx39tp] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j9akvn5m.exe
O4 - HKCU\..\Run: [g15k8q7igejdh5gnwvp30374nepsus98895xy6phmjfy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\y9if50h1rn.exe
O4 - HKCU\..\Run: [fzyjglutvpac9rg8qkh95a3kbq3en1ppgdi01i0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vfe7y66l.exe
O4 - HKCU\..\Run: [fyenkoltiag3t] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vjt09a8fxgj.exe
O4 - HKCU\..\Run: [fwt8zq70z6zndvhkonqtjgnok] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ir7x5ukierzz.exe
O4 - HKCU\..\Run: [fvdtvojtexa86o44zrj9tvlah2yap5xpvwi56psezf2k47n1h] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cdbfrxzg.exe
O4 - HKCU\..\Run: [fv5p84zrde3njmoe39fh4nra8tqiygdmc5b41q4fcx5hoyqsbr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\f4s09ez03v.exe
O4 - HKCU\..\Run: [fp7w4c1iqfun9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\epao657pcx5ai.exe
O4 - HKCU\..\Run: [fp2hgibjq4ozuc700bsgal48oobb] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ltkbkmtxx.exe
O4 - HKCU\..\Run: [focmgies651bjs8yaxtdhle60uml0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m6s722t6.exe
O4 - HKCU\..\Run: [fj5ozlp1ljpbiiw7emqt30ry5qz67] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\psrsw3f.exe
O4 - HKCU\..\Run: [fj3gwlq2sjw04qo1vc6bnqq8igaomgk33wjsy7y] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\hjst6qwb.exe
O4 - HKCU\..\Run: [fibmmmjumgnnbkegans5x7lk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\sma7z3x2mbz.exe
O4 - HKCU\..\Run: [fh5kgh7mcmgqq2kivpdp3miga4wi8rwmbkl1930ku0az86q4n2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\e674zf.exe
O4 - HKCU\..\Run: [ffanv3qpqe3lk5wg5teronddjcnfdklmydntr6gs] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\zjwu1c.exe
O4 - HKCU\..\Run: [fe8s8gfaekq98462umqo] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xaw5py4yexzz.exe
O4 - HKCU\..\Run: [fc1q1r6dzkhwqt3xbxxvbajzqeb7oz8jbjvveeas32cla4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\fsv5h228py80e.exe
O4 - HKCU\..\Run: [f8yd1j2h1akwkah] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\chuxzwuwxcmt.exe
O4 - HKCU\..\Run: [f6yv1xn3gcxv3bbp4derqvuemu9t0yrpe5pqcxoopk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ybvbry77.exe
O4 - HKCU\..\Run: [f69ygohaijn5h8s4rirpfsd3g2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ud7yp1n3b9.exe
O4 - HKCU\..\Run: [f3q1g67t7zbi3bftlouuq5mksyhbiew] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\uytbt41.exe
O4 - HKCU\..\Run: [ey8b7vd45h45m9u3e56rb] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\axrltxjl2zg0.exe
O4 - HKCU\..\Run: [evxzte9enmj9oef4efk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kpvjhmx72.exe
O4 - HKCU\..\Run: [euuxrbv04yvuxmivitvz8v1n391grkdw6sghs5fajjlou] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\c7yaay3k9f0l.exe
O4 - HKCU\..\Run: [erfy6ouizodxw6p72k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\sjii69n.exe
O4 - HKCU\..\Run: [eor07bq1qvsz43995nqns4rhp55itl7bbhh8d3r8fxsil7d] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\muxvvedc99.exe
O4 - HKCU\..\Run: [egh4wxy10f2kxjksbiwenm371i4ur32lpa0l6] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\r41kztaiu.exe
O4 - HKCU\..\Run: [efk4emyfmthzpiolcmtxt5dpc4js717hf7ed9z] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\uqcdmp.exe
O4 - HKCU\..\Run: [eed9daclevt98sded3n3dd1vwpau] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vtdlcpndhxo.exe
O4 - HKCU\..\Run: [ed8hdl4x9out6yh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\f3jfz7v.exe
