Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Vundo's doin my head in...

2K views 15 replies 2 participants last post by  MFDnNC 
#1 ·
I've looked through loads of threads on fixing Vundo trojan, and I've tried most of the fixes, but the damn thing keeps comin back.:eek:

Can anyone help:confused:

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:26:48, on 07/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ssms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Alan\Desktop\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {2A1DCE3F-437A-4499-AA23-F388D1D8436A} - C:\WINDOWS\system32\pmkhh.dll
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\llvcfmbs.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on TECRA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "Auto EPSON Stylus Photo R200 Series on TECRA" /O16 "\\TECRA\Printer2" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [MSconfig] ssms.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\juosrbmq.dll",realset
O4 - HKLM\..\RunServices: [MSconfig] ssms.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O20 - Winlogon Notify: byxuuss - C:\WINDOWS\SYSTEM32\byxuuss.dll
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10369 bytes
 
See less See more
#2 ·
If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes
==============

Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
 
#3 ·
OK, took me a while to run all of that.
Here is the Vundofix.txt:
VundoFix V6.4.2

Checking Java version...

Scan started at 21:16:09 07/06/2007

Listing files found while scanning....

C:\WINDOWS\SYSTEM32\BYXUUSS.DLL
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\juosrbmq.dll
C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\qmbrsouj.ini
C:\WINDOWS\system32\rqdwtufn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\BYXUUSS.DLL
C:\WINDOWS\SYSTEM32\BYXUUSS.DLL Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\juosrbmq.dll
C:\WINDOWS\system32\juosrbmq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\pmkhh.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qmbrsouj.ini
C:\WINDOWS\system32\qmbrsouj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqdwtufn.dll
C:\WINDOWS\system32\rqdwtufn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\BYXUUSS.DLL
C:\WINDOWS\SYSTEM32\BYXUUSS.DLL Has been deleted!

Performing Repairs to the registry.
Done!

And here is the SuperAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/07/2007 at 11:49 PM

Application Version : 3.8.1002

Core Rules Database Version : 3250
Trace Rules Database Version: 1261

Scan type : Complete Scan
Total Scan Time : 02:14:54

Memory items scanned : 536
Memory threats detected : 0
Registry items scanned : 7555
Registry threats detected : 25
File items scanned : 196747
File threats detected : 124

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{2A1DCE3F-437A-4499-AA23-F388D1D8436A}
HKCR\CLSID\{2A1DCE3F-437A-4499-AA23-F388D1D8436A}
HKCR\CLSID\{2A1DCE3F-437A-4499-AA23-F388D1D8436A}\InprocServer32
HKCR\CLSID\{2A1DCE3F-437A-4499-AA23-F388D1D8436A}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PMKHH.DLL
HKLM\Software\Classes\CLSID\{40FB4FE7-E227-41BD-B8C4-3D77D54F1785}
HKCR\CLSID\{40FB4FE7-E227-41BD-B8C4-3D77D54F1785}
HKCR\CLSID\{40FB4FE7-E227-41BD-B8C4-3D77D54F1785}\InprocServer32
HKCR\CLSID\{40FB4FE7-E227-41BD-B8C4-3D77D54F1785}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{4A7BC98A-34F9-4CA1-90CD-62ECFDC3E5B7}
HKCR\CLSID\{4A7BC98A-34F9-4CA1-90CD-62ECFDC3E5B7}
HKCR\CLSID\{4A7BC98A-34F9-4CA1-90CD-62ECFDC3E5B7}\InprocServer32
HKCR\CLSID\{4A7BC98A-34F9-4CA1-90CD-62ECFDC3E5B7}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{5D7113BA-B2E7-4FED-829E-45AFF08FE24A}
HKCR\CLSID\{5D7113BA-B2E7-4FED-829E-45AFF08FE24A}
HKCR\CLSID\{5D7113BA-B2E7-4FED-829E-45AFF08FE24A}\InprocServer32
HKCR\CLSID\{5D7113BA-B2E7-4FED-829E-45AFF08FE24A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{E1C6E808-CF47-4E77-8D3F-83133480AA73}
HKCR\CLSID\{E1C6E808-CF47-4E77-8D3F-83133480AA73}
HKCR\CLSID\{E1C6E808-CF47-4E77-8D3F-83133480AA73}\InprocServer32
HKCR\CLSID\{E1C6E808-CF47-4E77-8D3F-83133480AA73}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{FED59E8B-5E89-4FDE-8F28-4069510BC244}
HKCR\CLSID\{FED59E8B-5E89-4FDE-8F28-4069510BC244}
HKCR\CLSID\{FED59E8B-5E89-4FDE-8F28-4069510BC244}\InprocServer32
HKCR\CLSID\{FED59E8B-5E89-4FDE-8F28-4069510BC244}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{B71FA585-B351-4E48-8DA8-22F6F705EC73}

Adware.Tracking Cookie
C:\Documents and Settings\Alan\Cookies\alan@bs.serving-sys[2].txt
C:\Documents and Settings\Alan\Cookies\alan@hitbox[1].txt
C:\Documents and Settings\Alan\Cookies\alan@indiads[1].txt
C:\Documents and Settings\Alan\Cookies\alan@cgi-bin[1].txt
C:\Documents and Settings\Alan\Cookies\alan@partygaming.122.2o7[1].txt
C:\Documents and Settings\Alan\Cookies\alan@apmebf[1].txt
C:\Documents and Settings\Alan\Cookies\alan@winantispyware[2].txt
C:\Documents and Settings\Alan\Cookies\alan@adrevolver[3].txt
C:\Documents and Settings\Alan\Cookies\alan@mediaplex[1].txt
C:\Documents and Settings\Alan\Cookies\alan@adbrite[2].txt
C:\Documents and Settings\Alan\Cookies\alan@adopt.euroclick[1].txt
C:\Documents and Settings\Alan\Cookies\alan@www.drivecleaner[2].txt
C:\Documents and Settings\Alan\Cookies\alan@a[1].txt
C:\Documents and Settings\Alan\Cookies\alan@trafficmp[2].txt
C:\Documents and Settings\Alan\Cookies\alan@www.amaena[1].txt
C:\Documents and Settings\Alan\Cookies\alan@www.winantispyware[1].txt
C:\Documents and Settings\Alan\Cookies\alan@zedo[1].txt
C:\Documents and Settings\Alan\Cookies\alan@atdmt[2].txt
C:\Documents and Settings\Alan\Cookies\alan@cpvfeed[2].txt
C:\Documents and Settings\Alan\Cookies\alan@partypoker[2].txt
C:\Documents and Settings\Alan\Cookies\alan@s[1].txt
C:\Documents and Settings\Alan\Cookies\alan@new-pcp[1].txt
C:\Documents and Settings\Alan\Cookies\alan@a.websponsors[2].txt
C:\Documents and Settings\Alan\Cookies\alan@questionmarket[2].txt
C:\Documents and Settings\Alan\Cookies\alan@ad.yieldmanager[1].txt
C:\Documents and Settings\Alan\Cookies\alan@cassava[1].txt
C:\Documents and Settings\Alan\Cookies\alan@divx.adbureau[2].txt
C:\Documents and Settings\Alan\Cookies\alan@ehg-hollywoodmedia.hitbox[1].txt
C:\Documents and Settings\Alan\Cookies\alan@tribalfusion[2].txt
C:\Documents and Settings\Alan\Cookies\alan@adtech[2].txt
C:\Documents and Settings\Alan\Cookies\alan@serving-sys[2].txt
C:\Documents and Settings\Alan\Cookies\alan@ads.pointroll[2].txt
C:\Documents and Settings\Alan\Cookies\alan@www.888[1].txt
C:\Documents and Settings\Alan\Cookies\alan@pacificpoker[1].txt
C:\Documents and Settings\Alan\Cookies\alan@casalemedia[1].txt
C:\Documents and Settings\Alan\Cookies\alan@winantivirus[1].txt
C:\Documents and Settings\Alan\Cookies\alan@3.adbrite[1].txt
C:\Documents and Settings\Alan\Cookies\alan@rotator.adjuggler[1].txt
C:\Documents and Settings\Alan\Cookies\alan@ads.monster[1].txt
C:\Documents and Settings\Alan\Cookies\alan@doubleclick[1].txt
C:\Documents and Settings\Alan\Cookies\alan@stats1.reliablestats[1].txt
C:\Documents and Settings\Alan\Cookies\alan@fastclick[2].txt
C:\Documents and Settings\Alan\Cookies\alan@stats.drivecleaner[2].txt
C:\Documents and Settings\Alan\Cookies\alan@overture[1].txt
C:\Documents and Settings\Alan\Cookies\alan@www.everyclick[1].txt
C:\Documents and Settings\Alan\Cookies\alan@tradedoubler[2].txt
C:\Documents and Settings\Alan\Cookies\alan@adrevolver[1].txt
C:\Documents and Settings\Alan\Cookies\alan@videoegg.adbureau[2].txt
C:\Documents and Settings\Alan\Cookies\alan@www.winantivirus[2].txt
C:\Documents and Settings\Alan\Cookies\alan@888[1].txt
C:\Documents and Settings\Alan\Cookies\alan@advertising[1].txt
C:\Documents and Settings\Alan\Cookies\alan@drivecleaner[1].txt
C:\Documents and Settings\Alan\Cookies\alan@amaena[1].txt
C:\Documents and Settings\Alan\Cookies\alan@ad.zanox[1].txt
C:\Documents and Settings\Administrator.ALANMAIN\Cookies\administrator@msnportal.112.2o7[1].txt

