Trojans & auto-emails, help please :)[RESOLVED]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Trojans & auto-emails, help please :)[RESOLVED]

#1 Discogod

Group: Member
Posts: 12
Joined: 02-May 05

Posted 02 May 2005 - 02:36 PM

about every 5 mins i get a virus popup - a trojan horse. It's located at C:\WINDOWS\system32\atlbc32.exe, the malware name is Win32:Tojano-1175[Trj]

A the same time, i get an IE screen popup going to here: http://www.slimshield.com/landing.htm?wm=n...ield&subacc=004

Using Avast i delete this Virus, then another pops up. This one is located at C:\\WINDOWS\system32\addaa32.exe Win32:Trojano-1218[Trj]

I've followed the sticky post on this page installing no end of ad-aware & sypbot busters & doing online scans & honestly yes, i've cut down on the amount of virus messages i'm getting (used to get loads of adaware messages). I've also had Avast block approx 30 (each time) outgoing automatic emails about drugs, pharmacy & viruses (i think), that's not happening anymore although i got 1 single one when i last rebooted 10 minutes ago.

My default browser is firefox, although i rarely use IE - whenever i do use IE i think i get a virus although i'm scared to try right now!

So, anybody please help, i'm a complete newbie when it comes to this sort of stuff! any help absolutely appreciated.

EDIT: oh i forgot, earlier i could also not open task manager - but i can now.
EDIT2: antoher thing! sometimes viruses(or adaware) used to pop up that i couldn't delete as either a) it wasn't there or b) it was being used!
I haven't had a virus since i wrote this original message about 10 mins ago! yay me!
Oh & i've noticed how there's loads of exe crap in my log, i delete all this stuff manually (the files) but htey obviously keep coming back somehow... well, you guys will understand more than i.
EDIT3: [bleep]! i've had teh suspicious email message thing pop up through avast agani! there's about 20 of them, all about young girls! eek!
EDIT4: Ha! D a m m i t isn't rude surely! anyway, 30 mins later i agani get about 20 messages..... this time there's one that states: INTERNET CONNECTION TIMEOUT ELAPSED. CONTINUE WAITING? (WI32.EXE -> MTA-V1.LEVEL3.MAIL.VIP.MUD.YAHOO.COM:25)
you can click either Yes or No, i've clicked No..... oh, just got another one, this one is for (WI32.EXE -> MX01.ALLTEL.NET:25)