O4 - HKCU\..\Run: [e9y68wln9q391sddd95yf2deg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\rfiwdzi1rl3.exe
O4 - HKCU\..\Run: [e8i41t8d97l7r539h31nxvwvk9eqs76z565g711dwl] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nv0d66trvxnp.exe
O4 - HKCU\..\Run: [e7cs6s7ukd9i9b67m7ljc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jrl4gnh.exe
O4 - HKCU\..\Run: [e6djm4qmg5v6vmryynfgvulnj3kwchvbc2ygr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cgqk0svvsqqb.exe
O4 - HKCU\..\Run: [e6bnxfdvoblh7vi57i] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tk3302unm64yb.exe
O4 - HKCU\..\Run: [e55vcad9dyexgu7u1sa7e6wfceu0g1l30vf850f5bc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\w4tqvyblrimcf.exe
O4 - HKCU\..\Run: [e4g3rmd4ll7dptw0vjavdgnr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\zoju7b92dulqj.exe
O4 - HKCU\..\Run: [e3g0myaaoojtmdowwhhljao6d24x18ry] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bff40pqpj.exe
O4 - HKCU\..\Run: [e2zq7uzdkb5t46gl3kd62kyzvabcsnayip] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\atupzbqf9ayj0.exe
O4 - HKCU\..\Run: [e2698rx0dlq36fv5jk6snnff2c6dt1ljl865ko] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\cdlu6w3o9a.exe
O4 - HKCU\..\Run: [e1tym6z8syfsw5ma] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ddkcu7odvmgxn.exe
O4 - HKCU\..\Run: [e1klxd0r0rvsbqqpwv03m69k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mqpiepcezhaw.exe
O4 - HKCU\..\Run: [e05u0kdum1yd9l3tzrar2gm9mh6ypd7njadn17nid] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\irixvu.exe
O4 - HKCU\..\Run: [dxsv83esg69hrh0rcscflp3e6vma8pki82757qx] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\chfjfqu.exe
O4 - HKCU\..\Run: [dveh78r0r1094kqn7oysoo] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qr2ivyl.exe
O4 - HKCU\..\Run: [dv90wp29nlyo0axic3ah6qw] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dagqbv9indg.exe
O4 - HKCU\..\Run: [drrxrtkhhu2jwttmhrjhm7zlrtic1rtfjticfpq6f04] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\d4bvza0xyt.exe
O4 - HKCU\..\Run: [dr5l0qkbkes7lj226af] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\a8psi32cekww.exe
O4 - HKCU\..\Run: [dpy4rmx9obr8ek478wz3w0] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jyxq4g8ej.exe
O4 - HKCU\..\Run: [dpnknqp28] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dje0s6k91.exe
O4 - HKCU\..\Run: [dm3tpdrsetf5946u160rgj3xs8fgsxkd2wsk42ybgjoo4jww] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\v00osnsbcqfb8.exe
O4 - HKCU\..\Run: [dkn3muvfv52kx5qf3ta8rp6d8] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bc8n7r6klf.exe
O4 - HKCU\..\Run: [dk9ccpkvff4672vyce5u0mg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\z482uqmftop84.exe
O4 - HKCU\..\Run: [di89m7zalm0wjn2tutst652cve0rs7ire4mqkzo4394] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wcgw4r.exe
O4 - HKCU\..\Run: [dfq5y84cc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\v82mgvbbcekm.exe
O4 - HKCU\..\Run: [ddwforh0cm] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nwly21w21p9.exe
O4 - HKCU\..\Run: [dancjyh1sr5fhwp24tlbpogq9xbih77n8dww8uwe] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\r4c38t8jz5t.exe
O4 - HKCU\..\Run: [d9tkz9bazo3jbe4xu48zlgai0wf98o7y] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\to4wos2ap.exe
O4 - HKCU\..\Run: [d8zzirda92zayf3acxk25jadj99u2xpclajl7ooosdonpom] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wzanmh.exe
O4 - HKCU\..\Run: [d5tst8x5pn1kf26g] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\owreeb9jh2jh.exe
O4 - HKCU\..\Run: [ct1yfkckkefbuchpqmp3e] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bxuf2zt.exe
