Hello.. am trying to rid a laptop of the malware program Internet Security 2010, plus other problems (browser redirecters, rougeware, etc.). virus has disabled task manager, and other system functins. I am able to do limited things in safe mode. Have downloaded malwarebytes, but it will not open or install. Cannot navigate to antivirus sites, or to your site on infected computer.
Here is a copy of the Hijack this log. thanks in advance for your help, you have pulled me out of a bind in the past, I know you guys will handle this with ease. thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:14 PM, on 1/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode with network support
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\smss32.exe
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yma2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yma2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
F2 - REG:system.ini: UserInit=C:\WINNT\system32\winlogon32.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {97503139-D2B6-481B-81D8-FF4155AED720} - C:\WINNT\system32\cbXOGXOh.dll (file missing)
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [tagojopes] Rundll32.exe "c:\winnt\system32\hidumule.dll",a
O4 - HKLM\..\Run: [smss32.exe] C:\WINNT\system32\smss32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\helper32.dll
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159054299403
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O20 - AppInit_DLLs: zegofuho.dll c:\winnt\system32\zurimusa.dll c:\winnt\system32\hidumule.dll
O20 - Winlogon Notify: ssqOGyvt - ssqOGyvt.dll (file missing)
O21 - SSODL: hukateruf - {86b99dc3-69c4-4275-a47d-fe9e26ca48bf} - c:\winnt\system32\hidumule.dll
O21 - SSODL: gifozafof - {59c77459-4b85-42ba-b3bb-fe55832def20} - c:\winnt\system32\hidumule.dll
O21 - SSODL: nuvenidah - {d7c7492d-fe33-4d35-8841-87448a925bd1} - c:\winnt\system32\hidumule.dll
O21 - SSODL: rumadowat - {2b144af7-7413-4da8-b107-06ddc726aae7} - c:\winnt\system32\hidumule.dll
O21 - SSODL: riluyirer - {daaf16df-e62c-460d-996c-5043e4f4efbe} - c:\winnt\system32\hidumule.dll
O21 - SSODL: tasiwomej - {f1b25228-2166-4539-bbf1-a2245b3b3eb7} - c:\winnt\system32\hidumule.dll
O21 - SSODL: kilozofat - {071baf01-f77c-4951-b86c-8e46ab3b92d4} - c:\winnt\system32\hidumule.dll
O21 - SSODL: denigekeg - {e32ab11f-53c5-4848-92c8-2079c57a1fed} - c:\winnt\system32\hidumule.dll
O21 - SSODL: ponemenoh - {a4b9203d-5f47-4779-80a3-74d5a4b06b98} - c:\winnt\system32\hidumule.dll
O21 - SSODL: hehujojij - {9fe33429-b47d-4467-8a72-4426ca0d8dcb} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: kupuhivus - {86b99dc3-69c4-4275-a47d-fe9e26ca48bf} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: gahurihor - {59c77459-4b85-42ba-b3bb-fe55832def20} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: kupuhivus - {d7c7492d-fe33-4d35-8841-87448a925bd1} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: kupuhivus - {2b144af7-7413-4da8-b107-06ddc726aae7} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: gahurihor - {daaf16df-e62c-460d-996c-5043e4f4efbe} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: tokatiluy - {f1b25228-2166-4539-bbf1-a2245b3b3eb7} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: gahurihor - {071baf01-f77c-4951-b86c-8e46ab3b92d4} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: mujuzedij - {e32ab11f-53c5-4848-92c8-2079c57a1fed} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: jugezatag - {a4b9203d-5f47-4779-80a3-74d5a4b06b98} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: mujuzedij - {9fe33429-b47d-4467-8a72-4426ca0d8dcb} - c:\winnt\system32\hidumule.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10542 bytes
Here is a copy of the Hijack this log. thanks in advance for your help, you have pulled me out of a bind in the past, I know you guys will handle this with ease. thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:14 PM, on 1/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode with network support
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\smss32.exe
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yma2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yma2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
F2 - REG:system.ini: UserInit=C:\WINNT\system32\winlogon32.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {97503139-D2B6-481B-81D8-FF4155AED720} - C:\WINNT\system32\cbXOGXOh.dll (file missing)
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [tagojopes] Rundll32.exe "c:\winnt\system32\hidumule.dll",a
O4 - HKLM\..\Run: [smss32.exe] C:\WINNT\system32\smss32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\helper32.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\helper32.dll
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159054299403
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (file missing)
O20 - AppInit_DLLs: zegofuho.dll c:\winnt\system32\zurimusa.dll c:\winnt\system32\hidumule.dll
O20 - Winlogon Notify: ssqOGyvt - ssqOGyvt.dll (file missing)
O21 - SSODL: hukateruf - {86b99dc3-69c4-4275-a47d-fe9e26ca48bf} - c:\winnt\system32\hidumule.dll
O21 - SSODL: gifozafof - {59c77459-4b85-42ba-b3bb-fe55832def20} - c:\winnt\system32\hidumule.dll
O21 - SSODL: nuvenidah - {d7c7492d-fe33-4d35-8841-87448a925bd1} - c:\winnt\system32\hidumule.dll
O21 - SSODL: rumadowat - {2b144af7-7413-4da8-b107-06ddc726aae7} - c:\winnt\system32\hidumule.dll
O21 - SSODL: riluyirer - {daaf16df-e62c-460d-996c-5043e4f4efbe} - c:\winnt\system32\hidumule.dll
O21 - SSODL: tasiwomej - {f1b25228-2166-4539-bbf1-a2245b3b3eb7} - c:\winnt\system32\hidumule.dll
O21 - SSODL: kilozofat - {071baf01-f77c-4951-b86c-8e46ab3b92d4} - c:\winnt\system32\hidumule.dll
O21 - SSODL: denigekeg - {e32ab11f-53c5-4848-92c8-2079c57a1fed} - c:\winnt\system32\hidumule.dll
O21 - SSODL: ponemenoh - {a4b9203d-5f47-4779-80a3-74d5a4b06b98} - c:\winnt\system32\hidumule.dll
O21 - SSODL: hehujojij - {9fe33429-b47d-4467-8a72-4426ca0d8dcb} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: kupuhivus - {86b99dc3-69c4-4275-a47d-fe9e26ca48bf} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: gahurihor - {59c77459-4b85-42ba-b3bb-fe55832def20} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: kupuhivus - {d7c7492d-fe33-4d35-8841-87448a925bd1} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: kupuhivus - {2b144af7-7413-4da8-b107-06ddc726aae7} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: gahurihor - {daaf16df-e62c-460d-996c-5043e4f4efbe} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: tokatiluy - {f1b25228-2166-4539-bbf1-a2245b3b3eb7} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: gahurihor - {071baf01-f77c-4951-b86c-8e46ab3b92d4} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: mujuzedij - {e32ab11f-53c5-4848-92c8-2079c57a1fed} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: jugezatag - {a4b9203d-5f47-4779-80a3-74d5a4b06b98} - c:\winnt\system32\hidumule.dll
O22 - SharedTaskScheduler: mujuzedij - {9fe33429-b47d-4467-8a72-4426ca0d8dcb} - c:\winnt\system32\hidumule.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10542 bytes