Trojan.Downloader-Gen/SwampDonk
C:\DOCUMENTS AND SETTINGS\ALAN\MY DOCUMENTS\BACKUPS\BACKUP-20070603-094415-679.DLL
C:\DOCUMENTS AND SETTINGS\ALAN\MY DOCUMENTS\BACKUPS\BACKUP-20070603-094619-875.DLL
C:\VUNDOFIX BACKUPS\BYXUUSS.DLL.BAD
C:\VUNDOFIX BACKUPS\CBXYXWX.DLL.BAD
C:\VUNDOFIX BACKUPS\GEBBXVS.DLL.BAD
C:\VUNDOFIX BACKUPS\JKKHHEB.DLL.BAD
C:\VUNDOFIX BACKUPS\SSQONMJ.DLL.BAD
C:\VUNDOFIX BACKUPS\WVUSSTR.DLL.BAD

Trace.Known Threat Sources
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\K1E7WHQV\top_pic2[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\W1M7G9M7\2007[1].htm
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\W1M7G9M7\checksoft[1].js
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\CLMVOPAJ\button2[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\W1M7G9M7\wav_banner[1].swf
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\CLMVOPAJ\knop[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\UD0VMD2P\managers[1].htm
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\O9Q3OXUR\2007[1].htm
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\W1M7G9M7\fonbox2[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\W1M7G9M7\top1_menu[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\O9Q3OXUR\logo[2].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\K1E7WHQV\star[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\W1M7G9M7\boot[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\W1M7G9M7\top[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\O9Q3OXUR\top1[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\O9Q3OXUR\fonbox1[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\CLMVOPAJ\ico1[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\OXWZCN43\index[2].htm
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\010LMF0H\index[1].htm
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\K1E7WHQV\ico2[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\WX6J4HQN\new-edition-label[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\SHMVKXAN\bkg3[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\SHMVKXAN\t_p1[1].png
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\SHMVKXAN\2007[1].htm
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\89YBS5AN\yes[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\O1IV0TQ7\logo[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\89YBS5AN\getnow[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\O1IV0TQ7\button_download[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\WX6J4HQN\ico4[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\SHMVKXAN\bt2[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\O1IV0TQ7\box1c[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\WX6J4HQN\bkg7[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\89YBS5AN\hi[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\WX6J4HQN\ico1[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\SHMVKXAN\bottom_threats[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\89YBS5AN\box4[1].png
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\89YBS5AN\box3[1].png
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\O1IV0TQ7\med[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\O1IV0TQ7\ico3[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\WX6J4HQN\no[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\WX6J4HQN\top_threats[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\SHMVKXAN\box5[1].png
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\89YBS5AN\lo[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\89YBS5AN\box6[1].png
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\SHMVKXAN\bg_menu[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\010LMF0H\2007[1].htm
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\OXWZCN43\top_pic_new2[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\FFPFRDWW\2007[1].htm
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\OXWZCN43\index[1].htm
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\010LMF0H\NewSoftware2007Install[1].cab
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\I72NY5IN\2007[1].htm
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\I72NY5IN\checksoft[1].js
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\I72NY5IN\bar[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\UD0VMD2P\index[1].htm
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\010LMF0H\top1[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\OXWZCN43\styles[1].css
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\010LMF0H\functions.js[1].htm
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\I72NY5IN\button2[1].gif
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\OXWZCN43\wav_banner[1].swf
C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\UD0VMD2P\top1_menu[1].gif

And finally, here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 06:52:23, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ssms.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Alan\Desktop\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on TECRA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "Auto EPSON Stylus Photo R200 Series on TECRA" /O16 "\\TECRA\Printer2" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [MSconfig] ssms.exe
O4 - HKLM\..\RunServices: [MSconfig] ssms.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hggghif - C:\WINDOWS\SYSTEM32\hggghif.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10298 bytes
 
#4 ·
Run vundofix again

Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
· Restart your computer
· After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
· Instead of Windows loading as normal, the Advanced Options Menu should appear;
· Select the first option, to run Windows in Safe Mode, then press Enter.
· Choose your usual account.
· Open the extracted SDFix folder and double click RunThis.bat to start the script.
· Type Y to begin the cleanup process.
· It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
· Press any Key and it will restart the PC.
· When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
· Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
· Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
 
#5 ·
OK, we seem to be getting somewhere. I ran VUNDOFIX, then SDFIX, then VUNDOFIX again. Here are the logs:

SDFix: Version 1.87

Run by Alan - 08/06/2007 - 17:37:20.15

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\SSMS.EXE - Deleted
C:\WINDOWS\system32\ssms.exe - Deleted
C:\DOCUME~1\Alan\LOCALS~1\Temp\tmp*.tmp - Deleted

Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:powerCinema"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\DOCUME~1\\Alan\\LOCALS~1\\Temp\\pinch3(cript).exe"="C:\\DOCUME~1\\Alan\\LOCALS~1\\Temp\\pinch3(cript).exe:*:Enabled:Enabled"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:pMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\Documents and Settings\Alan\SendTo\WLM - soon2bbald@hotmail.com\Desktop.ini
C:\Program Files\Common Files\System\Dllhost.exe
C:\Documents and Settings\Alan\My Documents\Phil's work\dts\design tech systems\~WRL0004.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\hhhkj.tmp
C:\WINDOWS\system32\nnnmp.tmp
C:\WINDOWS\system32\ststv.tmp

Listing User Accounts:

User accounts for \\ALANMAIN

Administrator Alan ASPNET
Clare Guest HelpAssistant
Phil Sara SUPPORT_388945a0

Finished

VundoFix V6.4.2

Checking Java version...

Scan started at 17:05:48 08/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\fqepfjkh.ini
C:\WINDOWS\system32\hggghif.dll
C:\WINDOWS\system32\hkjfpeqf.dll
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\osalmqpv.dll
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\uxnddopy.dll
C:\WINDOWS\system32\vpqmlaso.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awtss.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\fqepfjkh.ini
C:\WINDOWS\system32\fqepfjkh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggghif.dll
C:\WINDOWS\system32\hggghif.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\hkjfpeqf.dll
C:\WINDOWS\system32\hkjfpeqf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\mlljj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\osalmqpv.dll
C:\WINDOWS\system32\osalmqpv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\sstwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\uxnddopy.dll
C:\WINDOWS\system32\uxnddopy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vpqmlaso.ini
C:\WINDOWS\system32\vpqmlaso.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.2

Checking Java version...

Scan started at 17:25:49 08/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\hggghif.dll
C:\WINDOWS\system32\mlljj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\awtss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggghif.dll
C:\WINDOWS\system32\hggghif.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\mlljj.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.2

Checking Java version...

Scan started at 18:24:05 08/06/2007

Listing files found while scanning....

[SASInprocServer32]

Beginning removal...

Performing Repairs to the registry.
Done!
 