O4 - HKCU\..\Run: [cpu403ga3txep36yd255jav0qn5ldjmqcbupt8n75wc21c2k] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\nlgp20iv.exe
O4 - HKCU\..\Run: [cpkc2m0cd1snznw8tbx6bsponjnmu80b0gp4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\w6mjbtxjxpgs.exe
O4 - HKCU\..\Run: [co87c40k2ik45x25y2fcl510h6vg] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bmhlbswd.exe
O4 - HKCU\..\Run: [cmywcr042n5] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\n7d9fv.exe
O4 - HKCU\..\Run: [cmxeht376kz1tr5h] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\beoembifl71od.exe
O4 - HKCU\..\Run: [cm74a8u3nd26wznha13wmx8e3tfmy60iwati2z] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ca9g3syz.exe
O4 - HKCU\..\Run: [cgni06ktvdao3gae] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\crncjxj7jj36q.exe
O4 - HKCU\..\Run: [cecrvlsevbh6kf5dkij5j12tmoxwnqpiy4xyqvn8n1671y] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lvu5luwa9p.exe
O4 - HKCU\..\Run: [ccq7h9wdkzw65tu8inm165w7w2qdurzrar] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kau26fl1ef.exe
O4 - HKCU\..\Run: [cahy98kd4f807e2y6xsrb8] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\tyq012r8h953.exe
O4 - HKCU\..\Run: [ca4gdayougc58m] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\d48upabti.exe
O4 - HKCU\..\Run: [c9lgci0lqqekw5e0uib6k5h92j] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\suz6tqtw9z.exe
O4 - HKCU\..\Run: [c88gf50vu5j91xgrjemt516qna] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pk6pmcvmsjqs.exe
O4 - HKCU\..\Run: [c80zc89e953hkw1f0h9xq8] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mz4ndyt.exe
O4 - HKCU\..\Run: [c4rsums6mpjwkbh9i35ldx8y3o67ql014z] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kw2il197.exe
O4 - HKCU\..\Run: [c425u3temeq073rn0uc771dkpz2t4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\wjb76m6rw5yt.exe
O4 - HKCU\..\Run: [c3qfx5dpqldt6o728uf4xi1pgwqnma9i3ci9inzsm1cy] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\av96pgxf11.exe
O4 - HKCU\..\Run: [c2kdprnry5hebjsfek8] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\lxr0sycy68d.exe
O4 - HKCU\..\Run: [bwmkzflnum1k0tspbs8efgc4sct26cg96un2wb8f9xop1] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ln7gc1tii.exe
O4 - HKCU\..\Run: [bvf2pdb0ghlwa5mspi9llde896fb66r56lgmnslpia] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bojysrzwe.exe
O4 - HKCU\..\Run: [bskykttqa2j2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\pf06xulid3ib0.exe
O4 - HKCU\..\Run: [bphw5gitt832994ngo7gro0ok12sc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qhjthgdn6gg.exe
O4 - HKCU\..\Run: [bo8b8e3gkeglqzqsy5zml2o2whu93lktuqczslree] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m22v1yab2o9.exe
O4 - HKCU\..\Run: [bjpotp1qlegs898oxvh5rf8l6tqsew0yjaf2ygo1u3oftef9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dty1833pp2p.exe
O4 - HKCU\..\Run: [bfqfbpl2n3x1dolxq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vkalr9.exe
O4 - HKCU\..\Run: [bejujwtob3vbfum65hv1i9skvjkarq32a] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\rfd5v6hg8p66.exe
O4 - HKCU\..\Run: [bdw0qu7edw7y6vxtrs] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ug8jydwd3fg.exe
O4 - HKCU\..\Run: [bc8nrsq309p93g9zpkzi90deti3ffdsl3hd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\yx0aspgmc.exe
O4 - HKCU\..\Run: [bbtz3f6vfr8cyt9am] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ji0dn6r52dpec.exe
O4 - HKCU\..\Run: [b98bogwmlwwxu8z4tjn4d49rnjd6dkkrzhjd8wwp3y7hocfbc] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\oeoav2kcvc.exe