Here's the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 21:25:54, on 02/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\Cbo.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wi32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A6B1DE48-E2B5-5C45-88EB-509D77A96D02} - C:\WINDOWS\sdkah.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [autoupd] C:\WINDOWS\autoupd\autoupd.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Oms] C:\WINDOWS\Chi.exe
O4 - HKLM\..\Run: [Ovf] C:\WINDOWS\System32\Cbo.exe
O4 - HKLM\..\Run: [Rtl] C:\WINDOWS\Jtt.exe
O4 - HKLM\..\Run: [Vtc] C:\WINDOWS\Gug.exe
O4 - HKLM\..\Run: [Anc] C:\WINDOWS\System32\Atl.exe
O4 - HKLM\..\Run: [Tjn] C:\WINDOWS\Eks.exe
O4 - HKLM\..\Run: [Bgv] C:\WINDOWS\System32\Blf.exe
O4 - HKLM\..\Run: [Ept] C:\WINDOWS\System32\Atj.exe
O4 - HKLM\..\Run: [Uck] C:\WINDOWS\System32\Mro.exe
O4 - HKLM\..\Run: [Blv] C:\WINDOWS\Apv.exe
O4 - HKLM\..\Run: [Osp] C:\WINDOWS\Fto.exe
O4 - HKLM\..\Run: [Icg] C:\WINDOWS\Gdv.exe
O4 - HKLM\..\Run: [Kip] C:\WINDOWS\Gof.exe
O4 - HKLM\..\Run: [Hlu] C:\WINDOWS\System32\Fhp.exe
O4 - HKLM\..\Run: [Htc] C:\WINDOWS\Hbb.exe
O4 - HKLM\..\Run: [Jut] C:\WINDOWS\System32\Oti.exe
O4 - HKLM\..\Run: [Muk] C:\WINDOWS\System32\Eep.exe
O4 - HKLM\..\Run: [Ptn] C:\WINDOWS\System32\Qvg.exe
O4 - HKLM\..\Run: [Bjb] C:\WINDOWS\Vpk.exe
O4 - HKLM\..\Run: [Ooj] C:\WINDOWS\System32\Eef.exe
O4 - HKLM\..\Run: [Qfb] C:\WINDOWS\System32\Njm.exe
O4 - HKLM\..\Run: [Etm] C:\WINDOWS\Njg.exe
O4 - HKLM\..\Run: [Ivd] C:\WINDOWS\System32\Tod.exe
O4 - HKLM\..\Run: [Luq] C:\WINDOWS\Jfq.exe
O4 - HKLM\..\Run: [Jcr] C:\WINDOWS\System32\Pta.exe
O4 - HKLM\..\Run: [Jvb] C:\WINDOWS\System32\Ska.exe
O4 - HKLM\..\Run: [Uag] C:\WINDOWS\Ncg.exe
O4 - HKLM\..\Run: [Pcd] C:\WINDOWS\Duo.exe
O4 - HKLM\..\Run: [Vcq] C:\WINDOWS\Use.exe
O4 - HKLM\..\Run: [Etn] C:\WINDOWS\Tna.exe
O4 - HKLM\..\Run: [Ecl] C:\WINDOWS\Jhc.exe
O4 - HKLM\..\Run: [Lmn] C:\WINDOWS\Tma.exe
O4 - HKLM\..\Run: [Ttg] C:\WINDOWS\Udh.exe
O4 - HKLM\..\Run: [Qiu] C:\WINDOWS\System32\Cld.exe
O4 - HKLM\..\Run: [Pvg] C:\WINDOWS\System32\Fel.exe
O4 - HKLM\..\Run: [Inb] C:\WINDOWS\Ibk.exe
O4 - HKLM\..\Run: [Uqq] C:\WINDOWS\System32\Nvd.exe
O4 - HKLM\..\Run: [Ujq] C:\WINDOWS\System32\Cnv.exe
O4 - HKLM\..\Run: [Psr] C:\WINDOWS\Mga.exe
O4 - HKLM\..\Run: [Pmf] C:\WINDOWS\Kut.exe
O4 - HKLM\..\Run: [Atl] C:\WINDOWS\Std.exe
O4 - HKLM\..\Run: [Erf] C:\WINDOWS\Rjo.exe
O4 - HKLM\..\Run: [Eld] C:\WINDOWS\Ltp.exe
O4 - HKLM\..\Run: [Eou] C:\WINDOWS\System32\Unj.exe
O4 - HKLM\..\Run: [Kvq] C:\WINDOWS\Shd.exe
O4 - HKLM\..\Run: [Lpu] C:\WINDOWS\Hbl.exe
O4 - HKLM\..\Run: [Vuq] C:\WINDOWS\Hoq.exe
O4 - HKLM\..\Run: [Bej] C:\WINDOWS\Jdr.exe
O4 - HKLM\..\Run: [Tkg] C:\WINDOWS\System32\Bmc.exe
O4 - HKLM\..\Run: [Mah] C:\WINDOWS\System32\Jbg.exe
O4 - HKLM\..\Run: [Jop] C:\WINDOWS\System32\Afh.exe
O4 - HKLM\..\Run: [Bes] C:\WINDOWS\Mrf.exe
O4 - HKLM\..\Run: [Qht] C:\WINDOWS\System32\Pbt.exe
O4 - HKLM\..\Run: [Hij] C:\WINDOWS\Vpv.exe
O4 - HKLM\..\Run: [Kjh] C:\WINDOWS\Vtq.exe
O4 - HKLM\..\Run: [Esq] C:\WINDOWS\System32\Crb.exe
O4 - HKLM\..\Run: [Sdq] C:\WINDOWS\Svv.exe
O4 - HKLM\..\Run: [Oaf] C:\WINDOWS\Ptm.exe
O4 - HKLM\..\Run: [Icq] C:\WINDOWS\System32\Uqh.exe
O4 - HKLM\..\Run: [Kkl] C:\WINDOWS\Kec.exe
O4 - HKLM\..\Run: [Qeg] C:\WINDOWS\Kim.exe
O4 - HKLM\..\Run: [Bhu] C:\WINDOWS\Nvv.exe
O4 - HKLM\..\Run: [Rda] C:\WINDOWS\Stt.exe
O4 - HKLM\..\Run: [Igl] C:\WINDOWS\Kqk.exe
O4 - HKLM\..\Run: [Evh] C:\WINDOWS\System32\Lhv.exe
O4 - HKLM\..\Run: [Dtg] C:\WINDOWS\System32\Jtu.exe
O4 - HKLM\..\Run: [Prs] C:\WINDOWS\Ndf.exe
O4 - HKLM\..\Run: [Oif] C:\WINDOWS\Kgg.exe
O4 - HKLM\..\Run: [Cer] C:\WINDOWS\Nnp.exe
O4 - HKLM\..\Run: [Dfv] C:\WINDOWS\System32\Shf.exe
O4 - HKLM\..\Run: [Eor] C:\WINDOWS\System32\Ivj.exe
O4 - HKLM\..\Run: [Rrj] C:\WINDOWS\Eqe.exe
O4 - HKLM\..\Run: [Rlr] C:\WINDOWS\Lcs.exe
O4 - HKLM\..\Run: [Eqa] C:\WINDOWS\Kcu.exe
O4 - HKLM\..\Run: [Bcm] C:\WINDOWS\System32\Vtl.exe
O4 - HKLM\..\Run: [Vje] C:\WINDOWS\Iak.exe
O4 - HKLM\..\Run: [Nnl] C:\WINDOWS\Nve.exe
O4 - HKLM\..\Run: [Qpc] C:\WINDOWS\System32\Alo.exe
O4 - HKLM\..\Run: [Cto] C:\WINDOWS\System32\Kbl.exe
O4 - HKLM\..\Run: [Ikd] C:\WINDOWS\System32\Hmp.exe
O4 - HKLM\..\Run: [Kfh] C:\WINDOWS\Erj.exe
O4 - HKLM\..\Run: [Eme] C:\WINDOWS\System32\Str.exe
O4 - HKLM\..\Run: [Qhl] C:\WINDOWS\Cfp.exe
O4 - HKLM\..\Run: [Vov] C:\WINDOWS\System32\Bvl.exe
O4 - HKLM\..\Run: [Nsh] C:\WINDOWS\System32\Cle.exe
O4 - HKLM\..\Run: [Rjn] C:\WINDOWS\Vag.exe
O4 - HKLM\..\Run: [Blp] C:\WINDOWS\Bnq.exe
O4 - HKLM\..\Run: [Fpq] C:\WINDOWS\Jvm.exe
O4 - HKLM\..\Run: [Ooc] C:\WINDOWS\System32\Psj.exe
O4 - HKLM\..\Run: [Urt] C:\WINDOWS\System32\Bqh.exe
O4 - HKLM\..\Run: [Uec] C:\WINDOWS\Ebk.exe
O4 - HKLM\..\Run: [Fcg] C:\WINDOWS\Hjd.exe
O4 - HKLM\..\Run: [Otb] C:\WINDOWS\System32\Sdp.exe
O4 - HKLM\..\Run: [Ptd] C:\WINDOWS\Ejh.exe
O4 - HKLM\..\Run: [Bng] C:\WINDOWS\System32\Abh.exe
O4 - HKLM\..\Run: [Bgb] C:\WINDOWS\System32\Cbo.exe
O4 - HKLM\..\Run: [Lvb] C:\WINDOWS\Ust.exe
O4 - HKLM\..\Run: [Gph] C:\WINDOWS\System32\Ocu.exe
O4 - HKLM\..\Run: [Itl] C:\WINDOWS\System32\Mvf.exe
O4 - HKLM\..\Run: [Dfq] C:\WINDOWS\Mkc.exe
O4 - HKLM\..\Run: [Csr] C:\WINDOWS\Vcv.exe
O4 - HKLM\..\Run: [Tkc] C:\WINDOWS\System32\Khm.exe
O4 - HKLM\..\Run: [Rta] C:\WINDOWS\System32\Slo.exe
O4 - HKLM\..\Run: [Rqo] C:\WINDOWS\System32\Mgo.exe
O4 - HKLM\..\Run: [Rmt] C:\WINDOWS\System32\Hhd.exe
O4 - HKLM\..\Run: [Hps] C:\WINDOWS\System32\Sku.exe
O4 - HKLM\..\Run: [Cjd] C:\WINDOWS\Vcv.exe
O4 - HKLM\..\Run: [Sfu] C:\WINDOWS\System32\Qks.exe
O4 - HKLM\..\Run: [Aeh] C:\WINDOWS\Kbl.exe
O4 - HKLM\..\Run: [Jko] C:\WINDOWS\Oam.exe
O4 - HKLM\..\Run: [Obk] C:\WINDOWS\Eeq.exe
O4 - HKLM\..\Run: [Usj] C:\WINDOWS\System32\Gqg.exe
O4 - HKLM\..\Run: [Ibq] C:\WINDOWS\Dtd.exe
O4 - HKLM\..\Run: [Qrs] C:\WINDOWS\Vqk.exe
O4 - HKLM\..\Run: [Gcm] C:\WINDOWS\System32\Cpo.exe
O4 - HKLM\..\Run: [Lvr] C:\WINDOWS\Ura.exe
O4 - HKLM\..\Run: [Reu] C:\WINDOWS\Aan.exe
O4 - HKLM\..\Run: [Auh] C:\WINDOWS\Def.exe
O4 - HKLM\..\Run: [Cnt] C:\WINDOWS\Kds.exe
O4 - HKLM\..\Run: [Vbt] C:\WINDOWS\System32\Mkv.exe
O4 - HKLM\..\Run: [Cat] C:\WINDOWS\System32\Ehi.exe
O4 - HKLM\..\Run: [Dsk] C:\WINDOWS\Gvf.exe
O4 - HKLM\..\Run: [Nke] C:\WINDOWS\Vbc.exe
O4 - HKLM\..\Run: [Cro] C:\WINDOWS\Bmk.exe
O4 - HKLM\..\Run: [Nnh] C:\WINDOWS\System32\Uut.exe
O4 - HKLM\..\Run: [Bac] C:\WINDOWS\Khf.exe
O4 - HKLM\..\Run: [Tjv] C:\WINDOWS\System32\Ggb.exe
O4 - HKLM\..\Run: [Oge] C:\WINDOWS\System32\Mas.exe
O4 - HKLM\..\Run: [Slo] C:\WINDOWS\Tst.exe
O4 - HKLM\..\Run: [Reg] C:\WINDOWS\System32\Isg.exe
O4 - HKLM\..\Run: [Jpi] C:\WINDOWS\System32\Nfv.exe
O4 - HKLM\..\Run: [Jsh] C:\WINDOWS\Vrb.exe
O4 - HKLM\..\Run: [Bnu] C:\WINDOWS\Jmr.exe
O4 - HKLM\..\Run: [Odq] C:\WINDOWS\Kvo.exe
O4 - HKLM\..\Run: [Eui] C:\WINDOWS\System32\Sub.exe
O4 - HKLM\..\Run: [Hrn] C:\WINDOWS\Tah.exe
O4 - HKLM\..\Run: [Crr] C:\WINDOWS\System32\Naa.exe
O4 - HKLM\..\Run: [Occ] C:\WINDOWS\System32\Cgd.exe
O4 - HKLM\..\Run: [Hre] C:\WINDOWS\System32\Ami.exe
O4 - HKLM\..\Run: [Bsd] C:\WINDOWS\System32\Oqq.exe
O4 - HKLM\..\Run: [Bol] C:\WINDOWS\Nul.exe
O4 - HKLM\..\Run: [Fqg] C:\WINDOWS\System32\Psn.exe
O4 - HKLM\..\Run: [Hup] C:\WINDOWS\Jqh.exe
O4 - HKLM\..\Run: [Epk] C:\WINDOWS\System32\Ojl.exe
O4 - HKLM\..\Run: [Ngh] C:\WINDOWS\Skp.exe
O4 - HKLM\..\Run: [Kuh] C:\WINDOWS\Kfh.exe
O4 - HKLM\..\Run: [Grs] C:\WINDOWS\System32\Fab.exe
O4 - HKLM\..\Run: [Hso] C:\WINDOWS\System32\Goi.exe
O4 - HKLM\..\Run: [Uaf] C:\WINDOWS\Sro.exe
O4 - HKLM\..\Run: [Dsn] C:\WINDOWS\System32\Kgv.exe
O4 - HKLM\..\Run: [Hao] C:\WINDOWS\System32\Gkh.exe
O4 - HKLM\..\Run: [Nub] C:\WINDOWS\System32\Hpv.exe
O4 - HKLM\..\Run: [Pii] C:\WINDOWS\Ecr.exe
O4 - HKLM\..\Run: [Jhc] C:\WINDOWS\Rdj.exe
O4 - HKLM\..\Run: [Djq] C:\WINDOWS\System32\Cll.exe
O4 - HKLM\..\Run: [Nec] C:\WINDOWS\Saq.exe
O4 - HKLM\..\Run: [Bhs] C:\WINDOWS\System32\Qed.exe
O4 - HKLM\..\Run: [Bip] C:\WINDOWS\Osr.exe
O4 - HKLM\..\Run: [Vko] C:\WINDOWS\Eqg.exe
O4 - HKLM\..\Run: [Ous] C:\WINDOWS\Dhs.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???????\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Oms] C:\WINDOWS\Chi.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\System32\wi32.exe
