first off just want to say Merry Christmas to everybody. well ok i have been infected by internet security 2010 program. i have looked around on here and tried to fix it myself but ive had no luck. i downloaded the malwarebytes and tried to install it but it wont run it gives an error message sayin something about it can not execute file or something like that. so i downloaded and ran the hijackthis program but im clueless on what to do from there. ok i seen that you guys need to see the log so ill paste it. thanks in advance
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:34:08 PM, on 24/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\winupdate86.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 89.248.168.186 google.ae
O1 - Hosts: 89.248.168.186 google.as
O1 - Hosts: 89.248.168.186 google.at
O1 - Hosts: 89.248.168.186 google.az
O1 - Hosts: 89.248.168.186 google.ba
O1 - Hosts: 89.248.168.186 google.be
O1 - Hosts: 89.248.168.186 google.bg
O1 - Hosts: 89.248.168.186 google.bs
O1 - Hosts: 89.248.168.186 google.ca
O1 - Hosts: 89.248.168.186 google.cd
O1 - Hosts: 89.248.168.186 google.com.gh
O1 - Hosts: 89.248.168.186 google.com.hk
O1 - Hosts: 89.248.168.186 google.com.jm
O1 - Hosts: 89.248.168.186 google.com.mx
O1 - Hosts: 89.248.168.186 google.com.my
O1 - Hosts: 89.248.168.186 google.com.na
O1 - Hosts: 89.248.168.186 google.com.nf
O1 - Hosts: 89.248.168.186 google.com.ng
O1 - Hosts: 89.248.168.186 google.ch
O1 - Hosts: 89.248.168.186 google.com.np
O1 - Hosts: 89.248.168.186 google.com.pr
O1 - Hosts: 89.248.168.186 google.com.qa
O1 - Hosts: 89.248.168.186 google.com.sg
O1 - Hosts: 89.248.168.186 google.com.tj
O1 - Hosts: 89.248.168.186 google.com.tw
O1 - Hosts: 89.248.168.186 google.dj
O1 - Hosts: 89.248.168.186 google.de
O1 - Hosts: 89.248.168.186 google.dk
O1 - Hosts: 89.248.168.186 google.dm
O1 - Hosts: 89.248.168.186 google.ee
O1 - Hosts: 89.248.168.186 google.fi
O1 - Hosts: 89.248.168.186 google.fm
O1 - Hosts: 89.248.168.186 google.fr
O1 - Hosts: 89.248.168.186 google.ge
O1 - Hosts: 89.248.168.186 google.gg
O1 - Hosts: 89.248.168.186 google.gm
O1 - Hosts: 89.248.168.186 google.gr
O1 - Hosts: 89.248.168.186 google.ht
O1 - Hosts: 89.248.168.186 google.ie
O1 - Hosts: 89.248.168.186 google.im
O1 - Hosts: 89.248.168.186 google.in
O1 - Hosts: 89.248.168.186 google.it
O1 - Hosts: 89.248.168.186 google.ki
O1 - Hosts: 89.248.168.186 google.la
O1 - Hosts: 89.248.168.186 google.li
O1 - Hosts: 89.248.168.186 google.lv
O1 - Hosts: 89.248.168.186 google.ma
O1 - Hosts: 89.248.168.186 google.ms
O1 - Hosts: 89.248.168.186 google.mu
O1 - Hosts: 89.248.168.186 google.mw
O1 - Hosts: 89.248.168.186 google.nl
O1 - Hosts: 89.248.168.186 google.no
O1 - Hosts: 89.248.168.186 google.nr
O1 - Hosts: 89.248.168.186 google.nu
O1 - Hosts: 89.248.168.186 google.pl
O1 - Hosts: 89.248.168.186 google.pn
O1 - Hosts: 89.248.168.186 google.pt
O1 - Hosts: 89.248.168.186 google.ro
O1 - Hosts: 89.248.168.186 google.ru
O1 - Hosts: 89.248.168.186 google.rw
O1 - Hosts: 89.248.168.186 google.sc
O1 - Hosts: 89.248.168.186 google.se