O4 - HKCU\..\Run: [b5wq1rlm8br2ls6irbfec7yuq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\hi6m5ybuxoljx.exe
O4 - HKCU\..\Run: [b5dl6tktxi16s7] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\kroy8prmk1.exe
O4 - HKCU\..\Run: [b381sh7sqfw4c1vek0swoe4lop30j7xwiebnl5uhq01ld] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j6ovtagw8r.exe
O4 - HKCU\..\Run: [azwqis47mgzzzpbjhlpoxbp27wxh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\t7xquju1w5r.exe
O4 - HKCU\..\Run: [ayy0j6ol5azqnu3u6vpyzma454] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\hs1ainkrpmx.exe
O4 - HKCU\..\Run: [axy6k5vfqwk9c18tzj6hdspscbcg9daab6r] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\as81kge72zans.exe
O4 - HKCU\..\Run: [axssruixxmwi] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\mpebmx8yqq7.exe
O4 - HKCU\..\Run: [auxkxp646vv] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\u8iep3g9xnb9o.exe
O4 - HKCU\..\Run: [asg7dxsdm2t91jaqe7thcd] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\vdashkemt3oj5.exe
O4 - HKCU\..\Run: [as9rgycub4jpbofm47gjha2dij3r] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qbldho993.exe
O4 - HKCU\..\Run: [arrfs9s8upmpaizfpyeepv60pvk5qoqfh4cer42hn4e8uw] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\bx0wcgvkyf6g9.exe
O4 - HKCU\..\Run: [arik19ulnmhdqoicovh3sbtyi52spqa777d7jy302ogr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\iuxxq3gpwnct3.exe
O4 - HKCU\..\Run: [appba1pqttybtxu1o8pr5cc4qg7io98tozsqe5wvdja2] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\n8ieq155mi0p.exe
O4 - HKCU\..\Run: [anto363rri8bg5bvu3cmxlz1fvim8kow3s9w] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ng2oslq2go9j9.exe
O4 - HKCU\..\Run: [alpepmfrngn] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xq33ntd.exe
O4 - HKCU\..\Run: [akievj8wha9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\id1dx2vhkwe.exe
O4 - HKCU\..\Run: [ajh8dl69ni] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\xpttrumu3s34h.exe
O4 - HKCU\..\Run: [ahmo796i3sv2ee4] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dt9khm1qugkwp.exe
O4 - HKCU\..\Run: [agyer1z9yx0ao8zpvgw857ud1kyq7] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\j2xcjszjwg47.exe
O4 - HKCU\..\Run: [agb385sduc023szlbxsxed232px18sonfh5ww8qoilsul] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\beuseq15lkys2.exe
O4 - HKCU\..\Run: [afzrgu66irsy09bhkq] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\z4x247ov7au.exe
O4 - HKCU\..\Run: [afvyy1vrip6deuiq76nykwmsk] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\m6zrvkmhvw.exe
O4 - HKCU\..\Run: [afu2vg3xx44mp13] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\jswb8w42.exe
O4 - HKCU\..\Run: [af5bnhs82zaicr5a57wurve4re] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\eykfqmimqwx6p.exe
O4 - HKCU\..\Run: [ac64e3ep2s3qminjrfaw70vh6b002] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\ajaoje7z2i3.exe
O4 - HKCU\..\Run: [a9ayhm11efj2w60r2f622kfzr] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\np1oib.exe
O4 - HKCU\..\Run: [a7a3ikwd4nys34w7q5967zd3jizqu5ld736f] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\g85ahqaoq.exe
O4 - HKCU\..\Run: [a3zob4k4e72oc2xyjtuchk1y9tty6ynxrzqpee9og0q13wz] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\q2lqek.exe
O4 - HKCU\..\Run: [a3wczfhjwq7zwx1v46wd1gqy369yyxj5ugaq8qhjmkun3leh] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\dblijl0k8.exe
O4 - HKCU\..\Run: [a3jq3pz54jb8tlxsucfjim6wnthifcwdj98ehvm7jzfd9] C:\DOCUME~1\RISHME~1\LOCALS~1\Temp\qae0l3f.exe


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
Reboot your computer.
----------------------------------------------
LIST OF PROGRAMS USING HIJACKTHIS
  • Open HijackThis.
  • Click on Open the Misc Tools section.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/...install-man.jpg
----------------------------------------------
Rooter.exe

Download Rooter.exe to your desktop.
  • Then double-click it to start the tool.
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here.
----------------------------------------------
Post back:
Programs list.
Rooter.exe report.
A new HijackThis log.
Let me know about Kaspersky.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#8 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 23 March 2009 - 04:12 PM

UNINSTALL LIST

32 Bit HP CIO Components Installer
Access Help
AccessDiver v4.402
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
Camtasia Studio 5
Client Security Solution
Compatibility Pack for the 2007 Office system
COWON Media Center - jetAudio Basic
Critical Update for Windows Media Player 11 (KB959772)
Digg's Top Stories Plugin 1.2
DivX Web Player
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.0
Google Desktop
Google Desktop
Google Talk (remove only)
Google Talk, Labs Edition
Google Toolbar for Internet Explorer
Help Center
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 11.0
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 11.0
HP Update
Intel® PRO Network Connections Drivers
InterVideo WinDVD Creator 3
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Java™ 6 Update 5
Java™ 6 Update 7
Kaspersky Internet Security 2009
Kaspersky Internet Security 2009
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft redistributable runtime DLLs VS2005(x86)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Netflix Movie Viewer
Nitro PDF Professional
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
Productivity Center Supplement for ThinkPad
QuickTime
RealPlayer
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
SAP Business Explorer
SAP GUI 7.10
Seagate Manager Installer
Seagate Manager Installer
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SnagIt 8
Sonic DLA
Sonic Icons for Lenovo
Sonic Update Manager
SopCast 3.0.3
SoundMAX
System Migration Assistant
System Update
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Presentation Director
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkVantage Active Protection System
ThinkVantage Away Manager
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TrackPoint Accessibility Features
TVUPlayer 2.4.1.0
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6e
Wallpapers
WebEx
Winamp
Windows Communication Foundation
Windows Imaging Component
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB890859
WinRAR archiver
XP Themes
Yahoo! Messenger

#9 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 23 March 2009 - 04:17 PM

Rooter Report

Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:109819 Mo/Free:1706 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Mon 03/23/2009|14:14

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\ibmpmsvc.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
---------- C:\WINDOWS\system32\TpShocks.exe
---------- C:\Program Files\Analog Devices\Core\smax4pnp.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
---------- C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
---------- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
---------- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
---------- C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
---------- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
---------- C:\WINDOWS\system32\IPSSVC.EXE
---------- C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
---------- C:\WINDOWS\system32\acs.exe
--Locked-- avp.exe
---------- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
---------- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
--Locked-- avp.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
---------- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
---------- C:\Program Files\Logitech\QuickCam\Quickcam.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
---------- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
---------- C:\WINDOWS\System32\TPHDEXLG.EXE
---------- C:\WINDOWS\system32\TpKmpSVC.exe
---------- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
---------- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
---------- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
---------- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
---------- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
---------- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
---------- C:\Program Files\Windows Media Player\WMPNetwk.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
---------- C:\Program Files\trend micro\HijackThis\HijackThis.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