#6 ·
And the HJT log part 1:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:39:08, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Alan\Desktop\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0239BA51-C78F-4664-A5A7-6AF00150AA99} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {023BFC2C-70E5-4693-95B4-552EE82C7C9D} - (no file)
O2 - BHO: (no name) - {03507415-64BD-4623-8B6F-A08B2DCF3985} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {03632AC6-E0B7-48AD-B5BD-31FC2A550C4B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {039E4477-89B1-434C-BBFF-7EF1C19FEDF0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {03B9CF98-25E7-47B0-8A83-6B14E4E6E6F3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {04028663-931A-448C-9F3D-D196590F2A66} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {047147DE-8BCC-4505-9242-90C752EB20C4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {04D4F6A7-01D1-4DE1-9BAD-C7E5BAE59FD3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {064D727E-9378-466D-A78C-27E73DFB2F00} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {066F7CFB-28C8-4BC4-A6F0-A409144496CE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {06E6FE0D-9F1E-465F-949F-8DE76E22630E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {06F215BF-D8D7-4876-A9EB-5EA4FC45CF99} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0710C554-7587-454E-86BF-158AA2296AC3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {074507EE-415B-4D23-9C95-4E937194D8D9} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {081846AF-57CF-43D5-8CAB-14FC0682B2BF} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0889B836-FE78-4215-B33B-424E17B8D1AB} - (no file)
O2 - BHO: (no name) - {0893E2DA-A96B-47F2-888A-8261E7A564AD} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {090210D9-4EEA-4E14-A003-EA94E32BD27A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {09720528-57B0-4BDD-95C8-4AA56C03A0C5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0972B280-163E-44D8-8D40-0DC1D5F298DB} - (no file)
O2 - BHO: (no name) - {0977634C-8181-41B2-B104-B3AFA0C94778} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0A0193DA-7393-4387-B889-E842980E9B50} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0BB68C77-B951-4A9E-BCAC-53DD75D5F0DA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0BFD2240-DD8F-457C-9A46-C7CDF13E1C36} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0C3D2EE8-0AF8-4B1C-8299-9AC0504559A5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0C83A797-6EAE-4CB3-A86B-4FFD3D5BC31B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0CC53515-EB48-4574-A449-C3124C20B15C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0D175E7D-D869-4A88-B561-813309037460} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0DB5F37F-1FD4-49D9-8D3A-B06C37D286B3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0DDDD29C-9A6A-46D9-97B1-8D1167616197} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0E9FAA82-6769-4A16-AF41-59AFB40AFA2B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0F11E7B7-A055-48A2-99C5-6760930E627E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0F1C342C-AF42-4361-8E74-A3ED1B99F4C3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0F497436-D970-41AE-BF03-8CC22DF9F088} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0F6040DB-CB86-4B67-AE3E-7C2D58603CB4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0F7ED0C1-A483-4AE7-8BF3-3B893A78D065} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {0FB86EED-F669-4E92-93AF-DEEF9E29138D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {1022489C-F472-41AC-87AC-68D89C8311BA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {1048834C-0D11-4F63-9E45-25319480E717} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {104DA625-E15A-45BB-AA24-594DB9FB6C6A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {10726A8A-26CC-497C-A2DD-F1827EE2EA1D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {10D703A2-5B04-4333-AF55-A5F434895D54} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {117CF694-EB62-46D0-9CDB-FEA3D1540B19} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {11ACD3BC-EAEB-4F6B-BB0A-FB7E1860DFB4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {11ADB444-6D98-4FA7-B1D4-BA22269A8216} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {11B64523-3132-4CEC-9559-18076FA0BF5C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {12AE35B5-93E2-4D19-9943-CB1356E2CD95} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {130485EB-697A-456E-A4EA-E3F3BFADDD84} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {137857FC-63E3-4608-A1E9-FECB2123930B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {138D6DF2-57CA-4C7F-9F07-13D2309EBA44} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {13D44599-F48E-4F63-9D80-9C1D6F8872B2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {13E2CEB2-0FA3-4401-98E7-46D83C2C0C45} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {13E99A30-881F-4BF2-9A0C-C17592EA48C8} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {144FC097-2A42-47EE-9742-E012A78E03FD} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {14D779A7-D595-4D95-B9DD-81977DEAE6A4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {14E64E18-5509-457C-AAE1-84102698258E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {150F5C5F-9815-4A4C-AB55-6455304A71DD} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {151739F7-54A7-4A4E-81B7-556F75AB6885} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {15418330-450D-4BFD-AAEA-AFFE3AD3663F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {156B6F8E-0309-4AF1-A352-1B59DF6BED56} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {160E5923-AECE-4CF9-A18B-C527FD5B10F9} - (no file)
O2 - BHO: (no name) - {16327928-B380-43BD-A39A-B8FE2B04BAE1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {16C417BF-AD6A-4150-A481-109F3BE853B0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {16C87C5E-C857-4707-BB4F-9734DC89022C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {1718CAA7-082E-4F45-A436-D96E580E84D4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {185D3ABF-FB67-4ED4-9ED9-21BB78CF0B18} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {18BBC605-75BA-4F75-8284-89FEEEAB85F8} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {194821EB-A0BA-4007-8EF2-514251ED4280} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {196FE791-759F-492B-BBC8-3B61BEE1F566} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {1B0AA610-D5E3-457E-815F-FD9C32894FC6} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {1B3FEE36-B126-47C4-A29B-4C8575CD5CD3} - (no file)
O2 - BHO: (no name) - {1C48EBB3-2FE0-4CC7-A705-7D9433690D9E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {1C6571B6-47B3-4157-A9EB-C3EEC61C3355} - (no file)
O2 - BHO: (no name) - {1CBB7425-7675-4DBB-A7E6-AA4B2D36B252} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {1D26746B-AE3B-4C68-8C15-673C1B1F47DA} - (no file)
O2 - BHO: (no name) - {1D2D4A22-3398-442A-9E17-76A5998D29C1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {1D7ED0F0-C62B-46E9-9773-CA267033149D} - (no file)
O2 - BHO: (no name) - {1D9CF385-D81A-4931-926E-B99108488C39} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {1E625F1F-5FD1-4AD7-8893-F5291AE2ADBC} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {1F68046C-002A-4D14-8556-36AD4ADB4848} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {1F860413-EC78-4A68-B4C5-84CC1FA0A6A7} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2042CB27-3C5C-4C1F-A88A-9B460EB5B3F8} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {20557122-256B-47E0-A8C5-FEFB4761834F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {206D6207-D864-48F1-9D75-FB5F5EE605C4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {209B3EC4-64C3-4C02-94F3-E07537725747} - (no file)
O2 - BHO: (no name) - {20B89F94-C252-45AA-B3E1-E98F49C5AC4A} - (no file)
O2 - BHO: (no name) - {21233ED0-9637-4FC8-BE96-32379798E636} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2442665C-2497-4A30-ACA3-3D02E2ABB7F7} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {244637EA-57D8-483D-A6F5-B2A9315A741F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {24C0DCB1-B0B9-47BE-AC61-A63DD35CF1AA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {24E4D97C-2A0F-40D2-B52D-3D09C9C080BC} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2518533C-A919-46A6-A2B2-5D0E8A61AD28} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {25DDB5CA-F0D2-45CD-B181-0DDAA35F0727} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {26580654-6761-4E07-BC81-582084D19943} - (no file)
O2 - BHO: (no name) - {26A8DD4B-1B1C-4BE5-B8D0-C80075086CA2} - (no file)
O2 - BHO: (no name) - {26BFCB2E-4C9E-4291-971C-9F5851DEB9C1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {26D7E030-817D-4910-978A-75E10B62E74D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {26EA2182-4431-4937-AA19-CE2B0BAA68B4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2709CA5A-6DFF-44B5-8F1F-1C1FD7091F99} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2755A113-071A-445E-9A0D-EA1F252EB199} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {278EECD4-9269-4CF5-8849-42AA0BAC7D50} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {28179E35-FB54-49CF-A59D-D414636EC66D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2835B879-6B92-41C1-96F4-E503C64D7DE4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {283B4F7A-C2F9-4782-AD65-AEB214CC1658} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {284E4ECC-4D76-466C-9D22-A3CB9252EB72} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {288D5DD7-393E-466E-91FB-0467D6673FF3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {289FCF67-11E4-4F94-A4F3-7781DA074CBD} - (no file)
O2 - BHO: (no name) - {292FB4D0-12C1-4107-B6F8-152CD58B6916} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2A0A9C3D-2072-492B-A972-B7C41B68FF50} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2A7D6D26-6466-470C-B5DE-32F83E7CF4F4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2B105F4A-2264-4EE3-A9BC-4F1757127E68} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2BA0E6EF-9E63-408C-8AE1-6D7EBC1CCE8D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2C63DAF6-E912-45CA-B997-9CB83DBFDFFD} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2CADC95E-F471-4348-983F-B125E961B05F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2D673E9C-AB5C-472D-A7F2-55DBFA6CD0C4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2DC3A148-8D4B-4671-A7B6-DE4750649FF1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2DC6FB00-6F03-4361-9153-DDD79F219ECB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2E53A870-D628-4242-B079-6383881A83DF} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {2EB16329-F80F-4FC4-96CA-3A5CC05808CD} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {301CFF8D-C7C8-440A-A371-C5669680F621} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {30250382-A0F0-4C3E-B3EC-6ED17A38E264} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {30E96683-E599-49B3-B6E7-ED27AC5FB023} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {315D2561-BC18-4C5A-AF28-8DB51157F20A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {31A7DCFF-30DD-4160-87C4-0E0AF5C7FC2C} - (no file)
