mindseye07
2009-10-26, 13:43
Hi. I thought I posted the other day but it's not lilsted, only my old archive.
I could only run HJT in safe mode, got a nasty virus that shut down exe files, task manager, run command, etc... downloaded a register unhooker from microsoft. Here's my first HJT dump.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:18 AM, on 10/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Owner\Application Data\seres.exe
C:\Documents and Settings\Owner\Application Data\svcst.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: C:\WINDOWS\system32\rafxrevb.dll - {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\rafxrevb.dll (file missing)
O2 - BHO: (no name) - {cda76938-104e-d953-44ef-fb4b8038fb5e} - C:\WINDOWS\ewalodasodefakor.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\mcafee antispyware\MssCli.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dqokesavadebib] rundll32.exe "C:\WINDOWS\ewalodasodefakor.dll",Startup
O4 - HKLM\..\Run: [jusunefun] Rundll32.exe "c:\windows\system32\buyatoyo.dll",a
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7634] command /c del "c:\windows\system32\rovugilu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9978] cmd /c del "c:\windows\system32\rovugilu.dll_old"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\MYT3HV47\TCODE3~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\86T6FU0C\TCODEW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\5KUGUA8X\203762~3.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\E046Y24B\TCODE3~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\HR8JR3BZ\TCODEW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\MPEG5B5I\SIZE_1~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\OEP3T3GJ\SIZE_1~3.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\MPEG5B5I\AIM_UA~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\ZVONN5UD\GRAB_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\ZVONN5UD\OPENHA~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\9Q28DGHO\HISTOR~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\12L1OF3P\TCODE3~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\12L1OF3P\TCODEW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Conten
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Owner\Application Data\seres.exe
O4 - HKCU\..\Run: [hivew] C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\1426675461725999.dll,Set1
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\Owner\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [Login Software 2009] C:\DOCUME~1\Owner\LOCALS~1\Temp\jto8n703.exe
O4 - HKCU\..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\Owner\LOCALS~1\Temp\win16.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Owner\Application Data\svcst.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: scandisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: scandisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: scandisk.dll (User 'Default user')
O4 - .DEFAULT Startup: scandisk.lnk = ? (User 'Default user')
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224640953203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: c:\windows\system32\tufujavudll c:\windows\system32\rutahizo.dll c:\windows\system32\ c:\windows\system32\gibokiho.dll fahulizi.dll c:\windows\system32\ c:\windows\system32\pujejefi.dll c:\windows\system32\buyatoyo.dll
O21 - SSODL: ravayovuk - {e282b144-9ba0-45c8-bdc0-3e129e049cba} - c:\windows\system32\buyatoyo.dll
O21 - SSODL: negiziveg - {58a8ff58-0770-4260-84a2-978816e9f8f4} - c:\windows\system32\buyatoyo.dll
O21 - SSODL: febinomap - {9f6a0003-ac2d-4180-ac4f-534c7a23c48d} - c:\windows\system32\rutahizo.dll (file missing)
O21 - SSODL: wiselitup - {83feee66-df81-44da-8245-b57b45cbccfa} - c:\windows\system32\rutahizo.dll (file missing)
O21 - SSODL: pugipakik - {0c40aa5d-6c27-4354-bf80-eb1c2e0d7e87} - c:\windows\system32\rutahizo.dll (file missing)
O21 - SSODL: putemipiv - {54abfd00-d25a-48b8-b654-5a30c594dd9a} - c:\windows\system32\gibokiho.dll (file missing)
O21 - SSODL: musihibug - {c0ce021c-9bff-4e63-9fa4-fb44a8dd3c3e} - c:\windows\system32\pujejefi.dll
O22 - SharedTaskScheduler: gsajkfh873whdngo8wuidgs4rgfr4 - {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\rafxrevb.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {e282b144-9ba0-45c8-bdc0-3e129e049cba} - c:\windows\system32\buyatoyo.dll
O22 - SharedTaskScheduler: mujuzedij - {58a8ff58-0770-4260-84a2-978816e9f8f4} - c:\windows\system32\buyatoyo.dll
O22 - SharedTaskScheduler: mujuzedij - {9f6a0003-ac2d-4180-ac4f-534c7a23c48d} - c:\windows\system32\rutahizo.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {83feee66-df81-44da-8245-b57b45cbccfa} - c:\windows\system32\rutahizo.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {0c40aa5d-6c27-4354-bf80-eb1c2e0d7e87} - c:\windows\system32\rutahizo.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {54abfd00-d25a-48b8-b654-5a30c594dd9a} - c:\windows\system32\gibokiho.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {c0ce021c-9bff-4e63-9fa4-fb44a8dd3c3e} - c:\windows\system32\pujejefi.dll
O23 - Service: McAfee Application Installer Cleanup (0169881256116504) (0169881256116504mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\016988~1.EXE
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13464 bytes
I could only run HJT in safe mode, got a nasty virus that shut down exe files, task manager, run command, etc... downloaded a register unhooker from microsoft. Here's my first HJT dump.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:18 AM, on 10/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Owner\Application Data\seres.exe
C:\Documents and Settings\Owner\Application Data\svcst.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: C:\WINDOWS\system32\rafxrevb.dll - {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\rafxrevb.dll (file missing)
O2 - BHO: (no name) - {cda76938-104e-d953-44ef-fb4b8038fb5e} - C:\WINDOWS\ewalodasodefakor.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\mcafee antispyware\MssCli.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dqokesavadebib] rundll32.exe "C:\WINDOWS\ewalodasodefakor.dll",Startup
O4 - HKLM\..\Run: [jusunefun] Rundll32.exe "c:\windows\system32\buyatoyo.dll",a
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7634] command /c del "c:\windows\system32\rovugilu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9978] cmd /c del "c:\windows\system32\rovugilu.dll_old"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\MYT3HV47\TCODE3~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\86T6FU0C\TCODEW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\5KUGUA8X\203762~3.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\E046Y24B\TCODE3~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\HR8JR3BZ\TCODEW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\MPEG5B5I\SIZE_1~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\OEP3T3GJ\SIZE_1~3.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\MPEG5B5I\AIM_UA~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\ZVONN5UD\GRAB_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\ZVONN5UD\OPENHA~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\9Q28DGHO\HISTOR~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\12L1OF3P\TCODE3~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\12L1OF3P\TCODEW~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Conten
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Owner\Application Data\seres.exe
O4 - HKCU\..\Run: [hivew] C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\1426675461725999.dll,Set1
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\Owner\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [Login Software 2009] C:\DOCUME~1\Owner\LOCALS~1\Temp\jto8n703.exe
O4 - HKCU\..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\DOCUME~1\Owner\LOCALS~1\Temp\win16.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Owner\Application Data\svcst.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: scandisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: scandisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: scandisk.dll (User 'Default user')
O4 - .DEFAULT Startup: scandisk.lnk = ? (User 'Default user')
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224640953203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: c:\windows\system32\tufujavudll c:\windows\system32\rutahizo.dll c:\windows\system32\ c:\windows\system32\gibokiho.dll fahulizi.dll c:\windows\system32\ c:\windows\system32\pujejefi.dll c:\windows\system32\buyatoyo.dll
O21 - SSODL: ravayovuk - {e282b144-9ba0-45c8-bdc0-3e129e049cba} - c:\windows\system32\buyatoyo.dll
O21 - SSODL: negiziveg - {58a8ff58-0770-4260-84a2-978816e9f8f4} - c:\windows\system32\buyatoyo.dll
O21 - SSODL: febinomap - {9f6a0003-ac2d-4180-ac4f-534c7a23c48d} - c:\windows\system32\rutahizo.dll (file missing)
O21 - SSODL: wiselitup - {83feee66-df81-44da-8245-b57b45cbccfa} - c:\windows\system32\rutahizo.dll (file missing)
O21 - SSODL: pugipakik - {0c40aa5d-6c27-4354-bf80-eb1c2e0d7e87} - c:\windows\system32\rutahizo.dll (file missing)
O21 - SSODL: putemipiv - {54abfd00-d25a-48b8-b654-5a30c594dd9a} - c:\windows\system32\gibokiho.dll (file missing)
O21 - SSODL: musihibug - {c0ce021c-9bff-4e63-9fa4-fb44a8dd3c3e} - c:\windows\system32\pujejefi.dll
O22 - SharedTaskScheduler: gsajkfh873whdngo8wuidgs4rgfr4 - {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\rafxrevb.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {e282b144-9ba0-45c8-bdc0-3e129e049cba} - c:\windows\system32\buyatoyo.dll
O22 - SharedTaskScheduler: mujuzedij - {58a8ff58-0770-4260-84a2-978816e9f8f4} - c:\windows\system32\buyatoyo.dll
O22 - SharedTaskScheduler: mujuzedij - {9f6a0003-ac2d-4180-ac4f-534c7a23c48d} - c:\windows\system32\rutahizo.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {83feee66-df81-44da-8245-b57b45cbccfa} - c:\windows\system32\rutahizo.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {0c40aa5d-6c27-4354-bf80-eb1c2e0d7e87} - c:\windows\system32\rutahizo.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {54abfd00-d25a-48b8-b654-5a30c594dd9a} - c:\windows\system32\gibokiho.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {c0ce021c-9bff-4e63-9fa4-fb44a8dd3c3e} - c:\windows\system32\pujejefi.dll
O23 - Service: McAfee Application Installer Cleanup (0169881256116504) (0169881256116504mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\016988~1.EXE
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13464 bytes