==> VUNDO <==

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\RISHME~1\Desktop\Driver.Magician.v332.WinAll.Cracked-CRD\crude.exe
C:\DOCUME~1\RISHME~1\Desktop\Driver.Magician.v332.WinAll.Cracked-CRD\Crack\Driver Magician.exe
C:\DOCUME~1\RISHME~1\Desktop\Driver.Magician.v332.WinAll.Cracked-CRD\Setup\DriverMagician.exe
C:\DOCUME~1\RISHME~1\My Documents\Downloads\New Folder\Asc\Driver.Magician.v332.WinAll.Cracked-CRD.rar
C:\DOCUME~1\RISHME~1\My Documents\Downloads\Software\Nitro PDF Professional 5.3.1.8-Keygen-HeartBug\Keygen.exe
C:\DOCUME~1\RISHME~1\My Documents\Downloads\Software\Nitro PDF Professional 5.3.1.8-Keygen-HeartBug\nitro_pdf_professional.exe
C:\DOCUME~1\RISHME~1\My Documents\Downloads\Software\RealVNC Enterprise v4.3.2 With Keygen\Install Notes.txt
C:\DOCUME~1\RISHME~1\My Documents\Downloads\Software\RealVNC Enterprise v4.3.2 With Keygen\keygen.exe
C:\DOCUME~1\RISHME~1\My Documents\Downloads\Software\RealVNC Enterprise v4.3.2 With Keygen\RealVNC Enterprise Installer.exe
C:\DOCUME~1\RISHME~1\My Documents\Downloads\Software\SnagIt 8.2.3+Keygen - Christley\snagit.exe
C:\DOCUME~1\RISHME~1\My Documents\Downloads\Software\Software\XSite Pro\keygen\readme.txt
C:\DOCUME~1\RISHME~1\My Documents\Downloads\Software\Software\XSite Pro\keygen\XsiteProKeyGen.exe


1 - "C:\Rooter$\Rooter_1.txt" - Mon 03/23/2009|14:15

----------------------\\ Scan completed at 14:15

#10 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 23 March 2009 - 04:18 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:17:43 PM, on 3/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - S-1-5-18 Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Rish Meister\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dice.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn.xenoport.com/dana-cached/setup/...perSetupSP1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~2\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~2\KASPER~1\kloehk.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 13442 bytes

#11 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 24 March 2009 - 05:24 AM

Hello ovechkin,

Good job with all those red lines.

I see a lot of cracks and keygens on your pc. Except that they are illegal, they are another source of infection.

Now before proceeding, please remove all cracks and keygens found on your pc.

C:\DOCUME~1\RISHME~1\Desktop\Driver.Magician.v332.WinAll.Cracked-CRD
C:\DOCUME~1\RISHME~1\My Documents\Downloads\New Folder\Asc\Driver.Magician.v332.WinAll.Cracked-CRD.rar
C:\DOCUME~1\RISHME~1\My Documents\Downloads\Software\Nitro PDF Professional 5.3.1.8-Keygen-HeartBug
C:\DOCUME~1\RISHME~1\My Documents\Downloads\Software\RealVNC Enterprise v4.3.2 With Keygen
C:\DOCUME~1\RISHME~1\My Documents\Downloads\Software\SnagIt 8.2.3+Keygen - Christley
C:\DOCUME~1\RISHME~1\My Documents\Downloads\Software\Software\XSite Pro

After removing them post a new report from Rooter.exe so we can continue.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#12 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 24 March 2009 - 12:35 PM

Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:109819 Mo/Free:1620 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 03/24/2009|10:33

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\ibmpmsvc.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
---------- C:\WINDOWS\system32\TpShocks.exe
---------- C:\Program Files\Analog Devices\Core\smax4pnp.exe
---------- C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
---------- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
---------- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
---------- C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
---------- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
---------- C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
--Locked-- avp.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
---------- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
---------- C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
---------- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
---------- C:\Program Files\Logitech\QuickCam\Quickcam.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Documents and Settings\ \Local Settings\Application Data\Google\Update\GoogleUpdate.exe
---------- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
---------- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
---------- C:\WINDOWS\system32\IPSSVC.EXE
---------- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Documents and Settings\ \Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
---------- C:\WINDOWS\system32\acs.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
--Locked-- avp.exe
---------- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
---------- C:\WINDOWS\System32\TPHDEXLG.EXE
---------- C:\WINDOWS\system32\TpKmpSVC.exe
---------- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
---------- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
---------- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
---------- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
---------- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
---------- C:\Program Files\Windows Media Player\WMPNetwk.exe
---------- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

==> VUNDO <==

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Mon 03/23/2009|14:15
2 - "C:\Rooter$\Rooter_2.txt" - Tue 03/24/2009|10:34

----------------------\\ Scan completed at 10:34

Edited by ovechkin, 24 March 2009 - 09:58 PM.


#13 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 24 March 2009 - 02:41 PM

Hello ovechkin,

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#14 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 24 March 2009 - 09:50 PM

ComboFix 09-03-23.01 -2009-03-24 19:34:34.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1149 [GMT -7:00]
Running from: c:\documents and settings\................\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AGfhknpo.ini
c:\windows\system32\AGfhknpo.ini2
c:\windows\system32\Ppstvyay.ini
c:\windows\system32\Ppstvyay.ini2

.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-24 08:46 . 2009-03-24 08:46 24,952 --ah----- c:\windows\system32\mlfcache.dat
2009-03-23 18:12 . 2009-03-23 18:12 <DIR> d-------- c:\program files\New Folder
2009-03-23 14:14 . 2009-03-24 10:34 <DIR> d-------- C:\Rooter$
2009-03-23 14:13 . 2009-03-23 14:13 <DIR> d-------- c:\program files\Rooter
2009-03-23 13:37 . 2009-03-23 13:37 <DIR> d-------- c:\program files\ATFCleaner
2009-03-21 09:22 . 2009-03-21 09:22 <DIR> d-------- c:\program files\MSECache
2009-03-21 09:19 . 2009-03-21 09:22 <DIR> d-------- c:\program files\Compatibility Pack Office2007
2009-03-11 12:29 . 2009-03-11 12:29 <DIR> d-------- c:\program files\Google Talk Regular

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 02:41 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-25 02:38 622,624 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-25 02:38 3,208 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-25 02:38 3,060,768 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-25 02:38 26,040 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-24 06:00 --------- d-----w c:\program files\Adobe Flash Player
2009-03-24 01:14 --------- d-----w c:\program files\Java
2009-03-23 20:36 --------- d-----w c:\documents and settings\ \Application Data\uTorrent
2009-03-23 00:55 --------- d-----w c:\program files\trend micro
2009-03-15 09:22 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-03-15 09:22 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-03-11 19:29 --------- d-----w c:\program files\Google Talk
2009-03-11 01:40 --------- d-----w c:\program files\JetAudio
2009-02-24 19:56 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-24 19:56 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-24 19:56 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-24 19:41 --------- d-----w c:\program files\Kaspersky Lab
2009-02-24 19:38 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-24 19:26 --------- d-----w c:\program files\Kaspersky
2009-02-24 05:44 --------- d-----w c:\documents and settings\PasserBys\Application Data\Juniper Networks
2009-02-14 21:41 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-13 22:35 --------- d-----w c:\documents and settings\ \Application Data\AdobeUM
2009-02-12 05:05 --------- d-----w c:\documents and settings\PasserBys\Application Data\Lenovo
2009-02-11 18:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 18:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-05 21:39 --------- d-----w c:\program files\Songbeat
2009-02-05 03:46 --------- d-----w c:\documents and settings\ \Application Data\dvdcss
2009-02-03 03:37 --------- d-----w c:\documents and settings\ \Application Data\COWON
2009-02-03 03:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-03 03:34 --------- d-----w c:\program files\Common Files\COWON
2009-02-03 03:33 --------- d-----w c:\documents and settings\ \Application Data\InstallShield
2009-01-26 03:18 --------- d-----w c:\documents and settings\ \Application Data\Malwarebytes
2009-01-26 03:18 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-22 01:19 726,008 ----a-w c:\documents and settings\ \gotomypc_438.exe
2009-01-22 01:03 3,902,784 ----a-w c:\documents and settings\ \gosetup.exe
2008-09-18 00:23 56,912 ----a-w c:\documents and settings\ \g2mdlhlpx.exe
2007-02-02 01:11 582 ----a-w c:\program files\readme.txt
2007-02-02 01:02 313,344 ----a-w c:\program files\hjsplit.exe
2006-12-29 22:15 626,688 ----a-w c:\program files\Common Files\sapconsaccess.dll
2006-12-29 22:15 40,960 ----a-w c:\program files\Common Files\DigitalSignature.ocx
2006-12-29 22:15 3,100,672 ----a-w c:\program files\Common Files\sapxlhelper.dll
2006-12-29 22:15 192,512 ----a-w c:\program files\Common Files\sapconsr3.dll
2006-12-07 17:26 1,129,984 ----a-w c:\program files\Common Files\SAPActiveXL.xlt
2006-12-07 17:26 1,124,864 ----a-w c:\program files\Common Files\SAPActiveXL_nosig.xlt
2008-11-14 20:49 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\ \Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-11 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 185896]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-24 94208]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-24 206088]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-13 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-13 512000]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-14 29744]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-12 413696]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-08-13 210224]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 148888]
"TpShocks"="TpShocks.exe" [2006-03-15 c:\windows\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 c:\windows\system32\TP4EX.exe]