O2 - BHO: (no name) - {32C8427F-5013-4793-9084-0891BBAE96EB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {362B1109-EFF8-48B5-ADAF-91B61EC43DAF} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {368E3EF8-BAAE-4E0D-89B6-B7E8046295FB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {36A0F45D-BC5E-47BB-854F-D0D7E3994C53} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {36CD2AAC-67FD-4A4A-A825-4DA68A0E0B54} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {373CDE58-F9EC-439A-844E-BD242A69A571} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {375D66E0-6ACD-4C34-A336-DE1FD17BA7E3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {37BE4872-B2A0-4776-9C58-D9FC1ADAB796} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {37BF701A-1993-4CC6-98DE-E6BD296EFB82} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {38312AF2-B320-44C1-BDF7-963F8165AD7A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {38BCCB3F-B0C4-42A6-BA5B-58C10196413B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {39123394-65F0-4630-B0B0-C0EC7C9124BE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {396AF5A7-9454-43F1-A772-716E05101813} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3A181AC6-D3EF-406D-9117-7EDACAE15796} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3B062FC6-7A17-4BC8-BF4D-365A9B59CFA7} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3B3D82C2-D4EE-4A79-BD7F-33505FDB10A3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3C0CE222-D2EE-44BF-BCDA-1CE547F44756} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3C1CC416-608A-45DC-9A18-8EBF4D6BB5C9} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3C44C6AA-FB49-4CC0-80CD-07B30604EA1F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3C5DE7D7-8C6E-498C-93BB-32E0B4B09238} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3CE481BC-909E-4582-A3D8-8EE42A4B4AB5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3D26AFDD-0499-4E77-B115-F34904A25596} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3D27D75D-3FBA-4332-8622-D96385B60445} - (no file)
O2 - BHO: (no name) - {3D99655E-A0B9-4967-A513-53EF9CCEB0B5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3EDB73C9-EB9A-4783-8738-203E24327FF4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3F812A05-8788-4239-8CB2-0EA7E57543EA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {3F85DBEA-BF24-4B0D-9B5B-1B940FA520F1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {40292575-6E95-4A2D-81DE-629A64760CE3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4080ED72-87AB-4F00-96F8-6490EC08B967} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {40E40A21-2BF7-466A-86D5-77C8D2F5DEC4} - (no file)
O2 - BHO: (no name) - {4165E890-CB86-4D79-8B64-3B0CFD42BED5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4191E091-53A2-41B8-88DD-7D4CBDBDDF9B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4195681F-59FB-4A9B-9130-C11D961C74C7} - (no file)
O2 - BHO: (no name) - {41F11251-CF65-420C-AA14-B514313FECDD} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {41F5D894-392B-46DF-AD50-34315C3B1383} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {423E379D-DCC8-413D-9ED6-C43DB7598A34} - (no file)
O2 - BHO: (no name) - {431895CB-D134-4001-BC65-B5A163C34787} - (no file)
O2 - BHO: (no name) - {434C64D3-7F3A-492F-96B3-7ED507BF6A6F} - (no file)
O2 - BHO: (no name) - {43AE14D1-5429-4DD9-B683-5CAACD8EB72E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {43CC101B-F474-4DE3-AA1C-07DCD1A3BD07} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {445F2468-15AE-4137-A828-B845AF7AC409} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {448CD4EB-7E12-469F-B0BC-6131451DC0B2} - (no file)
O2 - BHO: (no name) - {465B1220-63FA-48F7-B5B9-825DB06F2282} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {46832E18-B764-4D9E-9170-EBE8C4E487A5} - (no file)
O2 - BHO: (no name) - {46B7F772-FFB8-4598-99B8-32F32F2A847E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {46D52D6B-C4EF-41D5-B68C-EAC67C46E983} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {46FD0393-1BE5-4777-A419-5CB1C5B10C26} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {47243EE8-6A37-4B6C-9E25-DADA4F81E27B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4759E3F7-9A6D-4AD5-9334-0BD94A65517F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {485EF0BD-036E-4D1A-B832-4E30DA89028D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {48A7677D-79AC-4DE3-82C3-ED2A41B94521} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {48FAB7EB-433B-427E-B4DC-6005F863280D} - (no file)
O2 - BHO: (no name) - {4951878C-492A-4BC3-8265-258372DA1294} - (no file)
O2 - BHO: (no name) - {495B605B-C385-4EFD-883D-3D4A4828A65B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {49CA03CE-5E79-4522-BE40-471FABF98E9A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4A070626-87AF-4A03-B7BC-587A26A23384} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4A918564-FE1B-486F-9C9C-87B0F132DD17} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4AED394D-8107-4E7D-BAE1-63FF606A65E0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4AEDF620-96B7-4A03-AA45-A78608F5958E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4B33DB14-3D02-444E-9822-279815C798F1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4CD31A0D-6AC8-47C0-A7D2-636883AF6377} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4D070531-C606-413D-9F1D-CC93A832CD09} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4D13D66A-4585-41D9-8E68-FB2664883C18} - (no file)
O2 - BHO: (no name) - {4E1E6692-F46E-4678-9F0F-6C8B21ABF2A4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4EBF3387-D157-4E0E-99DA-11BE55844B54} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4EEACE18-E281-475E-BF13-2639D58CC96F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4F154D71-3989-4371-A60B-463F0C5B97B9} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {4F354378-BE55-436F-9FE9-6DD61F6ABDA6} - (no file)
O2 - BHO: (no name) - {5025C430-5C8E-4F0E-8906-BF7BB02F1F64} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {506C434E-9E41-404F-857C-FE719A89DFF7} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {50A96D79-38D8-4E9B-8991-3E12D35DE770} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {50C923B3-2BD5-48E8-B239-3111B01E5C15} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {518FCC67-DE21-44DF-968A-5DD050710B5D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {51A26B9E-BD98-4742-A625-923DF1C103A9} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {51D47B4E-1870-46D3-B264-53EF0170CE51} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {51E2FCE8-2D7E-46DB-BF7E-6B963B8E14DF} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {526318D7-4A22-452F-A5F5-67988EA4F707} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {53131B68-1E1E-49AE-A262-312D7DD74920} - (no file)
O2 - BHO: (no name) - {5446260C-B9E0-412E-B097-121C03C58980} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {545CFE98-6E5E-4C94-A925-7DEC2347CE63} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {54A77F44-79CC-45C5-BEA6-2326442D089B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5591A225-ED98-4997-8D64-75DA893C5A10} - (no file)
O2 - BHO: (no name) - {5633DDCA-D9AA-4AFD-8A55-A03C30F0E133} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {56574ADF-0183-4DD4-B82A-3902D68428D9} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {56624F5F-87DC-4D40-B800-3388C3CF3477} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {56A46029-E51A-482A-B072-A90969A6B7EC} - (no file)
O2 - BHO: (no name) - {56E9ABD1-5005-4925-B164-1EB21CF4948B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5743CB09-7585-4065-9CC0-0DFB64CEE233} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5789D3D2-598E-4A1D-84CB-B945E70D34C0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {57BC9557-1352-4A23-80AB-23FF79A5A76A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {57C29A3F-BD76-4721-9763-3D78A8DF4B5A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {57CAA101-CB83-40D7-A27C-9563BE9A1BEC} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {580C21E0-6B53-4DC6-81FA-F9CB42307D8B} - (no file)
O2 - BHO: (no name) - {5816AF9D-E9EF-443F-A740-1B5F7A24130C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {582292B5-20ED-4ED5-87D3-8E2E20151BA8} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {58FC6260-8491-4BEE-A0AE-37E643D9E344} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {59A6A428-6889-4365-A1F6-46FFAF0F6A09} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5A534A39-AFBD-4527-A7B7-7F2C6933D507} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5A7E5FA9-D2F5-4B0D-96D0-451A92D72D0F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5AC8EA8F-8119-4499-8111-9D969BE77EEF} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5BAFCCFE-14A5-4709-804D-2DA9FDBFD2E0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5BDDDEEA-9FDD-44A0-AC94-C746704BB96D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5C9B9F71-C1D5-4CB5-A685-BA746ECAF52A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5CF08F6D-B675-4AD0-8A65-3C5D28AD04D8} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5DD6CAD0-0B4E-473F-9AE4-B066F126ABCB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5DDD51B7-9D21-470A-9F7A-F3FC4432478E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5E9600CD-DE22-41D5-807C-C2972750BC69} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5F1204B6-B884-4F88-961A-95FD5C8384CA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5F5F857E-F879-4EFC-83CF-7D6512554AD7} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {5FBE9ED7-4A11-4565-9E3D-828C9712956B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {604CB587-D4E2-4E10-99E7-DC3470B2BC0E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {606FD6E3-E402-47D1-95AC-CF3E4E687D91} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {61167E24-F207-4E00-9029-D5F8C6322D05} - (no file)
O2 - BHO: (no name) - {6194F886-8A9A-4405-82B0-4F4049E9EF23} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {61D1146D-6525-4AD8-BAE3-CDF36F57B849} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {61F62655-74EF-4F51-8220-C9F9267AB077} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {64040E12-F70A-44CF-A405-E287B5EDB06D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {645F7C20-C4D3-40BC-B2CC-C6FBE4EF7B01} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {64C2ABE3-0DE6-4578-8962-9326757754FA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {65233475-8A48-4657-8D4C-EBD70FD1B367} - (no file)
O2 - BHO: (no name) - {652B00F6-04F5-4631-B263-E9866C7B855C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {662A284D-DCF7-40E8-BFC0-ED14F7A53CA7} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {668B3198-2F2F-4ABC-BC05-813FD78AD0A0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6804B910-A6BE-4EB9-840F-DCE1A6668B4E} - (no file)
O2 - BHO: (no name) - {683A0BF0-D2E4-42F0-ACA6-BF3EF020A6B1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {68658FDD-DD3E-4600-A5F3-D652315BB237} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {689E57E7-7FE4-49B7-A270-99133F07A818} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {697CF117-1C05-42E6-B7B3-008B85888B27} - [SASInprocServer32] (file missing)
 