O1 - Hosts: 89.248.168.186 google.sh
O1 - Hosts: 89.248.168.186 google.si
O1 - Hosts: 89.248.168.186 google.sm
O1 - Hosts: 89.248.168.186 google.sn
O1 - Hosts: 89.248.168.186 google.st
O1 - Hosts: 89.248.168.186 google.tl
O1 - Hosts: 89.248.168.186 google.tm
O1 - Hosts: 89.248.168.186 google.tt
O1 - Hosts: 89.248.168.186 google.us
O1 - Hosts: 89.248.168.186 google.vu
O1 - Hosts: 89.248.168.186 google.ws
O1 - Hosts: 89.248.168.186 google.co.ck
O1 - Hosts: 89.248.168.186 google.co.id
O1 - Hosts: 89.248.168.186 google.co.il
O1 - Hosts: 89.248.168.186 google.co.in
O1 - Hosts: 89.248.168.186 google.co.jp
O1 - Hosts: 89.248.168.186 google.co.kr
O1 - Hosts: 89.248.168.186 google.co.ls
O1 - Hosts: 89.248.168.186 google.co.ma
O1 - Hosts: 89.248.168.186 google.co.nz
O1 - Hosts: 89.248.168.186 google.co.tz
O1 - Hosts: 89.248.168.186 google.co.ug
O1 - Hosts: 89.248.168.186 google.co.uk
O1 - Hosts: 89.248.168.186 google.co.za
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKLM\..\Run: [dapuwitat] Rundll32.exe "c:\windows\system32\hahohosa.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{55648A69-D7F8-4EC2-AFCA-019A1F7DA71D}: NameServer = 193.104.110.38,4.2.2.1,68.87.68.166 68.87.74.166 192.168.1.1 68.87.68.166 68.87.74.166
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: pukiriji.dll c:\windows\system32\hahohosa.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O21 - SSODL: remolufik - {c287c154-d0bf-4395-ac01-2a5668976070} - c:\windows\system32\hahohosa.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: mujuzedij - {c287c154-d0bf-4395-ac01-2a5668976070} - c:\windows\system32\hahohosa.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Unknown owner - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13290 bytes
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:34:08 PM, on 24/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\WINDOWS\system32\winupdate86.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 89.248.168.186 google.ae
O1 - Hosts: 89.248.168.186 google.as
O1 - Hosts: 89.248.168.186 google.at
O1 - Hosts: 89.248.168.186 google.az
O1 - Hosts: 89.248.168.186 google.ba
O1 - Hosts: 89.248.168.186 google.be
O1 - Hosts: 89.248.168.186 google.bg
O1 - Hosts: 89.248.168.186 google.bs
O1 - Hosts: 89.248.168.186 google.ca
O1 - Hosts: 89.248.168.186 google.cd
O1 - Hosts: 89.248.168.186 google.com.gh
O1 - Hosts: 89.248.168.186 google.com.hk
O1 - Hosts: 89.248.168.186 google.com.jm
O1 - Hosts: 89.248.168.186 google.com.mx
O1 - Hosts: 89.248.168.186 google.com.my
O1 - Hosts: 89.248.168.186 google.com.na
O1 - Hosts: 89.248.168.186 google.com.nf
O1 - Hosts: 89.248.168.186 google.com.ng
O1 - Hosts: 89.248.168.186 google.ch
O1 - Hosts: 89.248.168.186 google.com.np
O1 - Hosts: 89.248.168.186 google.com.pr
O1 - Hosts: 89.248.168.186 google.com.qa
O1 - Hosts: 89.248.168.186 google.com.sg
O1 - Hosts: 89.248.168.186 google.com.tj
O1 - Hosts: 89.248.168.186 google.com.tw
O1 - Hosts: 89.248.168.186 google.dj
O1 - Hosts: 89.248.168.186 google.de
O1 - Hosts: 89.248.168.186 google.dk