c:\documents and settings\ \Start Menu\Programs\Startup\
Google Talk, Labs Edition.lnk - c:\documents and settings\ \Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-06-24 94704]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-05-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-03-24 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 10:07 49152 c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 20:20 40448 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 07:45 28672 c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 04:16 24576 c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"btwdins"=2 (0x2)
"ISSVC"=2 (0x2)
"Irmon"=2 (0x2)
"SUService"=2 (0x2)
"seclogon"=2 (0x2)
"lanmanserver"=2 (0x2)
"Diskeeper"=2 (0x2)
"CryptSvc"=3 (0x3)
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\ \\Desktop\\Tvants.exe"=
"c:\\Program Files\\Sopcast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Sopcast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Documents and Settings\\ \\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2008-03-24 88576]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2008-03-24 4736]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [2006-03-13 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 3456]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-03-24 57216]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-04-29 3584]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-24 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{199d9ce2-9500-11dd-9371-001641ae323a}]
\Shell\AutoRun\command - E:\Launch.exe /run
.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3857646467-3729263414-1636550412-1005.job
- c:\documents and settings\ \Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-11 12:21]

2009-03-23 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-03-28 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\ \Application Data\Mozilla\Firefox\Profiles\5fd1q0wg.default\
FF - prefs.js: browser.startup.homepage - hxxp://computers.shop.ebay.com/items/?_nkw=%28speakers%2Cspeaker%2Csystem%2Csurround%2C%222.0%22%2C%222.1%22%2C%225.1%22%2C%225.0%22%29+%28logitech%2Cklipsch%2C%22i-trigue%22%2Citrigue%22%2C%22m-audio%22%2Cbose%2Ccreative%29&_in_kw=1&_ex_kw=&_sacat=58058&_okw=%28speakers%2Cspeaker%2Csystem%2Csurround%2C%222.0%22%2C%222.1%22%2C%225.1%22%2C%225.0%22%29+%28logitech%2Cklipsch%2C%22i-trigue%22%2Citrigue%22%2C%22m-audio%22%2Cbose%2Ccreative%29&_oexkw=&_mPrRngCbx=1&_udlo=&_udhi=55&_LH_Time=1&_ftrt=901&_ftrv=12&_sabdlo=&_sabdhi=&_samilow=&_samihi=&_sadis=200&_fpos=Zip+code&_fsct=&LH_SubLocation=1&fsradio2=%26LH_PrefLoc%3D1&_sargn=-1%26saslc%3D3&_salic=1&_saact=1&LH_SALE_CURRENCY=0&_sop=1&_dmd=1&_ipg=50
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\ \Application Data\Mozilla\Firefox\Profiles\5fd1q0wg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\ \Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 19:41:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(360)
c:\windows\system32\vrlogon.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(412)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\IPSSVC.EXE
c:\windows\system32\acs.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-03-24 19:47:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-25 02:47:00
ComboFix2.txt 2009-01-27 19:23:51

Pre-Run: 31,691,460,608 bytes free
Post-Run: 38,920,667,136 bytes free

276 --- E O F --- 2009-03-13 17:12:21


===============================================================================

Edited by ovechkin, 24 March 2009 - 09:59 PM.


#15 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 24 March 2009 - 09:52 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:46 PM, on 3/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\ \Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ \Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - S-1-5-18 Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\ \Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\ \Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\ \Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dice.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn.xenoport.com/dana-cached/setup/...perSetupSP1.cab
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 12518 bytes

Edited by ovechkin, 24 March 2009 - 10:00 PM.





5 user(s) are reading this topic

0 members, 5 guests, 0 anonymous users