#7 ·
.....and part 2:
O2 - BHO: (no name) - {6B07DA1D-E105-4A11-A1E3-70BA59B6B2A0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6B28C66F-5262-4F9D-977E-74C26EB149E6} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6B7519E5-59B4-4934-94D3-5136104E37D2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6BA19A4B-D22E-4A56-9E15-2326F0042472} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6BC1B4FB-11B8-41F3-A215-32A4091892C7} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6C61B80C-B1FB-44D3-B93E-F88624E623FF} - (no file)
O2 - BHO: (no name) - {6C9D93B0-0087-43C6-BEBA-B1070C39E268} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6D3BD1D3-BE1F-45E0-AE56-7D903D768220} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6D6CDD15-F496-4BB8-927D-13D7287D6209} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6DAA777E-860E-414B-89A9-3DF232AAD62B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6E492BFC-CFA2-440E-BD78-286A2D3BA4FE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6EAA0EE7-F248-4AA6-A3FB-6D6188258B4B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6F35125B-3375-4732-81F7-244D77B827EE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6F4D4873-4DF0-4DB7-99DC-E6719DDA0AE5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {6F5D763B-9FD3-4D01-8224-54215C774826} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {70893271-D3E5-49EE-AF4A-42D94CF6A8A1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {70A90383-D69D-4C12-988F-7DC2409995A7} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {71A9F3D4-5AEB-4FC0-8917-D5FF3482E311} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {71AC70AF-CEC8-4425-85F4-E0099621082B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {71B0ADB7-91B7-49FF-A286-1BB07CCD749C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {720CF49B-D6FA-47A3-8A29-707B8B64BBA2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {72A2ED36-CB5E-41FD-A2E7-54871D57FDEA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {73334974-EAC2-4067-A299-1E076FF75089} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {742A03CE-D2F6-4E37-AEE5-2EA41851D902} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {75880316-CE2F-4CC4-8FE1-F8E4C8CCCB49} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {75E2E92B-A833-42FE-BE28-9D97C0C1B556} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {75F2E45D-AEA9-4428-9F44-43F04EB1DDB1} - (no file)
O2 - BHO: (no name) - {75F990E1-6CB9-42D7-83BE-637ECBC3A132} - (no file)
O2 - BHO: (no name) - {768CAD24-7ABE-4F7E-9AF9-85FBCE19E597} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {76BEBAB3-8881-4C3C-8A6B-370D110897B2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {76CF634B-BCA0-4530-8B7B-A9EAB700E3A2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {76D2C943-CFEA-46C6-8704-C0D130064D58} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {77501687-085F-42C2-BF60-920B2E3FA301} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {77E201FE-A4AA-4A85-8E80-034717888DFE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {787AB6C9-C985-4DA1-9191-7F14D2F7C234} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7913B5A9-57B2-40DE-8855-19BE6E7594CE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {79348AB5-46B9-45D3-8926-50EB82B3F34F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7969432E-4203-4256-9292-C67E5E194643} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {79ECCC91-19A7-44A3-9929-C831EDD473F2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7A12243E-7D97-4CEA-AF6B-F115C3E4E915} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7B4ABC84-6D50-4954-AF21-9A5AFDB119C3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7B7E9BC3-8D32-4C92-9D5E-530673AF0BE5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7BAD1D22-56E1-4C69-AF46-B785DB5C223B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7C0525BF-438A-4A40-BF1D-08074341BDC5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7D0876EA-5F1C-4F3B-AC73-57F17D5F17A0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7D1EC320-B8B4-4C5C-B525-1FC81424982A} - (no file)
O2 - BHO: (no name) - {7D406496-1A97-4A09-AA7C-6662EEC74934} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7E492C2E-8898-45C2-8930-B9068CD28C91} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7E59497C-5064-4B89-8BEE-5EABB86E90DE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7E90A979-450F-4FC8-B653-3400274505E0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7EDEA9BB-E205-4DF2-900D-84B049AE2CB5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7F0D14CD-7CD7-4ED7-980C-0FB1CEACC4F8} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {7F668C4A-5683-4368-BA1E-28E38EF9F8E3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8024153E-06F1-4785-9A81-72F3E9E449A0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {805768AD-4D72-41E2-9BFC-3DE19DB34720} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {80623DD2-5494-4E07-BBCF-97A0FA5C66C7} - (no file)
O2 - BHO: (no name) - {80EE7A48-DE62-4258-9F5A-A177B60F530B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {80FD5434-99D2-4505-8165-EB25E17CC3B3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {81148A8E-A7F6-4AA1-8301-E00619FE53D8} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {824E406C-B0A8-4350-BB0D-2D01FFB98DEA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {828DD074-F7C7-409C-AAFB-81F3DFB2D45A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {82B956E1-865A-491F-9DFA-233618A1A6DA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {832556FA-01CE-4602-B733-C5AC28882BF4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {83261179-A605-4EF3-A0D1-61377D0AEB93} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {833A0458-2C39-41DC-9E30-39F72D6EE5D5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {835C7A3F-219E-41A3-8AB9-EB3B6C0FA045} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {83D72405-C8F1-4FAB-B8C3-779F320B42B3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {850808D4-ED85-4D1E-87D7-CA4CDF8D001A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {859F97E0-3518-48CF-8173-FED4C6828AA3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {85D9AE98-A2A3-4894-B109-441D95C3DB18} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8645C1BF-63FC-4F19-B6EA-5B1BD29423FE} - (no file)
O2 - BHO: (no name) - {8658FE8A-1ED1-4941-BDC3-964ABAF9760E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {86C96261-C019-4A36-A8BB-0A1C784107F9} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {86FFB15C-76F5-4650-B2C8-554DEEBAD025} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {889B5383-DA16-42D3-B5C8-98043B29E4CF} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {893189E6-C397-4414-8A74-514F8A4E5024} - (no file)
O2 - BHO: (no name) - {8A73C1E8-E57F-428C-996B-B3BB38CE33E5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8AA53CA4-F390-439F-9C0C-48B0986835DD} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8B320D75-9A06-45CC-88F7-A97C1631B831} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8C7822F5-51D3-46AE-8816-2D7C9CBFAB60} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8CDF759C-12F1-40F9-BDDE-8C5E02A423F2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8D9EC3A8-721C-414A-83E0-CA9D47D49021} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8E294DA6-D7DC-4440-B125-CE00352AD63F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8E4CE7BE-6046-4A36-ABFD-1AA3E7FC6151} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8E77E659-C0BB-4EB7-AFAC-686DE147473B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8EA61D1D-C807-4863-A0BC-AEFF102C3544} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8EEE033E-9521-4A6E-A1E4-A2E2DDDBD23D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {8F7287DB-9825-432F-9A46-A2B52DC2EA43} - (no file)
O2 - BHO: (no name) - {9176E64E-51E8-487F-A92B-2E40CC1F448D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {92E8A228-4E76-4553-A803-D7C65FCB3B28} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {92E8AFFE-1013-46EA-9BA2-BB747CDBFF7C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {93B5D363-98FE-4861-9492-9F20B66A0F24} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {944F5ACC-EF04-48FC-950C-EC02AB7B2E67} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {94B2755D-6EB3-4AB6-804F-2CE4D38CE64C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {94DBDFD5-2AC7-4EA9-9F32-12C3C8AA938F} - (no file)
O2 - BHO: (no name) - {94DE16F0-A235-4C39-98D9-578B68C8145F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {951BD7B6-E8CD-4285-B041-46EF3241AD85} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {955226BE-61B8-4EEA-A5C3-29F75DC82300} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {95AAAAA0-7A61-494D-A552-ACAC59B0C63B} - (no file)
O2 - BHO: (no name) - {95C78980-36DE-4008-AF66-D9053677C473} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {95D09D54-7AC2-421C-B62B-19030453AECA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {967EEE89-0570-4087-B230-C01A9AAFE977} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {96CDF715-D437-4E55-9CC1-5AEAB000EA1A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {972562AF-E1C9-4693-B936-9A5B05549B8D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {981560E7-D450-432B-8E02-E314ED13904F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9859F072-56AE-4E7F-8DD7-371CC0B67F83} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9862A5B4-8E56-45F9-AA54-FAD830961426} - (no file)
O2 - BHO: (no name) - {9943825C-C0CA-458F-B925-EE8FB37AE064} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {99CF88B0-E570-43A7-A713-9B6558674F35} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {99DBD89C-4FFC-4066-B8E1-60706FF138D3} - (no file)
O2 - BHO: (no name) - {9AB6675F-E8E5-4FDB-85E4-13DF2610491D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9BA6E333-8D4F-4B68-ADDF-F6B927201342} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9C0B7AD5-C24C-45B1-854C-EDB2C8D993CF} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9CEB6830-945C-481E-868A-49D7BEEDCE13} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9CFA5B4F-8717-4181-B1F6-0CC1ED4B4AB5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9D38EB98-8B8A-4FCC-9EEF-F042DB24E390} - (no file)
O2 - BHO: (no name) - {9D41C3F1-5A18-40E0-8932-324B9797EAF0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9D6EF958-1BEE-4A8F-9C34-BEF3B4982347} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9DA1C298-71DE-40BE-869F-D0599B68FBA6} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9DA84ED8-74FB-45F8-A727-1EFB7F326FB7} - (no file)