O4 - HKCU\..\Run: [Ovf] C:\WINDOWS\System32\Cbo.exe
O4 - HKCU\..\Run: [Rtl] C:\WINDOWS\Jtt.exe
O4 - HKCU\..\Run: [Vtc] C:\WINDOWS\Gug.exe
O4 - HKCU\..\Run: [Anc] C:\WINDOWS\System32\Atl.exe
O4 - HKCU\..\Run: [Tjn] C:\WINDOWS\Eks.exe
O4 - HKCU\..\Run: [Bgv] C:\WINDOWS\System32\Blf.exe
O4 - HKCU\..\Run: [Ept] C:\WINDOWS\System32\Atj.exe
O4 - HKCU\..\Run: [Uck] C:\WINDOWS\System32\Mro.exe
O4 - HKCU\..\Run: [Blv] C:\WINDOWS\Apv.exe
O4 - HKCU\..\Run: [Osp] C:\WINDOWS\Fto.exe
O4 - HKCU\..\Run: [Icg] C:\WINDOWS\Gdv.exe
O4 - HKCU\..\Run: [Kip] C:\WINDOWS\Gof.exe
O4 - HKCU\..\Run: [Hlu] C:\WINDOWS\System32\Fhp.exe
O4 - HKCU\..\Run: [Htc] C:\WINDOWS\Hbb.exe
O4 - HKCU\..\Run: [Jut] C:\WINDOWS\System32\Oti.exe
O4 - HKCU\..\Run: [Muk] C:\WINDOWS\System32\Eep.exe
O4 - HKCU\..\Run: [Ptn] C:\WINDOWS\System32\Qvg.exe
O4 - HKCU\..\Run: [Bjb] C:\WINDOWS\Vpk.exe
O4 - HKCU\..\Run: [Ooj] C:\WINDOWS\System32\Eef.exe
O4 - HKCU\..\Run: [Qfb] C:\WINDOWS\System32\Njm.exe
O4 - HKCU\..\Run: [Etm] C:\WINDOWS\Njg.exe
O4 - HKCU\..\Run: [Ivd] C:\WINDOWS\System32\Tod.exe
O4 - HKCU\..\Run: [Luq] C:\WINDOWS\Jfq.exe
O4 - HKCU\..\Run: [Jcr] C:\WINDOWS\System32\Pta.exe
O4 - HKCU\..\Run: [Jvb] C:\WINDOWS\System32\Ska.exe
O4 - HKCU\..\Run: [Uag] C:\WINDOWS\Ncg.exe
O4 - HKCU\..\Run: [Pcd] C:\WINDOWS\Duo.exe
O4 - HKCU\..\Run: [Vcq] C:\WINDOWS\Use.exe
O4 - HKCU\..\Run: [Etn] C:\WINDOWS\Tna.exe
O4 - HKCU\..\Run: [Ecl] C:\WINDOWS\Jhc.exe
O4 - HKCU\..\Run: [Lmn] C:\WINDOWS\Tma.exe
O4 - HKCU\..\Run: [Ttg] C:\WINDOWS\Udh.exe
O4 - HKCU\..\Run: [Qiu] C:\WINDOWS\System32\Cld.exe
O4 - HKCU\..\Run: [Pvg] C:\WINDOWS\System32\Fel.exe
O4 - HKCU\..\Run: [Inb] C:\WINDOWS\Ibk.exe
O4 - HKCU\..\Run: [Uqq] C:\WINDOWS\System32\Nvd.exe
O4 - HKCU\..\Run: [Ujq] C:\WINDOWS\System32\Cnv.exe
O4 - HKCU\..\Run: [Psr] C:\WINDOWS\Mga.exe
O4 - HKCU\..\Run: [Pmf] C:\WINDOWS\Kut.exe
O4 - HKCU\..\Run: [Atl] C:\WINDOWS\Std.exe
O4 - HKCU\..\Run: [Erf] C:\WINDOWS\Rjo.exe
O4 - HKCU\..\Run: [Eld] C:\WINDOWS\Ltp.exe
O4 - HKCU\..\Run: [Eou] C:\WINDOWS\System32\Unj.exe
O4 - HKCU\..\Run: [Kvq] C:\WINDOWS\Shd.exe
O4 - HKCU\..\Run: [Lpu] C:\WINDOWS\Hbl.exe
O4 - HKCU\..\Run: [Vuq] C:\WINDOWS\Hoq.exe
O4 - HKCU\..\Run: [Bej] C:\WINDOWS\Jdr.exe
O4 - HKCU\..\Run: [Tkg] C:\WINDOWS\System32\Bmc.exe
O4 - HKCU\..\Run: [Mah] C:\WINDOWS\System32\Jbg.exe
O4 - HKCU\..\Run: [Jop] C:\WINDOWS\System32\Afh.exe
O4 - HKCU\..\Run: [Bes] C:\WINDOWS\Mrf.exe
O4 - HKCU\..\Run: [Qht] C:\WINDOWS\System32\Pbt.exe
O4 - HKCU\..\Run: [Hij] C:\WINDOWS\Vpv.exe
O4 - HKCU\..\Run: [Kjh] C:\WINDOWS\Vtq.exe
O4 - HKCU\..\Run: [Esq] C:\WINDOWS\System32\Crb.exe
O4 - HKCU\..\Run: [Sdq] C:\WINDOWS\Svv.exe
O4 - HKCU\..\Run: [Oaf] C:\WINDOWS\Ptm.exe
O4 - HKCU\..\Run: [Icq] C:\WINDOWS\System32\Uqh.exe
O4 - HKCU\..\Run: [Kkl] C:\WINDOWS\Kec.exe
O4 - HKCU\..\Run: [Qeg] C:\WINDOWS\Kim.exe
O4 - HKCU\..\Run: [Bhu] C:\WINDOWS\Nvv.exe
O4 - HKCU\..\Run: [Rda] C:\WINDOWS\Stt.exe
O4 - HKCU\..\Run: [Igl] C:\WINDOWS\Kqk.exe
O4 - HKCU\..\Run: [Evh] C:\WINDOWS\System32\Lhv.exe
O4 - HKCU\..\Run: [Dtg] C:\WINDOWS\System32\Jtu.exe
O4 - HKCU\..\Run: [Prs] C:\WINDOWS\Ndf.exe
O4 - HKCU\..\Run: [Oif] C:\WINDOWS\Kgg.exe
O4 - HKCU\..\Run: [Cer] C:\WINDOWS\Nnp.exe
O4 - HKCU\..\Run: [Dfv] C:\WINDOWS\System32\Shf.exe
O4 - HKCU\..\Run: [Eor] C:\WINDOWS\System32\Ivj.exe
O4 - HKCU\..\Run: [Rrj] C:\WINDOWS\Eqe.exe
O4 - HKCU\..\Run: [Rlr] C:\WINDOWS\Lcs.exe
O4 - HKCU\..\Run: [Eqa] C:\WINDOWS\Kcu.exe
O4 - HKCU\..\Run: [Bcm] C:\WINDOWS\System32\Vtl.exe
O4 - HKCU\..\Run: [Vje] C:\WINDOWS\Iak.exe
O4 - HKCU\..\Run: [Nnl] C:\WINDOWS\Nve.exe
O4 - HKCU\..\Run: [Qpc] C:\WINDOWS\System32\Alo.exe
O4 - HKCU\..\Run: [Cto] C:\WINDOWS\System32\Kbl.exe
O4 - HKCU\..\Run: [Ikd] C:\WINDOWS\System32\Hmp.exe
O4 - HKCU\..\Run: [Kfh] C:\WINDOWS\Erj.exe
O4 - HKCU\..\Run: [Eme] C:\WINDOWS\System32\Str.exe
O4 - HKCU\..\Run: [Qhl] C:\WINDOWS\Cfp.exe
O4 - HKCU\..\Run: [Vov] C:\WINDOWS\System32\Bvl.exe
O4 - HKCU\..\Run: [Nsh] C:\WINDOWS\System32\Cle.exe
O4 - HKCU\..\Run: [Rjn] C:\WINDOWS\Vag.exe
O4 - HKCU\..\Run: [Blp] C:\WINDOWS\Bnq.exe
O4 - HKCU\..\Run: [Fpq] C:\WINDOWS\Jvm.exe
O4 - HKCU\..\Run: [Ooc] C:\WINDOWS\System32\Psj.exe
O4 - HKCU\..\Run: [Urt] C:\WINDOWS\System32\Bqh.exe
O4 - HKCU\..\Run: [Uec] C:\WINDOWS\Ebk.exe
O4 - HKCU\..\Run: [Fcg] C:\WINDOWS\Hjd.exe
O4 - HKCU\..\Run: [Otb] C:\WINDOWS\System32\Sdp.exe
O4 - HKCU\..\Run: [Ptd] C:\WINDOWS\Ejh.exe
O4 - HKCU\..\Run: [Bng] C:\WINDOWS\System32\Abh.exe
O4 - HKCU\..\Run: [Bgb] C:\WINDOWS\System32\Cbo.exe
O4 - HKCU\..\Run: [Lvb] C:\WINDOWS\Ust.exe
O4 - HKCU\..\Run: [Gph] C:\WINDOWS\System32\Ocu.exe
O4 - HKCU\..\Run: [Itl] C:\WINDOWS\System32\Mvf.exe
O4 - HKCU\..\Run: [Dfq] C:\WINDOWS\Mkc.exe
O4 - HKCU\..\Run: [Csr] C:\WINDOWS\Vcv.exe
O4 - HKCU\..\Run: [Tkc] C:\WINDOWS\System32\Khm.exe
O4 - HKCU\..\Run: [Rta] C:\WINDOWS\System32\Slo.exe
O4 - HKCU\..\Run: [Rqo] C:\WINDOWS\System32\Mgo.exe
O4 - HKCU\..\Run: [Rmt] C:\WINDOWS\System32\Hhd.exe
O4 - HKCU\..\Run: [Hps] C:\WINDOWS\System32\Sku.exe
O4 - HKCU\..\Run: [Cjd] C:\WINDOWS\Vcv.exe
O4 - HKCU\..\Run: [Sfu] C:\WINDOWS\System32\Qks.exe
O4 - HKCU\..\Run: [Aeh] C:\WINDOWS\Kbl.exe
O4 - HKCU\..\Run: [Jko] C:\WINDOWS\Oam.exe
O4 - HKCU\..\Run: [Obk] C:\WINDOWS\Eeq.exe
O4 - HKCU\..\Run: [Usj] C:\WINDOWS\System32\Gqg.exe
O4 - HKCU\..\Run: [Ibq] C:\WINDOWS\Dtd.exe
O4 - HKCU\..\Run: [Qrs] C:\WINDOWS\Vqk.exe
O4 - HKCU\..\Run: [Gcm] C:\WINDOWS\System32\Cpo.exe
O4 - HKCU\..\Run: [Lvr] C:\WINDOWS\Ura.exe
O4 - HKCU\..\Run: [Reu] C:\WINDOWS\Aan.exe
O4 - HKCU\..\Run: [Auh] C:\WINDOWS\Def.exe
O4 - HKCU\..\Run: [Cnt] C:\WINDOWS\Kds.exe
O4 - HKCU\..\Run: [Vbt] C:\WINDOWS\System32\Mkv.exe
O4 - HKCU\..\Run: [Cat] C:\WINDOWS\System32\Ehi.exe
O4 - HKCU\..\Run: [Dsk] C:\WINDOWS\Gvf.exe
O4 - HKCU\..\Run: [Nke] C:\WINDOWS\Vbc.exe
O4 - HKCU\..\Run: [Cro] C:\WINDOWS\Bmk.exe
O4 - HKCU\..\Run: [Nnh] C:\WINDOWS\System32\Uut.exe
O4 - HKCU\..\Run: [Bac] C:\WINDOWS\Khf.exe
O4 - HKCU\..\Run: [Tjv] C:\WINDOWS\System32\Ggb.exe
O4 - HKCU\..\Run: [Oge] C:\WINDOWS\System32\Mas.exe
O4 - HKCU\..\Run: [Slo] C:\WINDOWS\Tst.exe
O4 - HKCU\..\Run: [Reg] C:\WINDOWS\System32\Isg.exe
O4 - HKCU\..\Run: [Jpi] C:\WINDOWS\System32\Nfv.exe
O4 - HKCU\..\Run: [Jsh] C:\WINDOWS\Vrb.exe
O4 - HKCU\..\Run: [Bnu] C:\WINDOWS\Jmr.exe
O4 - HKCU\..\Run: [Odq] C:\WINDOWS\Kvo.exe
O4 - HKCU\..\Run: [Eui] C:\WINDOWS\System32\Sub.exe
O4 - HKCU\..\Run: [Hrn] C:\WINDOWS\Tah.exe
O4 - HKCU\..\Run: [Crr] C:\WINDOWS\System32\Naa.exe
O4 - HKCU\..\Run: [Occ] C:\WINDOWS\System32\Cgd.exe
O4 - HKCU\..\Run: [Hre] C:\WINDOWS\System32\Ami.exe
O4 - HKCU\..\Run: [Bsd] C:\WINDOWS\System32\Oqq.exe
O4 - HKCU\..\Run: [Bol] C:\WINDOWS\Nul.exe
O4 - HKCU\..\Run: [Fqg] C:\WINDOWS\System32\Psn.exe
O4 - HKCU\..\Run: [Hup] C:\WINDOWS\Jqh.exe
O4 - HKCU\..\Run: [Epk] C:\WINDOWS\System32\Ojl.exe
O4 - HKCU\..\Run: [Ngh] C:\WINDOWS\Skp.exe
O4 - HKCU\..\Run: [Kuh] C:\WINDOWS\Kfh.exe
O4 - HKCU\..\Run: [Grs] C:\WINDOWS\System32\Fab.exe
O4 - HKCU\..\Run: [Hso] C:\WINDOWS\System32\Goi.exe
O4 - HKCU\..\Run: [Uaf] C:\WINDOWS\Sro.exe
O4 - HKCU\..\Run: [Dsn] C:\WINDOWS\System32\Kgv.exe
O4 - HKCU\..\Run: [Hao] C:\WINDOWS\System32\Gkh.exe
O4 - HKCU\..\Run: [Nub] C:\WINDOWS\System32\Hpv.exe
O4 - HKCU\..\Run: [Pii] C:\WINDOWS\Ecr.exe
O4 - HKCU\..\Run: [Jhc] C:\WINDOWS\Rdj.exe
O4 - HKCU\..\Run: [Djq] C:\WINDOWS\System32\Cll.exe
O4 - HKCU\..\Run: [Nec] C:\WINDOWS\Saq.exe
O4 - HKCU\..\Run: [Bhs] C:\WINDOWS\System32\Qed.exe
O4 - HKCU\..\Run: [Bip] C:\WINDOWS\Osr.exe
O4 - HKCU\..\Run: [Vko] C:\WINDOWS\Eqg.exe
O4 - HKCU\..\Run: [Ous] C:\WINDOWS\Dhs.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\GetRight\GetRight\GRdownload.htm
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Dave Goddard.DAVE\Application Data\Mozilla\Firefox\Profiles\wcvdf4sd.Default User\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Open with GetRight Browser - C:\GetRight\GetRight\GRbrowse.htm
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Dave Goddard.DAVE\Application Data\Mozilla\Firefox\Profiles\wcvdf4sd.Default User\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: f3dsl - MSplg7.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#2 Discogod