O1 - Hosts: 89.248.168.186 google.dm
O1 - Hosts: 89.248.168.186 google.ee
O1 - Hosts: 89.248.168.186 google.fi
O1 - Hosts: 89.248.168.186 google.fm
O1 - Hosts: 89.248.168.186 google.fr
O1 - Hosts: 89.248.168.186 google.ge
O1 - Hosts: 89.248.168.186 google.gg
O1 - Hosts: 89.248.168.186 google.gm
O1 - Hosts: 89.248.168.186 google.gr
O1 - Hosts: 89.248.168.186 google.ht
O1 - Hosts: 89.248.168.186 google.ie
O1 - Hosts: 89.248.168.186 google.im
O1 - Hosts: 89.248.168.186 google.in
O1 - Hosts: 89.248.168.186 google.it
O1 - Hosts: 89.248.168.186 google.ki
O1 - Hosts: 89.248.168.186 google.la
O1 - Hosts: 89.248.168.186 google.li
O1 - Hosts: 89.248.168.186 google.lv
O1 - Hosts: 89.248.168.186 google.ma
O1 - Hosts: 89.248.168.186 google.ms
O1 - Hosts: 89.248.168.186 google.mu
O1 - Hosts: 89.248.168.186 google.mw
O1 - Hosts: 89.248.168.186 google.nl
O1 - Hosts: 89.248.168.186 google.no
O1 - Hosts: 89.248.168.186 google.nr
O1 - Hosts: 89.248.168.186 google.nu
O1 - Hosts: 89.248.168.186 google.pl
O1 - Hosts: 89.248.168.186 google.pn
O1 - Hosts: 89.248.168.186 google.pt
O1 - Hosts: 89.248.168.186 google.ro
O1 - Hosts: 89.248.168.186 google.ru
O1 - Hosts: 89.248.168.186 google.rw
O1 - Hosts: 89.248.168.186 google.sc
O1 - Hosts: 89.248.168.186 google.se
O1 - Hosts: 89.248.168.186 google.sh
O1 - Hosts: 89.248.168.186 google.si
O1 - Hosts: 89.248.168.186 google.sm
O1 - Hosts: 89.248.168.186 google.sn
O1 - Hosts: 89.248.168.186 google.st
O1 - Hosts: 89.248.168.186 google.tl
O1 - Hosts: 89.248.168.186 google.tm
O1 - Hosts: 89.248.168.186 google.tt
O1 - Hosts: 89.248.168.186 google.us
O1 - Hosts: 89.248.168.186 google.vu
O1 - Hosts: 89.248.168.186 google.ws
O1 - Hosts: 89.248.168.186 google.co.ck
O1 - Hosts: 89.248.168.186 google.co.id
O1 - Hosts: 89.248.168.186 google.co.il
O1 - Hosts: 89.248.168.186 google.co.in
O1 - Hosts: 89.248.168.186 google.co.jp
O1 - Hosts: 89.248.168.186 google.co.kr
O1 - Hosts: 89.248.168.186 google.co.ls
O1 - Hosts: 89.248.168.186 google.co.ma
O1 - Hosts: 89.248.168.186 google.co.nz
O1 - Hosts: 89.248.168.186 google.co.tz
O1 - Hosts: 89.248.168.186 google.co.ug
O1 - Hosts: 89.248.168.186 google.co.uk
O1 - Hosts: 89.248.168.186 google.co.za
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKLM\..\Run: [dapuwitat] Rundll32.exe "c:\windows\system32\hahohosa.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{55648A69-D7F8-4EC2-AFCA-019A1F7DA71D}: NameServer = 193.104.110.38,4.2.2.1,68.87.68.166 68.87.74.166 192.168.1.1 68.87.68.166 68.87.74.166
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: pukiriji.dll c:\windows\system32\hahohosa.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O21 - SSODL: remolufik - {c287c154-d0bf-4395-ac01-2a5668976070} - c:\windows\system32\hahohosa.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: mujuzedij - {c287c154-d0bf-4395-ac01-2a5668976070} - c:\windows\system32\hahohosa.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Unknown owner - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: Viewpoint Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13290 bytes