O2 - BHO: (no name) - {9DD49941-93B3-411E-9C4E-E3B6483CCFD5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9DF4EF4D-AABB-455B-BDF3-20C3FFCAC0CF} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9EC84A2F-0E14-4D42-ADD0-7BBFDDD0AB0D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9ECF2739-BAB9-432E-BEF9-CBB782D4C43E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9ED89080-11F4-4A85-BD39-13A31D3E0DF9} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9EE1AC51-27C2-4FE7-8558-D925FB39EEF1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9F59DF34-7399-431F-9F37-89375086F6D1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9F7DA6FA-6483-494C-B1AF-6C7FFCB8A993} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {9F96F15A-8FF0-4324-9137-BACB487EB056} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A021BD54-3A65-4650-AF74-200027DB76BA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A0462E9A-98E5-433A-9490-D4BA29816AE9} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A11F1EAE-45B0-4BC9-8FB7-9E7510125FD1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A122F089-849A-400C-8264-95EBBFE84592} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A18E6BC8-CE62-469E-92EE-01230338EF46} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A201441A-C890-4470-958F-B795FA099934} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A2712C11-016B-4A72-B4D7-D91313934963} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A28BCC82-F35E-43BC-8F2A-65423ECEB897} - (no file)
O2 - BHO: (no name) - {A2B5E212-E2D9-45B6-9956-BF336D512C5C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A30B63F2-FA0D-458C-B5A8-7D42C4266216} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A3985C9F-3D21-4E2A-92F0-CDACE23901F4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A477F53F-D43D-4916-8098-ECC5A6C7E905} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A4963BE5-B3AE-41FA-8985-1E949C2A7007} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A4A0BE6A-7CE6-4768-8958-6219ECCB1018} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A588C5C2-4A35-4494-9B39-741294519FBE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A58C3758-C2C1-4354-A6C9-4AB8E982F39F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A636B31C-73E8-419B-BDFF-FC8BD5F1A868} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A63F9E86-6FFE-421A-82E4-2A60CAD06C4A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A65C917B-9C7D-40F7-9D9C-212DB2A31CE4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A66F5518-20EE-43D9-8B10-666F8256E732} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A6CDD36B-5CEC-40B0-89FE-34405169BB9F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A7C11938-817D-4324-A7B7-761D967B35FE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A8490A8B-11A1-4844-B1AF-E56486F39334} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A8723483-7283-4790-B268-CBC8B2F61F41} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A8A5E3CF-D9EE-46EA-991C-63C60FE15525} - (no file)
O2 - BHO: (no name) - {A8ABD23A-CD1D-4A64-9313-B1A257BA71BE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A8FE4891-3B29-409D-A3A9-801F8633511B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A90D3EDF-8229-4514-8363-E1421F3B715A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A963C8D0-812D-4759-B443-C5F51E56BB3D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A99E4D55-8477-4479-A1E6-EAA68A46BBE6} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {A9D1A5CD-8952-4022-90A9-F2A6DAD4EF69} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AA2BDF6B-4117-441B-AE13-386682AA387E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AA4F4EA8-7DBC-449E-8BE9-BCFDC4001FAA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AAA36A60-A46B-4218-931F-4573782090AB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AAAA4660-5F45-45EA-B6FC-711577EC1FF2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AB15A26B-62BC-46BB-A872-102BB4D2ABC3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AD44BA14-1D06-4FBD-80C4-0F42AECD2B1F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AD836011-2228-4AA1-8F9A-9C3AC331CB77} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AD837E55-021D-4638-BFD7-01F8E0496DD5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AE0029DD-E196-4CEA-AE67-A64C7769F9BE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AE2091E3-0523-41A7-8FC1-2B076D0041C9} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AEA806DA-542A-4515-83A6-4342D2569FF9} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AF214BFC-AF1A-4227-AF2C-F4D3B938E68C} - (no file)
O2 - BHO: (no name) - {AF6E757F-C318-4733-8915-99CF339B9754} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {AFA50811-77C9-4E35-8081-2FE56399F824} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B0B75155-EBB9-4A68-99C4-BB6250B93422} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B1177504-EB39-4477-AB75-93EBF86C2F94} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B202C3DD-6273-4061-9A30-BD93AACA6783} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B2CA1827-E928-434C-A915-667BA462BF0C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B545655A-9D4A-4B10-9012-B2BDE1E65C65} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B56F74EA-D5AB-4A1B-B31F-EB23C775D293} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B5A57D56-95BE-4802-BFC3-DB45CE1C0DCB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B601F5DE-E060-4EDB-B605-AE734F33E9CF} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B6B2986F-4E68-4483-94A6-5086AC80179A} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B6F7406F-CA9D-487F-B76F-4D127E8B27B5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B708F13F-C588-4A84-9ECB-D2A30FF40DD0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B793D961-0CBE-42CD-A149-AF67B66E53CA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B7BCD987-58C6-4662-A5E1-DD0641EAD1DA} - (no file)
O2 - BHO: (no name) - {B7BF2F9A-B6C9-448A-B90C-B41A244CB4C7} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B8104D19-2E8E-4C26-9457-E2C6CB020940} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B88EEBB2-A946-44D4-A0BA-F59643B1939C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B8A24D44-1A98-4F92-AE22-8B290BCAE8CA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B8CB3638-9CE9-42FB-AB0F-1845CAF0CC7D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B9422FCA-C931-490E-A946-E5AB51768C4C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {B9F65385-4D29-4143-A138-DF8065F91251} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {BA5F1EB3-723A-4EF3-B16C-475247201E54} - (no file)
O2 - BHO: (no name) - {BA9C8AE0-39B1-48AD-BD6D-2EACD96726C6} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {BAF57676-5C9E-47C0-8244-9B823DAFD788} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {BB6C1D50-CC2B-402C-ADDA-2040A1C510E0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {BB7F242C-DFA6-40C7-9224-BAF09BD23402} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {BBD122DB-B013-4E0E-97C0-B815B222D7B4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {BC2757CD-1525-408E-9FFF-39CD8F63E2CB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {BC6AF8D1-7843-4FAD-A11C-8EF79F2C08D2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {BDA04F87-F30E-4AFF-A855-0E4BCB87FBBE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {BDBB7EBF-54A2-44C2-87BF-733B717747D1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {BEC26514-9236-435A-84EC-27EF1D0771C5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {BFACA693-902F-42A8-8952-B6074BA6507B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {BFECAF19-314D-4D95-9B87-D621B7FD68A2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C037C73E-2505-461E-AE7A-88D9F3EF98B5} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C0960482-F27A-4A6D-9CD0-221A09FF8BA7} - (no file)
O2 - BHO: (no name) - {C12C8B7E-651D-499C-B1C5-45D5FEA2D883} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C2660095-F4EC-4966-BE6D-3A673E2D7754} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C2A3248E-B1B1-47F4-8B97-C4CBFDDB135D} - (no file)
O2 - BHO: (no name) - {C2BA3405-C64D-465C-93A1-D03FBC514C61} - (no file)
O2 - BHO: (no name) - {C2E7BFAC-1DEE-4642-9238-848E05C716D2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C4656287-C1A2-43C6-911F-12873753EFC2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C496FCAB-B5ED-4BD3-BF26-6FBB87047EAE} - (no file)
O2 - BHO: (no name) - {C6357063-D4A8-4150-9DDF-15546A7690BC} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C6374652-0AAE-457F-9705-2A99D85785F9} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C6604990-90B8-4BEE-9BB9-594932ECF662} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C6A958CE-E588-4629-8405-3483898E3D8C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C74B845D-3290-4998-8B66-51033D07F9E6} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C75E7929-BA76-47D1-9AAF-2D5B88590A40} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C80FC0ED-BB61-4787-97EF-962250B3C4AF} - (no file)
O2 - BHO: (no name) - {C87367A8-E0C8-4E4C-92CE-4912B60A8282} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C8ABBEB3-4E41-4AC4-9C2C-5B75D2360B92} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C8CEDD0D-829E-4BE1-9AC3-C4D11D200225} - (no file)
O2 - BHO: (no name) - {C9113DF2-49BC-4040-B631-2A5D8236F329} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {C9B57C29-E019-4F14-AD33-4530E887CC30} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {CA2B7A4F-4BBC-4617-9C98-F0D7475FF92A} - (no file)
O2 - BHO: (no name) - {CA2D635E-CE2B-4068-B932-9347C674F33E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {CAA4673E-4A51-411C-BEB9-B7C1FDF74CDF} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {CB19B579-05DA-4545-B161-68DD10405EC6} - (no file)
O2 - BHO: (no name) - {CB2470EA-6960-4E72-AA39-0B7B4421AE1F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {CBD10B39-1E5E-49DA-AE64-9E90E1891349} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {CBE98C3D-5BB9-4333-9CCC-633B0A182987} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {CCE882E3-6C28-4377-9006-AE3090E77749} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {CD0D52CF-7B3E-4C53-9714-994E89124BAC} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {CE3A1576-FB0F-4BF0-9598-87DF122F29CA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {CE69F41C-0203-4DF0-98C3-AF016E82F0A3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {CE9592DD-D92D-40AF-89E8-C6D0B19C28BE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D15DA152-C7F6-4C8D-8CAF-40C0727E9EFD} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D167ADDD-E7D6-4DAA-9270-6916734AC8E2} - (no file)
O2 - BHO: (no name) - {D17E0ADA-7226-4DB5-808F-143A14BC9B82} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D2426FA5-5E34-4B20-9B6A-4B5E41D1AFB4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D2C06EBD-CAA1-4CC6-BBF9-743A98D887D6} - (no file)
O2 - BHO: (no name) - {D3197CDB-467C-4852-A979-F09089D577D6} - (no file)
O2 - BHO: (no name) - {D398C268-046E-495F-81CF-F1D0AECC26FE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D3C8F51A-1034-445E-9E70-6C7C3CC8B791} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D3E0C8E6-485C-415C-A0DF-8BA3F8DCF8AB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D4014FBC-8B04-4457-9C9C-AFF97D5AA950} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D56D5432-E2C2-4167-91CC-2C7A8687BDCE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D58FC160-8252-4B41-8A97-D05F4F5C0C79} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D631F93C-DFAF-465C-BE43-580ACA5C4122} - (no file)
O2 - BHO: (no name) - {D6B4D9BB-2E92-4797-92BB-88FDD9C67D9F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D71781F5-3B98-48D1-BB90-08F1EA02CCEF} - (no file)
 
