Results 1 to 2 of 2

Thread: Win32.TDSS.rtk removal help please!

  1. 2009-09-24, 19:07 #1
    Stags
    Stags is offline
    Junior Member
    Join Date
    Sep 2009
    Posts
    7

    Default Win32.TDSS.rtk removal help please!

    Hello, this is my first post, I'd like some help with the Win32.TDSS.rtk problems I am having.

    Here is my HJT Log:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:01:23 AM, on 9/24/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O3 - Toolbar: Ask && Record Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKLM\..\RunOnce: [SpybotDeletingA227] command.com /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3635] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5092] command.com /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5759] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9632] command.com /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4874] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA291] command.com /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5331] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4476] command.com /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9645] cmd.exe /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2558] command.com /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4097] cmd.exe /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1915] command.com /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9541] cmd.exe /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1118] command.com /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7296] cmd.exe /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5595] command.com /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4273] cmd.exe /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8449] command.com /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4094] cmd.exe /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4859] command.com /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8527] cmd.exe /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8963] command.com /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8069] cmd.exe /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1285] command.com /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1661] cmd.exe /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5856] command.com /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1278] cmd.exe /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9882] command.com /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4281] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6137] command.com /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3662] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4531] command.com /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8793] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7393] command.com /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC29] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2388] command.com /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1942] cmd.exe /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3556] command.com /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8230] cmd.exe /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7051] command.com /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3781] cmd.exe /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6337] command.com /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9577] cmd.exe /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2128] command.com /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2490] cmd.exe /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1447] command.com /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2627] cmd.exe /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8287] command.com /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4954] cmd.exe /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2950] command.com /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2889] cmd.exe /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9371] command.com /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9565] cmd.exe /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1095] command.com /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC62] cmd.exe /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA900] command.com /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1930] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA74] command.com /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2154] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6408] command.com /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1397] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9822] command.com /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9366] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2969] command.com /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5363] cmd.exe /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2848] command.com /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7183] cmd.exe /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9317] command.com /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3790] cmd.exe /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4954] command.com /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1524] cmd.exe /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6790] command.com /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8500] cmd.exe /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7513] command.com /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2442] cmd.exe /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2686] command.com /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6576] cmd.exe /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA345] command.com /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6106] cmd.exe /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA98] command.com /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8278] cmd.exe /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3907] command.com /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5312] cmd.exe /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2231] command.com /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9429] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2868] command.com /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9248] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8974] command.com /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2957] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9470] command.com /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7609] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4144] command.com /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2300] cmd.exe /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4017] command.com /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1400] cmd.exe /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6456] command.com /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9703] cmd.exe /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3482] command.com /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1902] cmd.exe /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6931] command.com /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2661] cmd.exe /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1854] command.com /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7461] cmd.exe /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9159] command.com /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2284] cmd.exe /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7817] command.com /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6625] cmd.exe /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5454] command.com /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD455] cmd.exe /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3449] command.com /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8939] cmd.exe /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3033] command.com /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8387] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9766] command.com /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3548] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8878] command.com /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3825] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7438] command.com /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5670] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8174] command.com /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8481] cmd.exe /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8768] command.com /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9282] cmd.exe /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2914] command.com /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3438] cmd.exe /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3729] command.com /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD20] cmd.exe /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1825] command.com /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5407] cmd.exe /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9764] command.com /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6951] cmd.exe /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3920] command.com /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7627] cmd.exe /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6427] command.com /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1530] cmd.exe /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1778] command.com /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD462] cmd.exe /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5263] command.com /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9473] cmd.exe /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4296] command.com /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8087] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9348] command.com /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1857] cmd.exe /c del "C:\WINDOWS\system32\drivers\gasfkyhrvgfumq.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7271] command.com /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3040] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4537] command.com /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9322] cmd.exe /c del "C:\WINDOWS\system32\gasfkyhvrthxvm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3477] command.com /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9693] cmd.exe /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8492] command.com /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3220] cmd.exe /c del "C:\WINDOWS\system32\gasfkysfkbanko.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4915] command.com /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4251] cmd.exe /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4282] command.com /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2372] cmd.exe /c del "C:\WINDOWS\system32\gasfkywyrdtyqv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8231] command.com /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5384] cmd.exe /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB940] command.com /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9204] cmd.exe /c del "C:\WINDOWS\temp\gasfkyudracmwcry.tmp"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1046] command.com /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9811] cmd.exe /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8145] command.com /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5273] cmd.exe /c del "C:\WINDOWS\system32\gasfkyewbgrfto.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2350] command.com /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1545] cmd.exe /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8366] command.com /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4550] cmd.exe /c del "C:\WINDOWS\system32\gasfkysswuwkqx.dat"
    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1168243968781
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: AntiPol (AntipPolice_) - Unknown owner - C:\WINDOWS\svchast.exe (file missing)
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 27881 bytes



    Thank you for your help.
  2. 2009-09-24, 19:13 #2
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Duplicate of first topic: http://forums.spybot.info/showthread.php?t=52136
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules