bgjoy6160
2010-01-13, 04:26
The computer had a lot of malware, trojans, and spyware on it. I did use SpyBot, after several run throughs, it cleaned up everything except the Win32.TDSS.RTK
Your help in removing this would be appreciated. I did run ERUNT and added the Hijackthis log file below.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:44 PM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://a-v-pro-2010.com/buy.html?wmid=1025&l=5&skey=21aa26725fe599630f91bfd77cc0086b
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [75922934] C:\Documents and Settings\All Users\Application Data\75922934\75922934.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA9869] command.com /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9015] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8625] command.com /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1912] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9997] command.com /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5927] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1794] command.com /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2875] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6003] command.com /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7895] cmd.exe /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7474] command.com /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1639] cmd.exe /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8201] command.com /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3482] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4844] command.com /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5600] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5618] command.com /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1387] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2270] command.com /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4920] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4915] command.com /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC633] cmd.exe /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2141] command.com /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5993] cmd.exe /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6498] command.com /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5831] cmd.exe /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7539] command.com /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9704] cmd.exe /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5912] command.com /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9615] cmd.exe /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2432] command.com /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5056] cmd.exe /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8257] command.com /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1875] cmd.exe /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2035] command.com /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC430] cmd.exe /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6646] command.com /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1561] cmd.exe /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2825] command.com /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3001] cmd.exe /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee Update] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mcupdate_1291998491.exe /syncfin C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mcupdate_1291998491.ini
O4 - HKCU\..\RunOnce: [SpybotDeletingB1054] command.com /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6190] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7189] command.com /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1571] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6969] command.com /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9790] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4584] command.com /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5057] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9112] command.com /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9384] cmd.exe /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB717] command.com /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9068] cmd.exe /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3624] command.com /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1952] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8482] command.com /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7332] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9558] command.com /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7716] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8051] command.com /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD141] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB974] command.com /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7281] cmd.exe /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4787] command.com /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4863] cmd.exe /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4867] command.com /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6163] cmd.exe /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5330] command.com /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4662] cmd.exe /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9673] command.com /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6615] cmd.exe /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3635] command.com /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1085] cmd.exe /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8035] command.com /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9013] cmd.exe /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7996] command.com /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5052] cmd.exe /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7282] command.com /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9455] cmd.exe /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8605] command.com /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9189] cmd.exe /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: ymetray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Backgammon - http://origin.games.yahoo.net/games/clients/y/at1_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1291997613750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291998220046
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: ,huwakalu.dll c:\windows\system32\kuzeduhu.dll
O21 - SSODL: rutetazek - {2db1e547-6ed4-44c9-b327-3a65b70b268c} - c:\windows\system32\kuzeduhu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {2db1e547-6ed4-44c9-b327-3a65b70b268c} - c:\windows\system32\kuzeduhu.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 15554 bytes
Your help in removing this would be appreciated. I did run ERUNT and added the Hijackthis log file below.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:44 PM, on 1/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://a-v-pro-2010.com/buy.html?wmid=1025&l=5&skey=21aa26725fe599630f91bfd77cc0086b
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [75922934] C:\Documents and Settings\All Users\Application Data\75922934\75922934.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA9869] command.com /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9015] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8625] command.com /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1912] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9997] command.com /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5927] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1794] command.com /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2875] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6003] command.com /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7895] cmd.exe /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7474] command.com /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1639] cmd.exe /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8201] command.com /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3482] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4844] command.com /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5600] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5618] command.com /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1387] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2270] command.com /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4920] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4915] command.com /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC633] cmd.exe /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2141] command.com /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5993] cmd.exe /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6498] command.com /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5831] cmd.exe /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7539] command.com /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9704] cmd.exe /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5912] command.com /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9615] cmd.exe /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2432] command.com /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5056] cmd.exe /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8257] command.com /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1875] cmd.exe /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2035] command.com /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC430] cmd.exe /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6646] command.com /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1561] cmd.exe /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2825] command.com /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3001] cmd.exe /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee Update] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mcupdate_1291998491.exe /syncfin C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mcupdate_1291998491.ini
O4 - HKCU\..\RunOnce: [SpybotDeletingB1054] command.com /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6190] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7189] command.com /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1571] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkydiusqfxw.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6969] command.com /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9790] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4584] command.com /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5057] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkynwmitetb.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9112] command.com /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9384] cmd.exe /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB717] command.com /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9068] cmd.exe /c del "C:\WINDOWS\system32\gasfkybmiaqvns.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3624] command.com /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1952] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8482] command.com /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7332] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjltvrecv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9558] command.com /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7716] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8051] command.com /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD141] cmd.exe /c del "C:\WINDOWS\system32\gasfkyjmdtspux.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB974] command.com /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7281] cmd.exe /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4787] command.com /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4863] cmd.exe /c del "C:\WINDOWS\system32\gasfkyqrcqobcv.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4867] command.com /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6163] cmd.exe /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5330] command.com /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4662] cmd.exe /c del "C:\WINDOWS\system32\gasfkycnvtmspf.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9673] command.com /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6615] cmd.exe /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3635] command.com /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1085] cmd.exe /c del "C:\WINDOWS\system32\gasfkytmxlximk.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8035] command.com /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9013] cmd.exe /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7996] command.com /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5052] cmd.exe /c del "C:\WINDOWS\system32\gasfkyxiouqsjt.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7282] command.com /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9455] cmd.exe /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8605] command.com /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9189] cmd.exe /c del "C:\WINDOWS\system32\gasfkyywqkgbsa.dat"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: ymetray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Backgammon - http://origin.games.yahoo.net/games/clients/y/at1_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1291997613750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291998220046
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: ,huwakalu.dll c:\windows\system32\kuzeduhu.dll
O21 - SSODL: rutetazek - {2db1e547-6ed4-44c9-b327-3a65b70b268c} - c:\windows\system32\kuzeduhu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {2db1e547-6ed4-44c9-b327-3a65b70b268c} - c:\windows\system32\kuzeduhu.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 15554 bytes