#8 ·
...and part 4:
O2 - BHO: (no name) - {D7A5B31E-1B74-408D-8120-8BE5F63844DB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D7C077FA-DD4A-4673-AB1D-8D6E52238B65} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D8644AEB-CCDF-46A0-9CEF-469A135E5485} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D892FDD3-B4EF-4589-8FBD-1C051C955057} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D8C33F52-547D-4ACD-9B2F-197020F8B729} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D8F0F84F-6D2C-4470-8A51-6BA8D732BF6D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D901CB87-9DA4-4D08-915C-A36D7405FBB2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {D9CB1E06-6F0F-425D-97A1-02E5C32DD4C0} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DA3757C8-CBB7-4EA4-B95B-7DB9A8232F69} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DA458176-3989-4D68-B105-7566424B418B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DA4ACD90-41E6-4F7F-B4BE-5848B37F5322} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DAD595D8-D259-4F48-8E29-72E126805C04} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DAE8449A-08A2-44B4-B29B-4D6E4D9771BA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DB15D38B-13F3-4F26-A045-7E5497DD43AB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DB34D0A3-D6F5-4E9E-A71B-09327598E78B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DB628AD7-8D1E-4B3F-B7BA-A4FFEBBDEB9B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DB8A65F5-FB69-4EA8-85E4-2263155E2399} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DBDE12F1-F56C-48E4-BD09-5379D3B7928C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DBEB870B-D8D1-4627-B9B3-76C11725E814} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DE324FA5-56D3-4D52-8BA8-CABC8130865D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {DECC6E9D-A46C-4261-88AF-120137CE0602} - (no file)
O2 - BHO: (no name) - {DFA2D027-61D1-44CE-ABF4-028D05729642} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E04372EE-1B59-4D38-97E6-25A567BFE2CB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E0876ADA-D235-4C33-940E-02D2AFA7391D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E09A481D-26A5-4FD3-A089-880C8A7FF4BB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E0F3700C-6E9B-40C7-B635-4D43FF0DAC6D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\gxhevtyk.dll
O2 - BHO: (no name) - {E14E6A64-EA5E-41EE-B2EC-996D01F92FBD} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E15F1604-800B-4E76-8B9A-78BA5AB52A47} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E190DBA1-1EB7-465A-90A8-5A081A6A9776} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E2118620-9836-4C43-9AD7-1A72AE48C2C3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E2C267E1-2BEB-432E-9075-F7AC01D8EF67} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E3419752-BEF6-42AC-889F-20067F5D88A3} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E382D4AB-ED44-4445-AE5D-A0289DA22913} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E3EC07D0-7E97-4344-BD6A-1847ECEB4A91} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E48D3066-6BF3-440A-A07E-A02FDB844A27} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E49A0EAB-D2B9-4C74-A817-E29B09A6908C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E4CB11A0-F8F3-462C-A8D6-25236EBA8DAA} - (no file)
O2 - BHO: (no name) - {E5B4718B-8F70-40B6-9AAF-FA6888C37564} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E5FBAE38-54DA-43BB-8EF9-81B6BBBF6FF4} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E70FF82B-0EB7-46D1-9345-1D66267B2C26} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E718F843-FCFE-4B61-9170-14B2E4465D50} - (no file)
O2 - BHO: (no name) - {E7E9D640-0E0E-4925-9A5E-0060D8323433} - (no file)
O2 - BHO: (no name) - {E8B75A7D-CCD9-4848-A46F-CE87AAA7C3F7} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E910F10E-4B3C-4FEB-BAA0-DEA6ED1A95EF} - (no file)
O2 - BHO: (no name) - {E924D02F-E7E8-41EE-B368-11D3CFED377F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E95263BA-4A71-4D58-B4A4-3E65D320A94E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E98EBFEF-9418-4607-99D8-624DCB7BC423} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E9920AF0-D94D-4229-B3A4-05A8057FD8DB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {E99642E4-C05F-4F61-A573-064058F56255} - (no file)
O2 - BHO: (no name) - {E9AD04F3-3F6A-4BC0-BFFE-A3ED8429EC82} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {EA074FF1-110F-4316-9AEF-3C478A45463D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {EAA20642-85AF-49F1-B55C-7F0EBDA3ED18} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {EB7B286F-3AF2-457B-BC99-EF13EA1B59A2} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {EBB8E54A-E251-4B60-8518-68A2D294CC0B} - (no file)
O2 - BHO: (no name) - {EBFCA2DD-EA77-4D40-B136-91A6259B03EC} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {ED69453F-A248-4012-A2D7-F4B4837AB545} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {EDE2FF4A-A97C-48E2-AE2A-1A009D06F43F} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {EE0865C8-C7B8-4DDE-A071-DEC4CE06483E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {EE7F6859-8795-41D2-BEB2-C4772FCEDA32} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {EE8B96CC-9153-4ED7-9BDA-02044D21C92A} - (no file)
O2 - BHO: (no name) - {EE8F8451-D5B2-4074-BE7D-EA3C05506712} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {EF4A2B06-AD7A-4D03-ADE3-47739AB9D585} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F03A90ED-8E1A-4496-A590-E5B9597ACA2B} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F04F9A6C-5DBA-4CB0-AA1F-46FECAB01140} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F073A161-B915-45C3-8381-6C9EF392261D} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F07AD567-AFB3-4C5E-84E7-CA90B626C157} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F0A9AF13-5F39-42FE-8FB6-794A03F6CA59} - (no file)
O2 - BHO: (no name) - {F1E69443-DAA3-4739-9BAA-898F5F9E31FC} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F220C071-82BE-4331-A1E8-23F43649D28C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F2657839-AE99-43EF-8BB8-8F780A0AEB8A} - (no file)
O2 - BHO: (no name) - {F281B3D0-A9D1-445D-AFA4-0FC385F29125} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F2BA55D4-96EA-4E3F-B7B4-D4671726AF23} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F3245BAB-2B68-4E86-84DF-BFD665F59108} - (no file)
O2 - BHO: (no name) - {F37B4187-FE8C-4F71-ADE1-2E4AE9B88DEA} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F38E380C-8B37-4AF9-8CAA-B0EFBAA22B84} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F4F3E0D0-6ED8-4E45-A907-5AF602BDDF48} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F59B243E-CDEE-43F1-A91F-25B21797E582} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F5C0217A-FEBD-488B-B72D-3674520BA4FC} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F5CE70E4-0D8B-4FD0-B7F4-D8C68A4D919C} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F5D482A6-3683-43C5-A56F-B21235828FFB} - (no file)
O2 - BHO: (no name) - {F5E3F337-FD7F-48F5-843B-18B9FA4B3FDF} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F671DAD3-2799-4182-8DD6-78AE4C5F3066} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F72CCB88-FD5D-4C70-A209-D8C26C646914} - (no file)
O2 - BHO: (no name) - {F74BEDAD-2BAA-46A4-BCFD-193F19D5115E} - (no file)
O2 - BHO: (no name) - {F8B1C753-BE63-4EB5-8861-192778BDDB67} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F9AD6936-CE43-4411-9E12-DB8FE09E6BCB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F9C8DFCD-B89F-4552-9F0B-169CB90F8109} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {F9E3ADCE-C3FC-417E-9806-B60981D07076} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FA52CC8F-FE1C-4A60-9BFA-68E9E13627AE} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FACB269E-2733-4D5C-B118-C953ED4DB588} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FACC0251-6394-40A3-A642-D9E712C1EA36} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FB6C6C31-BB83-4D08-8729-12F9A0DE896E} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FBEB40F6-6E5E-4848-87C9-320A8D8ED690} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FC4DC684-AF29-46EE-9D3B-F8894B71CEA6} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FCBBF648-87B6-498D-88C6-D87C870BAB65} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FF0D2B94-4C06-45D7-8CAB-C82088799CEB} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FF1B7A7F-A23E-4ABC-AA1D-E4DF526BF904} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FF45682D-E330-47AD-9DB9-14C5C1220751} - (no file)
O2 - BHO: (no name) - {FF4E41A3-BA5B-48C5-A2C9-D012645BE311} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FF5F79F0-79C2-4019-A369-47E470359131} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FF9B16CF-68DA-4071-B85F-0A8191D38AB2} - (no file)
O2 - BHO: (no name) - {FFC8C31A-D2D1-42AC-866F-F0AC8E92F537} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FFDB233B-CC55-4AFB-B614-2B286F9C0109} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {FFE97B2F-1E06-45C0-9A5B-E2D4E20D0502} - [SASInprocServer32] (file missing)
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on TECRA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "Auto EPSON Stylus Photo R200 Series on TECRA" /O16 "\\TECRA\Printer2" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 68905 bytes
 
#10 ·
OK, deleted the O2's:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:04:30, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Alan\Desktop\Hijack\HiJackThis_v2.exe
C:\Program Files\MSN Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on TECRA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "Auto EPSON Stylus Photo R200 Series on TECRA" /O16 "\\TECRA\Printer2" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10244 bytes
 
#11 ·
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O23 - Service: COM+ System Application Manage (COM+ System Manager) - Unknown owner - C:\Program Files\Common Files\System\Dllhost.exe
============
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

COM+ System Application Manage

Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

=============
DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\Common Files\System\Dllhost.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 
#12 ·
OK, everything seemed to work.:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:41:33, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Alan\Desktop\Hijack\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O5 "LPT1:" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on TECRA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "Auto EPSON Stylus Photo R200 Series on TECRA" /O16 "\\TECRA\Printer2" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F3CDE44-9FBE-4CF3-8485-793355B37CDD}: NameServer = 192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10072 bytes
 
#15 ·
The Vundo trojan seems to have been defeated, but I did have to run XoftSpySE to remove some leftovers, which it managed to do.
The only problem left now is that XoftSpySE is reporting Virus.Win32.Delf.ak is in the registry. It can't seem to remove them, or it reports it has but they are back next scan.
Don't seem to be getting any payload like I was with Vundo.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top