Group: Member
Posts: 12
Joined: 02-May 05

Posted 05 May 2005 - 11:00 AM

*bump*

i'm still having problems, can somebody help please?

Thanks

#3 Kat

Group: Retired Staff
Posts: 19,704
Joined: 05-April 05

Posted 05 May 2005 - 11:59 AM

Hi there, and welcome! My name is Kat, and I'll be helping you to get your computer fixed up and on the run again! You may want to print these instructions or save them to a NotePad file on your desktop to make it easier for you to follow each step in order!

Before we begin, I highly recommend that you uninstall MessengerPlus, at it is the most likely culprit responsible for causing you to get so badly infected. You have two nasty infections, and both of them can be received thru Messenger Plus. Leaving it installed is up to you, but be aware that you may become reinfected.

1. You may want to print out these instructions or save them to your desktop as a text file with Notepad because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.

Prepare CWShredder for use:
- Download CWShredder.
- Save CWShredder.exe to a convenient location.
- Please do not do anything with it yet.
Prepare AboutBuster for use:
- Download AboutBuster.
- Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
- Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
- Click "OK" at the prompt with instructions.
- Click "Update" and then "Check For Update" to begin the update process.
- If any updates exist please download them by clicking "Download Update".
- You should not run the program yet so click "Exit".
Prepare cwsserviceremove.reg for use:
- Download cwsserviceremove.zip.
- Unzip the contents of cwsserviceremove.zip (cwsserviceremove.reg) to your desktop.
- Please do not do anything with it yet.

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

Run CWShredder:
- Double-click on CWShredder.exe.
- Click "Fix ->" and click "OK" at the prompt.
- CWShredder will scan and clean your system of CWS files.
- Click "Next->" and then "Exit".
Remove the offending service:
- Double-click on cwsserviceremove.reg you downloaded earlier.
- When it asks you to merge the information to the registry click "Yes".
Run AboutBuster and save the logs:
- Browse to where you saved AboutBuster and run AboutBuster.exe.
- Click OK at the directions prompt.
- Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
- Click Yes to allow it to shutdown explorer.exe.
- It will begin to your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
Restart your computer normally to return to normal mode.

2. Download and Save Spywadfix to your computer from this link:
http://www.thespykil...s/spywadfix.exe

It will automatically extract to c:\spywad where it needs to be to run and will automatically open the remove spywad.vbs script for you ready to paste in the line mentioned below.
If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run.

It is not malicious.
It will open an Input box. Paste this line into the box

C:\WINDOWS\System32\Cbo.exe

The script will kill that process, backup and then delete any matching files in System32 and your Windows Directory. It will create a log of all files deleted. This log file will be named Spywad.txt and be located inside the C:\Spywad Folder. The backups will also be located in two subfolders there. One named Systems and the other named Window.

The script will search the Windows Directory and delete desktop.html and popup.html if they exist. It will add entries to the log if these files are found and deleted.

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your windows default desktop and context menu functions.
It will restart Explorer.

** Script Does not remove the orphaned run entries.

Finally, it will Run hijackthis so that you can remove the orphaned run entries.

3. Please re-open HiJackThis and scan (if it doesn't open automatically in the previous step). Check the boxes next to all the entries listed below.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\fsdio.dll/sp.html#37049

O2 - BHO: (no name) - {A6B1DE48-E2B5-5C45-88EB-509D77A96D02} - C:\WINDOWS\sdkah.dll

O4 - HKLM\..\Run: [autoupd] C:\WINDOWS\autoupd\autoupd.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ?_??????\WkDetect.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\System32\wi32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" (If you chose to uninstall the program)
O4 - HKLM\..\Run: [Oms] C:\WINDOWS\Chi.exe
O4 - HKLM\..\Run: [Ovf] C:\WINDOWS\System32\Cbo.exe
O4 - HKLM\..\Run: [Rtl] C:\WINDOWS\Jtt.exe
O4 - HKLM\..\Run: [Vtc] C:\WINDOWS\Gug.exe
O4 - HKLM\..\Run: [Anc] C:\WINDOWS\System32\Atl.exe
O4 - HKLM\..\Run: [Tjn] C:\WINDOWS\Eks.exe
O4 - HKLM\..\Run: [Bgv] C:\WINDOWS\System32\Blf.exe
O4 - HKLM\..\Run: [Ept] C:\WINDOWS\System32\Atj.exe
O4 - HKLM\..\Run: [Uck] C:\WINDOWS\System32\Mro.exe
O4 - HKLM\..\Run: [Blv] C:\WINDOWS\Apv.exe
O4 - HKLM\..\Run: [Osp] C:\WINDOWS\Fto.exe
O4 - HKLM\..\Run: [Icg] C:\WINDOWS\Gdv.exe
O4 - HKLM\..\Run: [Kip] C:\WINDOWS\Gof.exe
O4 - HKLM\..\Run: [Hlu] C:\WINDOWS\System32\Fhp.exe
O4 - HKLM\..\Run: [Htc] C:\WINDOWS\Hbb.exe
O4 - HKLM\..\Run: [Jut] C:\WINDOWS\System32\Oti.exe
O4 - HKLM\..\Run: [Muk] C:\WINDOWS\System32\Eep.exe
O4 - HKLM\..\Run: [Ptn] C:\WINDOWS\System32\Qvg.exe
O4 - HKLM\..\Run: [Bjb] C:\WINDOWS\Vpk.exe
O4 - HKLM\..\Run: [Ooj] C:\WINDOWS\System32\Eef.exe
O4 - HKLM\..\Run: [Qfb] C:\WINDOWS\System32\Njm.exe
O4 - HKLM\..\Run: [Etm] C:\WINDOWS\Njg.exe
O4 - HKLM\..\Run: [Ivd] C:\WINDOWS\System32\Tod.exe
O4 - HKLM\..\Run: [Luq] C:\WINDOWS\Jfq.exe
O4 - HKLM\..\Run: [Jcr] C:\WINDOWS\System32\Pta.exe
O4 - HKLM\..\Run: [Jvb] C:\WINDOWS\System32\Ska.exe
O4 - HKLM\..\Run: [Uag] C:\WINDOWS\Ncg.exe
O4 - HKLM\..\Run: [Pcd] C:\WINDOWS\Duo.exe
O4 - HKLM\..\Run: [Vcq] C:\WINDOWS\Use.exe
O4 - HKLM\..\Run: [Etn] C:\WINDOWS\Tna.exe
O4 - HKLM\..\Run: [Ecl] C:\WINDOWS\Jhc.exe
O4 - HKLM\..\Run: [Lmn] C:\WINDOWS\Tma.exe
O4 - HKLM\..\Run: [Ttg] C:\WINDOWS\Udh.exe
O4 - HKLM\..\Run: [Qiu] C:\WINDOWS\System32\Cld.exe
O4 - HKLM\..\Run: [Pvg] C:\WINDOWS\System32\Fel.exe
O4 - HKLM\..\Run: [Inb] C:\WINDOWS\Ibk.exe
O4 - HKLM\..\Run: [Uqq] C:\WINDOWS\System32\Nvd.exe
O4 - HKLM\..\Run: [Ujq] C:\WINDOWS\System32\Cnv.exe
O4 - HKLM\..\Run: [Psr] C:\WINDOWS\Mga.exe
O4 - HKLM\..\Run: [Pmf] C:\WINDOWS\Kut.exe
O4 - HKLM\..\Run: [Atl] C:\WINDOWS\Std.exe
O4 - HKLM\..\Run: [Erf] C:\WINDOWS\Rjo.exe
O4 - HKLM\..\Run: [Eld] C:\WINDOWS\Ltp.exe
O4 - HKLM\..\Run: [Eou] C:\WINDOWS\System32\Unj.exe
O4 - HKLM\..\Run: [Kvq] C:\WINDOWS\Shd.exe
O4 - HKLM\..\Run: [Lpu] C:\WINDOWS\Hbl.exe
O4 - HKLM\..\Run: [Vuq] C:\WINDOWS\Hoq.exe
O4 - HKLM\..\Run: [Bej] C:\WINDOWS\Jdr.exe
O4 - HKLM\..\Run: [Tkg] C:\WINDOWS\System32\Bmc.exe
O4 - HKLM\..\Run: [Mah] C:\WINDOWS\System32\Jbg.exe
O4 - HKLM\..\Run: [Jop] C:\WINDOWS\System32\Afh.exe
O4 - HKLM\..\Run: [Bes] C:\WINDOWS\Mrf.exe
O4 - HKLM\..\Run: [Qht] C:\WINDOWS\System32\Pbt.exe
O4 - HKLM\..\Run: [Hij] C:\WINDOWS\Vpv.exe
O4 - HKLM\..\Run: [Kjh] C:\WINDOWS\Vtq.exe
O4 - HKLM\..\Run: [Esq] C:\WINDOWS\System32\Crb.exe
O4 - HKLM\..\Run: [Sdq] C:\WINDOWS\Svv.exe
O4 - HKLM\..\Run: [Oaf] C:\WINDOWS\Ptm.exe
O4 - HKLM\..\Run: [Icq] C:\WINDOWS\System32\Uqh.exe
O4 - HKLM\..\Run: [Kkl] C:\WINDOWS\Kec.exe
O4 - HKLM\..\Run: [Qeg] C:\WINDOWS\Kim.exe
O4 - HKLM\..\Run: [Bhu] C:\WINDOWS\Nvv.exe
O4 - HKLM\..\Run: [Rda] C:\WINDOWS\Stt.exe
O4 - HKLM\..\Run: [Igl] C:\WINDOWS\Kqk.exe
O4 - HKLM\..\Run: [Evh] C:\WINDOWS\System32\Lhv.exe
O4 - HKLM\..\Run: [Dtg] C:\WINDOWS\System32\Jtu.exe
O4 - HKLM\..\Run: [Prs] C:\WINDOWS\Ndf.exe
O4 - HKLM\..\Run: [Oif] C:\WINDOWS\Kgg.exe
O4 - HKLM\..\Run: [Cer] C:\WINDOWS\Nnp.exe
O4 - HKLM\..\Run: [Dfv] C:\WINDOWS\System32\Shf.exe
O4 - HKLM\..\Run: [Eor] C:\WINDOWS\System32\Ivj.exe
O4 - HKLM\..\Run: [Rrj] C:\WINDOWS\Eqe.exe
O4 - HKLM\..\Run: [Rlr] C:\WINDOWS\Lcs.exe
O4 - HKLM\..\Run: [Eqa] C:\WINDOWS\Kcu.exe
O4 - HKLM\..\Run: [Bcm] C:\WINDOWS\System32\Vtl.exe
O4 - HKLM\..\Run: [Vje] C:\WINDOWS\Iak.exe
O4 - HKLM\..\Run: [Nnl] C:\WINDOWS\Nve.exe
O4 - HKLM\..\Run: [Qpc] C:\WINDOWS\System32\Alo.exe
O4 - HKLM\..\Run: [Cto] C:\WINDOWS\System32\Kbl.exe
O4 - HKLM\..\Run: [Ikd] C:\WINDOWS\System32\Hmp.exe
O4 - HKLM\..\Run: [Kfh] C:\WINDOWS\Erj.exe
O4 - HKLM\..\Run: [Eme] C:\WINDOWS\System32\Str.exe
O4 - HKLM\..\Run: [Qhl] C:\WINDOWS\Cfp.exe
O4 - HKLM\..\Run: [Vov] C:\WINDOWS\System32\Bvl.exe
O4 - HKLM\..\Run: [Nsh] C:\WINDOWS\System32\Cle.exe
O4 - HKLM\..\Run: [Rjn] C:\WINDOWS\Vag.exe
O4 - HKLM\..\Run: [Blp] C:\WINDOWS\Bnq.exe
O4 - HKLM\..\Run: [Fpq] C:\WINDOWS\Jvm.exe
O4 - HKLM\..\Run: [Ooc] C:\WINDOWS\System32\Psj.exe
O4 - HKLM\..\Run: [Urt] C:\WINDOWS\System32\Bqh.exe
O4 - HKLM\..\Run: [Uec] C:\WINDOWS\Ebk.exe
O4 - HKLM\..\Run: [Fcg] C:\WINDOWS\Hjd.exe
O4 - HKLM\..\Run: [Otb] C:\WINDOWS\System32\Sdp.exe
O4 - HKLM\..\Run: [Ptd] C:\WINDOWS\Ejh.exe
O4 - HKLM\..\Run: [Bng] C:\WINDOWS\System32\Abh.exe
O4 - HKLM\..\Run: [Bgb] C:\WINDOWS\System32\Cbo.exe
O4 - HKLM\..\Run: [Lvb] C:\WINDOWS\Ust.exe
O4 - HKLM\..\Run: [Gph] C:\WINDOWS\System32\Ocu.exe
O4 - HKLM\..\Run: [Itl] C:\WINDOWS\System32\Mvf.exe
O4 - HKLM\..\Run: [Dfq] C:\WINDOWS\Mkc.exe
O4 - HKLM\..\Run: [Csr] C:\WINDOWS\Vcv.exe
O4 - HKLM\..\Run: [Tkc] C:\WINDOWS\System32\Khm.exe
O4 - HKLM\..\Run: [Rta] C:\WINDOWS\System32\Slo.exe
O4 - HKLM\..\Run: [Rqo] C:\WINDOWS\System32\Mgo.exe
O4 - HKLM\..\Run: [Rmt] C:\WINDOWS\System32\Hhd.exe
O4 - HKLM\..\Run: [Hps] C:\WINDOWS\System32\Sku.exe
O4 - HKLM\..\Run: [Cjd] C:\WINDOWS\Vcv.exe
O4 - HKLM\..\Run: [Sfu] C:\WINDOWS\System32\Qks.exe
O4 - HKLM\..\Run: [Aeh] C:\WINDOWS\Kbl.exe
O4 - HKLM\..\Run: [Jko] C:\WINDOWS\Oam.exe
O4 - HKLM\..\Run: [Obk] C:\WINDOWS\Eeq.exe
O4 - HKLM\..\Run: [Usj] C:\WINDOWS\System32\Gqg.exe
O4 - HKLM\..\Run: [Ibq] C:\WINDOWS\Dtd.exe
O4 - HKLM\..\Run: [Qrs] C:\WINDOWS\Vqk.exe
O4 - HKLM\..\Run: [Gcm] C:\WINDOWS\System32\Cpo.exe
O4 - HKLM\..\Run: [Lvr] C:\WINDOWS\Ura.exe
O4 - HKLM\..\Run: [Reu] C:\WINDOWS\Aan.exe
O4 - HKLM\..\Run: [Auh] C:\WINDOWS\Def.exe
O4 - HKLM\..\Run: [Cnt] C:\WINDOWS\Kds.exe
O4 - HKLM\..\Run: [Vbt] C:\WINDOWS\System32\Mkv.exe
O4 - HKLM\..\Run: [Cat] C:\WINDOWS\System32\Ehi.exe
O4 - HKLM\..\Run: [Dsk] C:\WINDOWS\Gvf.exe
O4 - HKLM\..\Run: [Nke] C:\WINDOWS\Vbc.exe
O4 - HKLM\..\Run: [Cro] C:\WINDOWS\Bmk.exe
O4 - HKLM\..\Run: [Nnh] C:\WINDOWS\System32\Uut.exe
O4 - HKLM\..\Run: [Bac] C:\WINDOWS\Khf.exe
O4 - HKLM\..\Run: [Tjv] C:\WINDOWS\System32\Ggb.exe
O4 - HKLM\..\Run: [Oge] C:\WINDOWS\System32\Mas.exe
O4 - HKLM\..\Run: [Slo] C:\WINDOWS\Tst.exe
O4 - HKLM\..\Run: [Reg] C:\WINDOWS\System32\Isg.exe
O4 - HKLM\..\Run: [Jpi] C:\WINDOWS\System32\Nfv.exe
O4 - HKLM\..\Run: [Jsh] C:\WINDOWS\Vrb.exe
O4 - HKLM\..\Run: [Bnu] C:\WINDOWS\Jmr.exe
O4 - HKLM\..\Run: [Odq] C:\WINDOWS\Kvo.exe
O4 - HKLM\..\Run: [Eui] C:\WINDOWS\System32\Sub.exe
O4 - HKLM\..\Run: [Hrn] C:\WINDOWS\Tah.exe
O4 - HKLM\..\Run: [Crr] C:\WINDOWS\System32\Naa.exe
O4 - HKLM\..\Run: [Occ] C:\WINDOWS\System32\Cgd.exe
O4 - HKLM\..\Run: [Hre] C:\WINDOWS\System32\Ami.exe
O4 - HKLM\..\Run: [Bsd] C:\WINDOWS\System32\Oqq.exe
O4 - HKLM\..\Run: [Bol] C:\WINDOWS\Nul.exe
O4 - HKLM\..\Run: [Fqg] C:\WINDOWS\System32\Psn.exe
O4 - HKLM\..\Run: [Hup] C:\WINDOWS\Jqh.exe
O4 - HKLM\..\Run: [Epk] C:\WINDOWS\System32\Ojl.exe
O4 - HKLM\..\Run: [Ngh] C:\WINDOWS\Skp.exe
O4 - HKLM\..\Run: [Kuh] C:\WINDOWS\Kfh.exe
O4 - HKLM\..\Run: [Grs] C:\WINDOWS\System32\Fab.exe
O4 - HKLM\..\Run: [Hso] C:\WINDOWS\System32\Goi.exe
O4 - HKLM\..\Run: [Uaf] C:\WINDOWS\Sro.exe
O4 - HKLM\..\Run: [Dsn] C:\WINDOWS\System32\Kgv.exe
O4 - HKLM\..\Run: [Hao] C:\WINDOWS\System32\Gkh.exe
O4 - HKLM\..\Run: [Nub] C:\WINDOWS\System32\Hpv.exe
O4 - HKLM\..\Run: [Pii] C:\WINDOWS\Ecr.exe
O4 - HKLM\..\Run: [Jhc] C:\WINDOWS\Rdj.exe
O4 - HKLM\..\Run: [Djq] C:\WINDOWS\System32\Cll.exe
O4 - HKLM\..\Run: [Nec] C:\WINDOWS\Saq.exe
O4 - HKLM\..\Run: [Bhs] C:\WINDOWS\System32\Qed.exe
O4 - HKLM\..\Run: [Bip] C:\WINDOWS\Osr.exe
O4 - HKLM\..\Run: [Vko] C:\WINDOWS\Eqg.exe
O4 - HKLM\..\Run: [Ous] C:\WINDOWS\Dhs.exe
O4 - HKCU\..\Run: [Oms] C:\WINDOWS\Chi.exe
O4 - HKCU\..\Run: [Ovf] C:\WINDOWS\System32\Cbo.exe
O4 - HKCU\..\Run: [Rtl] C:\WINDOWS\Jtt.exe
O4 - HKCU\..\Run: [Vtc] C:\WINDOWS\Gug.exe
O4 - HKCU\..\Run: [Anc] C:\WINDOWS\System32\Atl.exe
O4 - HKCU\..\Run: [Tjn] C:\WINDOWS\Eks.exe
O4 - HKCU\..\Run: [Bgv] C:\WINDOWS\System32\Blf.exe
O4 - HKCU\..\Run: [Ept] C:\WINDOWS\System32\Atj.exe
O4 - HKCU\..\Run: [Uck] C:\WINDOWS\System32\Mro.exe
O4 - HKCU\..\Run: [Blv] C:\WINDOWS\Apv.exe
O4 - HKCU\..\Run: [Osp] C:\WINDOWS\Fto.exe
O4 - HKCU\..\Run: [Icg] C:\WINDOWS\Gdv.exe
O4 - HKCU\..\Run: [Kip] C:\WINDOWS\Gof.exe
O4 - HKCU\..\Run: [Hlu] C:\WINDOWS\System32\Fhp.exe
O4 - HKCU\..\Run: [Htc] C:\WINDOWS\Hbb.exe
O4 - HKCU\..\Run: [Jut] C:\WINDOWS\System32\Oti.exe
O4 - HKCU\..\Run: [Muk] C:\WINDOWS\System32\Eep.exe
O4 - HKCU\..\Run: [Ptn] C:\WINDOWS\System32\Qvg.exe
O4 - HKCU\..\Run: [Bjb] C:\WINDOWS\Vpk.exe
O4 - HKCU\..\Run: [Ooj] C:\WINDOWS\System32\Eef.exe
O4 - HKCU\..\Run: [Qfb] C:\WINDOWS\System32\Njm.exe
O4 - HKCU\..\Run: [Etm] C:\WINDOWS\Njg.exe
O4 - HKCU\..\Run: [Ivd] C:\WINDOWS\System32\Tod.exe
O4 - HKCU\..\Run: [Luq] C:\WINDOWS\Jfq.exe
O4 - HKCU\..\Run: [Jcr] C:\WINDOWS\System32\Pta.exe
O4 - HKCU\..\Run: [Jvb] C:\WINDOWS\System32\Ska.exe
O4 - HKCU\..\Run: [Uag] C:\WINDOWS\Ncg.exe
O4 - HKCU\..\Run: [Pcd] C:\WINDOWS\Duo.exe
O4 - HKCU\..\Run: [Vcq] C:\WINDOWS\Use.exe
O4 - HKCU\..\Run: [Etn] C:\WINDOWS\Tna.exe
O4 - HKCU\..\Run: [Ecl] C:\WINDOWS\Jhc.exe
O4 - HKCU\..\Run: [Lmn] C:\WINDOWS\Tma.exe
O4 - HKCU\..\Run: [Ttg] C:\WINDOWS\Udh.exe
O4 - HKCU\..\Run: [Qiu] C:\WINDOWS\System32\Cld.exe
O4 - HKCU\..\Run: [Pvg] C:\WINDOWS\System32\Fel.exe
O4 - HKCU\..\Run: [Inb] C:\WINDOWS\Ibk.exe
O4 - HKCU\..\Run: [Uqq] C:\WINDOWS\System32\Nvd.exe
O4 - HKCU\..\Run: [Ujq] C:\WINDOWS\System32\Cnv.exe
O4 - HKCU\..\Run: [Psr] C:\WINDOWS\Mga.exe
O4 - HKCU\..\Run: [Pmf] C:\WINDOWS\Kut.exe
O4 - HKCU\..\Run: [Atl] C:\WINDOWS\Std.exe
O4 - HKCU\..\Run: [Erf] C:\WINDOWS\Rjo.exe
O4 - HKCU\..\Run: [Eld] C:\WINDOWS\Ltp.exe
O4 - HKCU\..\Run: [Eou] C:\WINDOWS\System32\Unj.exe
O4 - HKCU\..\Run: [Kvq] C:\WINDOWS\Shd.exe
O4 - HKCU\..\Run: [Lpu] C:\WINDOWS\Hbl.exe
O4 - HKCU\..\Run: [Vuq] C:\WINDOWS\Hoq.exe
O4 - HKCU\..\Run: [Bej] C:\WINDOWS\Jdr.exe
O4 - HKCU\..\Run: [Tkg] C:\WINDOWS\System32\Bmc.exe
O4 - HKCU\..\Run: [Mah] C:\WINDOWS\System32\Jbg.exe
O4 - HKCU\..\Run: [Jop] C:\WINDOWS\System32\Afh.exe
O4 - HKCU\..\Run: [Bes] C:\WINDOWS\Mrf.exe
O4 - HKCU\..\Run: [Qht] C:\WINDOWS\System32\Pbt.exe
O4 - HKCU\..\Run: [Hij] C:\WINDOWS\Vpv.exe
O4 - HKCU\..\Run: [Kjh] C:\WINDOWS\Vtq.exe
O4 - HKCU\..\Run: [Esq] C:\WINDOWS\System32\Crb.exe
O4 - HKCU\..\Run: [Sdq] C:\WINDOWS\Svv.exe
O4 - HKCU\..\Run: [Oaf] C:\WINDOWS\Ptm.exe
O4 - HKCU\..\Run: [Icq] C:\WINDOWS\System32\Uqh.exe
O4 - HKCU\..\Run: [Kkl] C:\WINDOWS\Kec.exe
O4 - HKCU\..\Run: [Qeg] C:\WINDOWS\Kim.exe
O4 - HKCU\..\Run: [Bhu] C:\WINDOWS\Nvv.exe
O4 - HKCU\..\Run: [Rda] C:\WINDOWS\Stt.exe
O4 - HKCU\..\Run: [Igl] C:\WINDOWS\Kqk.exe
O4 - HKCU\..\Run: [Evh] C:\WINDOWS\System32\Lhv.exe
O4 - HKCU\..\Run: [Dtg] C:\WINDOWS\System32\Jtu.exe
O4 - HKCU\..\Run: [Prs] C:\WINDOWS\Ndf.exe
O4 - HKCU\..\Run: [Oif] C:\WINDOWS\Kgg.exe
O4 - HKCU\..\Run: [Cer] C:\WINDOWS\Nnp.exe
O4 - HKCU\..\Run: [Dfv] C:\WINDOWS\System32\Shf.exe
O4 - HKCU\..\Run: [Eor] C:\WINDOWS\System32\Ivj.exe
O4 - HKCU\..\Run: [Rrj] C:\WINDOWS\Eqe.exe
O4 - HKCU\..\Run: [Rlr] C:\WINDOWS\Lcs.exe
O4 - HKCU\..\Run: [Eqa] C:\WINDOWS\Kcu.exe
O4 - HKCU\..\Run: [Bcm] C:\WINDOWS\System32\Vtl.exe
O4 - HKCU\..\Run: [Vje] C:\WINDOWS\Iak.exe
O4 - HKCU\..\Run: [Nnl] C:\WINDOWS\Nve.exe
O4 - HKCU\..\Run: [Qpc] C:\WINDOWS\System32\Alo.exe
O4 - HKCU\..\Run: [Cto] C:\WINDOWS\System32\Kbl.exe
O4 - HKCU\..\Run: [Ikd] C:\WINDOWS\System32\Hmp.exe
O4 - HKCU\..\Run: [Kfh] C:\WINDOWS\Erj.exe
O4 - HKCU\..\Run: [Eme] C:\WINDOWS\System32\Str.exe
O4 - HKCU\..\Run: [Qhl] C:\WINDOWS\Cfp.exe
O4 - HKCU\..\Run: [Vov] C:\WINDOWS\System32\Bvl.exe
O4 - HKCU\..\Run: [Nsh] C:\WINDOWS\System32\Cle.exe
O4 - HKCU\..\Run: [Rjn] C:\WINDOWS\Vag.exe
O4 - HKCU\..\Run: [Blp] C:\WINDOWS\Bnq.exe
O4 - HKCU\..\Run: [Fpq] C:\WINDOWS\Jvm.exe
O4 - HKCU\..\Run: [Ooc] C:\WINDOWS\System32\Psj.exe
O4 - HKCU\..\Run: [Urt] C:\WINDOWS\System32\Bqh.exe
O4 - HKCU\..\Run: [Uec] C:\WINDOWS\Ebk.exe
O4 - HKCU\..\Run: [Fcg] C:\WINDOWS\Hjd.exe
O4 - HKCU\..\Run: [Otb] C:\WINDOWS\System32\Sdp.exe
O4 - HKCU\..\Run: [Ptd] C:\WINDOWS\Ejh.exe
O4 - HKCU\..\Run: [Bng] C:\WINDOWS\System32\Abh.exe
O4 - HKCU\..\Run: [Bgb] C:\WINDOWS\System32\Cbo.exe
O4 - HKCU\..\Run: [Lvb] C:\WINDOWS\Ust.exe
O4 - HKCU\..\Run: [Gph] C:\WINDOWS\System32\Ocu.exe
O4 - HKCU\..\Run: [Itl] C:\WINDOWS\System32\Mvf.exe
O4 - HKCU\..\Run: [Dfq] C:\WINDOWS\Mkc.exe
O4 - HKCU\..\Run: [Csr] C:\WINDOWS\Vcv.exe
O4 - HKCU\..\Run: [Tkc] C:\WINDOWS\System32\Khm.exe
O4 - HKCU\..\Run: [Rta] C:\WINDOWS\System32\Slo.exe
O4 - HKCU\..\Run: [Rqo] C:\WINDOWS\System32\Mgo.exe
O4 - HKCU\..\Run: [Rmt] C:\WINDOWS\System32\Hhd.exe
O4 - HKCU\..\Run: [Hps] C:\WINDOWS\System32\Sku.exe
O4 - HKCU\..\Run: [Cjd] C:\WINDOWS\Vcv.exe
O4 - HKCU\..\Run: [Sfu] C:\WINDOWS\System32\Qks.exe
O4 - HKCU\..\Run: [Aeh] C:\WINDOWS\Kbl.exe
O4 - HKCU\..\Run: [Jko] C:\WINDOWS\Oam.exe
O4 - HKCU\..\Run: [Obk] C:\WINDOWS\Eeq.exe
O4 - HKCU\..\Run: [Usj] C:\WINDOWS\System32\Gqg.exe
O4 - HKCU\..\Run: [Ibq] C:\WINDOWS\Dtd.exe
O4 - HKCU\..\Run: [Qrs] C:\WINDOWS\Vqk.exe
O4 - HKCU\..\Run: [Gcm] C:\WINDOWS\System32\Cpo.exe
O4 - HKCU\..\Run: [Lvr] C:\WINDOWS\Ura.exe
O4 - HKCU\..\Run: [Reu] C:\WINDOWS\Aan.exe
O4 - HKCU\..\Run: [Auh] C:\WINDOWS\Def.exe
O4 - HKCU\..\Run: [Cnt] C:\WINDOWS\Kds.exe
O4 - HKCU\..\Run: [Vbt] C:\WINDOWS\System32\Mkv.exe
O4 - HKCU\..\Run: [Cat] C:\WINDOWS\System32\Ehi.exe
O4 - HKCU\..\Run: [Dsk] C:\WINDOWS\Gvf.exe
O4 - HKCU\..\Run: [Nke] C:\WINDOWS\Vbc.exe
O4 - HKCU\..\Run: [Cro] C:\WINDOWS\Bmk.exe
O4 - HKCU\..\Run: [Nnh] C:\WINDOWS\System32\Uut.exe
O4 - HKCU\..\Run: [Bac] C:\WINDOWS\Khf.exe
O4 - HKCU\..\Run: [Tjv] C:\WINDOWS\System32\Ggb.exe
O4 - HKCU\..\Run: [Oge] C:\WINDOWS\System32\Mas.exe
O4 - HKCU\..\Run: [Slo] C:\WINDOWS\Tst.exe
O4 - HKCU\..\Run: [Reg] C:\WINDOWS\System32\Isg.exe
O4 - HKCU\..\Run: [Jpi] C:\WINDOWS\System32\Nfv.exe
O4 - HKCU\..\Run: [Jsh] C:\WINDOWS\Vrb.exe
O4 - HKCU\..\Run: [Bnu] C:\WINDOWS\Jmr.exe
O4 - HKCU\..\Run: [Odq] C:\WINDOWS\Kvo.exe
O4 - HKCU\..\Run: [Eui] C:\WINDOWS\System32\Sub.exe
O4 - HKCU\..\Run: [Hrn] C:\WINDOWS\Tah.exe
O4 - HKCU\..\Run: [Crr] C:\WINDOWS\System32\Naa.exe
O4 - HKCU\..\Run: [Occ] C:\WINDOWS\System32\Cgd.exe
O4 - HKCU\..\Run: [Hre] C:\WINDOWS\System32\Ami.exe
O4 - HKCU\..\Run: [Bsd] C:\WINDOWS\System32\Oqq.exe
O4 - HKCU\..\Run: [Bol] C:\WINDOWS\Nul.exe
O4 - HKCU\..\Run: [Fqg] C:\WINDOWS\System32\Psn.exe
O4 - HKCU\..\Run: [Hup] C:\WINDOWS\Jqh.exe
O4 - HKCU\..\Run: [Epk] C:\WINDOWS\System32\Ojl.exe
O4 - HKCU\..\Run: [Ngh] C:\WINDOWS\Skp.exe
O4 - HKCU\..\Run: [Kuh] C:\WINDOWS\Kfh.exe
O4 - HKCU\..\Run: [Grs] C:\WINDOWS\System32\Fab.exe
O4 - HKCU\..\Run: [Hso] C:\WINDOWS\System32\Goi.exe
O4 - HKCU\..\Run: [Uaf] C:\WINDOWS\Sro.exe
O4 - HKCU\..\Run: [Dsn] C:\WINDOWS\System32\Kgv.exe
O4 - HKCU\..\Run: [Hao] C:\WINDOWS\System32\Gkh.exe
O4 - HKCU\..\Run: [Nub] C:\WINDOWS\System32\Hpv.exe
O4 - HKCU\..\Run: [Pii] C:\WINDOWS\Ecr.exe
O4 - HKCU\..\Run: [Jhc] C:\WINDOWS\Rdj.exe
O4 - HKCU\..\Run: [Djq] C:\WINDOWS\System32\Cll.exe
O4 - HKCU\..\Run: [Nec] C:\WINDOWS\Saq.exe
O4 - HKCU\..\Run: [Bhs] C:\WINDOWS\System32\Qed.exe
O4 - HKCU\..\Run: [Bip] C:\WINDOWS\Osr.exe
O4 - HKCU\..\Run: [Vko] C:\WINDOWS\Eqg.exe
O4 - HKCU\..\Run: [Ous] C:\WINDOWS\Dhs.exe

** check carefully to make sure you checked all the entries that start out: 04 - HKCU\. \RUN [THREE LETTERS HERE]

O20 - Winlogon Notify: f3dsl - MSplg7.dll (file missing)
Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete these folders using Windows Explorer(if present):
C:\WINDOWS\autoupd

Please delete these files using Windows Explorer(if present):
C:\WINDOWS\sdkah.dll
C:\WINDOWS\System32\wi32.exe
After that, Reboot.

4. Please download ewido security suite it is a trial version of the program.
- Install ewido security suite
- Launch ewido, there should be an icon on your desktop double-click it.
- The program will prompt you to update click the OK button
- The program will now go to the main screen
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update
- Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
- Click on scanner
- Make sure the following boxes are checked before scanning:[list]
- Binder
- Crypter
- Archives
Click on Start Scan
Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report
Save the report to your desktop

4. Please download CleanUp! and run it to remove any leftover remnants of infection. Click the CleanUp button, and let it scan and select any files it needs to remove. Once it is done, exit the program.

5. Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply

#4 Discogod

Group: Member
Posts: 12
Joined: 02-May 05

Posted 05 May 2005 - 12:21 PM

Thanks so much for helping. I've tried looking for messangerplus but i can't find it. I know it's supposedly located in my program files but it physically isn't there! It's something i know i had aaaages ago but then i stopped using it & i think uninstalled it. Maybe there's still a comman in or something, i dont know. I'm going to carry on as you say

#5 Discogod

Group: Member
Posts: 12
Joined: 02-May 05

Posted 05 May 2005 - 12:57 PM

Hi, i've gone through the list & done OK until i got to no 2 where you said:

"It will open an Input box. Paste this line into the box

C:\WINDOWS\System32\Cbo.exe"

It couldn't find that file (i probably deleted it inbetween my first message & today), so i put in the file name of something similar to be found in that folder.

I've come back with this windows script host error message:
Script: C:\spywad\REMOVE~1.VBS
Line: 71
Char: 7
Error: permission denied
Code: 800A0046
Source: Microsoft VBScript runtime error.

Then there's a box to click OK.

i checked the system32 folder & the file name i've used is no longer there, but there are plenty of others still there.

I'm not going to do anymore until i hear further from you, as i know zilch about this.

Thanks for advice so far.

When i rebooted my machine back to normal before this last task i got my usual virus popups & messages, so i closed them all & deleted as per usual.

#6 Kat

Group: Retired Staff
Posts: 19,704
Joined: 05-April 05

Posted 05 May 2005 - 03:00 PM

That's ok. If you would, post me a fresh HJT log, and I'll find the correct file name you'll need to finish!

#7 Discogod

Group: Member
Posts: 12
Joined: 02-May 05

Posted 05 May 2005 - 05:00 PM

sorry, here you go:

Logfile of HijackThis v1.99.1
Scan saved at 23:58:51, on 05/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\Iqj.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wi32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\clnyt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\clnyt.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\clnyt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\clnyt.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\clnyt.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\clnyt.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\clnyt.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A6B1DE48-E2B5-5C45-88EB-509D77A96D02} - C:\WINDOWS\sdkah.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [autoupd] C:\WINDOWS\autoupd\autoupd.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Oms] C:\WINDOWS\Chi.exe
O4 - HKLM\..\Run: [Ovf] C:\WINDOWS\System32\Cbo.exe
O4 - HKLM\..\Run: [Rtl] C:\WINDOWS\Jtt.exe
O4 - HKLM\..\Run: [Vtc] C:\WINDOWS\Gug.exe
O4 - HKLM\..\Run: [Anc] C:\WINDOWS\System32\Atl.exe
O4 - HKLM\..\Run: [Tjn] C:\WINDOWS\Eks.exe
O4 - HKLM\..\Run: [Bgv] C:\WINDOWS\System32\Blf.exe
O4 - HKLM\..\Run: [Ept] C:\WINDOWS\System32\Atj.exe
O4 - HKLM\..\Run: [Uck] C:\WINDOWS\System32\Mro.exe
O4 - HKLM\..\Run: [Blv] C:\WINDOWS\Apv.exe
O4 - HKLM\..\Run: [Osp] C:\WINDOWS\Fto.exe
O4 - HKLM\..\Run: [Icg] C:\WINDOWS\Gdv.exe
O4 - HKLM\..\Run: [Kip] C:\WINDOWS\Gof.exe
O4 - HKLM\..\Run: [Hlu] C:\WINDOWS\System32\Fhp.exe
O4 - HKLM\..\Run: [Htc] C:\WINDOWS\Hbb.exe
O4 - HKLM\..\Run: [Jut] C:\WINDOWS\System32\Oti.exe
O4 - HKLM\..\Run: [Muk] C:\WINDOWS\System32\Eep.exe
O4 - HKLM\..\Run: [Ptn] C:\WINDOWS\System32\Qvg.exe
O4 - HKLM\..\Run: [Bjb] C:\WINDOWS\Vpk.exe
O4 - HKLM\..\Run: [Ooj] C:\WINDOWS\System32\Eef.exe
O4 - HKLM\..\Run: [Qfb] C:\WINDOWS\System32\Njm.exe
O4 - HKLM\..\Run: [Etm] C:\WINDOWS\Njg.exe
O4 - HKLM\..\Run: [Ivd] C:\WINDOWS\System32\Tod.exe
O4 - HKLM\..\Run: [Luq] C:\WINDOWS\Jfq.exe
O4 - HKLM\..\Run: [Jcr] C:\WINDOWS\System32\Pta.exe
O4 - HKLM\..\Run: [Jvb] C:\WINDOWS\System32\Ska.exe
O4 - HKLM\..\Run: [Uag] C:\WINDOWS\Ncg.exe
O4 - HKLM\..\Run: [Pcd] C:\WINDOWS\Duo.exe
O4 - HKLM\..\Run: [Vcq] C:\WINDOWS\Use.exe
O4 - HKLM\..\Run: [Etn] C:\WINDOWS\Tna.exe
O4 - HKLM\..\Run: [Ecl] C:\WINDOWS\Jhc.exe
O4 - HKLM\..\Run: [Lmn] C:\WINDOWS\Tma.exe
O4 - HKLM\..\Run: [Ttg] C:\WINDOWS\Udh.exe
O4 - HKLM\..\Run: [Qiu] C:\WINDOWS\System32\Cld.exe
O4 - HKLM\..\Run: [Pvg] C:\WINDOWS\System32\Fel.exe
O4 - HKLM\..\Run: [Inb] C:\WINDOWS\Ibk.exe
O4 - HKLM\..\Run: [Uqq] C:\WINDOWS\System32\Nvd.exe
O4 - HKLM\..\Run: [Ujq] C:\WINDOWS\System32\Cnv.exe
O4 - HKLM\..\Run: [Psr] C:\WINDOWS\Mga.exe
O4 - HKLM\..\Run: [Pmf] C:\WINDOWS\Kut.exe
O4 - HKLM\..\Run: [Atl] C:\WINDOWS\Std.exe
O4 - HKLM\..\Run: [Erf] C:\WINDOWS\Rjo.exe
O4 - HKLM\..\Run: [Eld] C:\WINDOWS\Ltp.exe
O4 - HKLM\..\Run: [Eou] C:\WINDOWS\System32\Unj.exe
O4 - HKLM\..\Run: [Kvq] C:\WINDOWS\Shd.exe
O4 - HKLM\..\Run: [Lpu] C:\WINDOWS\Hbl.exe
O4 - HKLM\..\Run: [Vuq] C:\WINDOWS\Hoq.exe
O4 - HKLM\..\Run: [Bej] C:\WINDOWS\Jdr.exe
O4 - HKLM\..\Run: [Tkg] C:\WINDOWS\System32\Bmc.exe
O4 - HKLM\..\Run: [Mah] C:\WINDOWS\System32\Jbg.exe
O4 - HKLM\..\Run: [Jop] C:\WINDOWS\System32\Afh.exe
O4 - HKLM\..\Run: [Bes] C:\WINDOWS\Mrf.exe
O4 - HKLM\..\Run: [Qht] C:\WINDOWS\System32\Pbt.exe
O4 - HKLM\..\Run: [Hij] C:\WINDOWS\System32\Iqj.exe
O4 - HKLM\..\Run: [Kjh] C:\WINDOWS\Vtq.exe
O4 - HKLM\..\Run: [Esq] C:\WINDOWS\System32\Crb.exe
O4 - HKLM\..\Run: [Sdq] C:\WINDOWS\Svv.exe
O4 - HKLM\..\Run: [Oaf] C:\WINDOWS\Ptm.exe
O4 - HKLM\..\Run: [Icq] C:\WINDOWS\System32\Uqh.exe
O4 - HKLM\..\Run: [Kkl] C:\WINDOWS\Kec.exe
O4 - HKLM\..\Run: [Qeg] C:\WINDOWS\Kim.exe
O4 - HKLM\..\Run: [Bhu] C:\WINDOWS\Nvv.exe
O4 - HKLM\..\Run: [Rda] C:\WINDOWS\Stt.exe
O4 - HKLM\..\Run: [Igl] C:\WINDOWS\Kqk.exe
O4 - HKLM\..\Run: [Evh] C:\WINDOWS\System32\Lhv.exe
O4 - HKLM\..\Run: [Dtg] C:\WINDOWS\System32\Jtu.exe
O4 - HKLM\..\Run: [Prs] C:\WINDOWS\Ndf.exe
O4 - HKLM\..\Run: [Oif] C:\WINDOWS\Kgg.exe
O4 - HKLM\..\Run: [Cer] C:\WINDOWS\Nnp.exe
O4 - HKLM\..\Run: [Dfv] C:\WINDOWS\System32\Shf.exe
O4 - HKLM\..\Run: [Eor] C:\WINDOWS\System32\Ivj.exe
O4 - HKLM\..\Run: [Rrj] C:\WINDOWS\Eqe.exe
O4 - HKLM\..\Run: [Rlr] C:\WINDOWS\Lcs.exe
O4 - HKLM\..\Run: [Eqa] C:\WINDOWS\Kcu.exe
O4 - HKLM\..\Run: [Bcm] C:\WINDOWS\System32\Vtl.exe
O4 - HKLM\..\Run: [Vje] C:\WINDOWS\Iak.exe
O4 - HKLM\..\Run: [Nnl] C:\WINDOWS\Nve.exe
O4 - HKLM\..\Run: [Qpc] C:\WINDOWS\System32\Alo.exe
O4 - HKLM\..\Run: [Cto] C:\WINDOWS\System32\Kbl.exe
O4 - HKLM\..\Run: [Ikd] C:\WINDOWS\System32\Hmp.exe
O4 - HKLM\..\Run: [Kfh] C:\WINDOWS\Erj.exe
O4 - HKLM\..\Run: [Eme] C:\WINDOWS\System32\Str.exe
O4 - HKLM\..\Run: [Qhl] C:\WINDOWS\Cfp.exe
O4 - HKLM\..\Run: [Vov] C:\WINDOWS\System32\Bvl.exe
O4 - HKLM\..\Run: [Nsh] C:\WINDOWS\System32\Cle.exe
O4 - HKLM\..\Run: [Rjn] C:\WINDOWS\System32\Euj.exe
O4 - HKLM\..\Run: [Blp] C:\WINDOWS\Bnq.exe
O4 - HKLM\..\Run: [Fpq] C:\WINDOWS\Jvm.exe
O4 - HKLM\..\Run: [Ooc] C:\WINDOWS\System32\Psj.exe
O4 - HKLM\..\Run: [Urt] C:\WINDOWS\System32\Bqh.exe
O4 - HKLM\..\Run: [Uec] C:\WINDOWS\Ebk.exe
O4 - HKLM\..\Run: [Fcg] C:\WINDOWS\Hjd.exe
O4 - HKLM\..\Run: [Otb] C:\WINDOWS\System32\Sdp.exe
O4 - HKLM\..\Run: [Ptd] C:\WINDOWS\Ejh.exe
O4 - HKLM\..\Run: [Bng] C:\WINDOWS\System32\Abh.exe
O4 - HKLM\..\Run: [Bgb] C:\WINDOWS\System32\Cbo.exe
O4 - HKLM\..\Run: [Lvb] C:\WINDOWS\Ust.exe
O4 - HKLM\..\Run: [Gph] C:\WINDOWS\System32\Ocu.exe
O4 - HKLM\..\Run: [Itl] C:\WINDOWS\System32\Mvf.exe
O4 - HKLM\..\Run: [Dfq] C:\WINDOWS\Mkc.exe
O4 - HKLM\..\Run: [Csr] C:\WINDOWS\Vcv.exe
O4 - HKLM\..\Run: [Tkc] C:\WINDOWS\System32\Khm.exe
O4 - HKLM\..\Run: [Rta] C:\WINDOWS\System32\Slo.exe
O4 - HKLM\..\Run: [Rqo] C:\WINDOWS\System32\Mgo.exe
O4 - HKLM\..\Run: [Rmt] C:\WINDOWS\System32\Hhd.exe
O4 - HKLM\..\Run: [Hps] C:\WINDOWS\System32\Sku.exe
O4 - HKLM\..\Run: [Cjd] C:\WINDOWS\Vcv.exe
O4 - HKLM\..\Run: [Sfu] C:\WINDOWS\System32\Qks.exe
O4 - HKLM\..\Run: [Aeh] C:\WINDOWS\Kbl.exe
O4 - HKLM\..\Run: [Jko] C:\WINDOWS\Oam.exe
O4 - HKLM\..\Run: [Obk] C:\WINDOWS\Eeq.exe
O4 - HKLM\..\Run: [Usj] C:\WINDOWS\System32\Gqg.exe
O4 - HKLM\..\Run: [Ibq] C:\WINDOWS\Dtd.exe
O4 - HKLM\..\Run: [Qrs] C:\WINDOWS\Vqk.exe
O4 - HKLM\..\Run: [Gcm] C:\WINDOWS\System32\Cpo.exe
O4 - HKLM\..\Run: [Lvr] C:\WINDOWS\Ura.exe
O4 - HKLM\..\Run: [Reu] C:\WINDOWS\Aan.exe
O4 - HKLM\..\Run: [Auh] C:\WINDOWS\Def.exe
O4 - HKLM\..\Run: [Cnt] C:\WINDOWS\Kds.exe
O4 - HKLM\..\Run: [Vbt] C:\WINDOWS\System32\Mkv.exe
O4 - HKLM\..\Run: [Cat] C:\WINDOWS\System32\Ehi.exe
O4 - HKLM\..\Run: [Dsk] C:\WINDOWS\Gvf.exe
O4 - HKLM\..\Run: [Nke] C:\WINDOWS\Vbc.exe
O4 - HKLM\..\Run: [Cro] C:\WINDOWS\Bmk.exe
O4 - HKLM\..\Run: [Nnh] C:\WINDOWS\System32\Uut.exe
O4 - HKLM\..\Run: [Bac] C:\WINDOWS\Khf.exe
O4 - HKLM\..\Run: [Tjv] C:\WINDOWS\System32\Ggb.exe
O4 - HKLM\..\Run: [Oge] C:\WINDOWS\System32\Mas.exe
O4 - HKLM\..\Run: [Slo] C:\WINDOWS\Tst.exe
O4 - HKLM\..\Run: [Reg] C:\WINDOWS\System32\Isg.exe
O4 - HKLM\..\Run: [Jpi] C:\WINDOWS\System32\Nfv.exe
O4 - HKLM\..\Run: [Jsh] C:\WINDOWS\Vrb.exe
O4 - HKLM\..\Run: [Bnu] C:\WINDOWS\Jmr.exe
O4 - HKLM\..\Run: [Odq] C:\WINDOWS\Kvo.exe
O4 - HKLM\..\Run: [Eui] C:\WINDOWS\System32\Sub.exe
O4 - HKLM\..\Run: [Hrn] C:\WINDOWS\Tah.exe
O4 - HKLM\..\Run: [Crr] C:\WINDOWS\System32\Naa.exe
O4 - HKLM\..\Run: [Occ] C:\WINDOWS\System32\Cgd.exe
O4 - HKLM\..\Run: [Hre] C:\WINDOWS\System32\Ami.exe
O4 - HKLM\..\Run: [Bsd] C:\WINDOWS\System32\Oqq.exe
O4 - HKLM\..\Run: [Bol] C:\WINDOWS\Nul.exe
O4 - HKLM\..\Run: [Fqg] C:\WINDOWS\System32\Psn.exe
O4 - HKLM\..\Run: [Hup] C:\WINDOWS\Jqh.exe
O4 - HKLM\..\Run: [Epk] C:\WINDOWS\System32\Ojl.exe
O4 - HKLM\..\Run: [Ngh] C:\WINDOWS\Skp.exe
O4 - HKLM\..\Run: [Kuh] C:\WINDOWS\Kfh.exe
O4 - HKLM\..\Run: [Grs] C:\WINDOWS\System32\Fab.exe
O4 - HKLM\..\Run: [Hso] C:\WINDOWS\System32\Goi.exe
O4 - HKLM\..\Run: [Uaf] C:\WINDOWS\Sro.exe
O4 - HKLM\..\Run: [Dsn] C:\WINDOWS\System32\Kgv.exe
O4 - HKLM\..\Run: [Hao] C:\WINDOWS\System32\Lch.exe
O4 - HKLM\..\Run: [Nub] C:\WINDOWS\System32\Hpv.exe
O4 - HKLM\..\Run: [Pii] C:\WINDOWS\Ecr.exe
O4 - HKLM\..\Run: [Jhc] C:\WINDOWS\Rdj.exe
O4 - HKLM\..\Run: [Djq] C:\WINDOWS\System32\Cll.exe
O4 - HKLM\..\Run: [Nec] C:\WINDOWS\Saq.exe
O4 - HKLM\..\Run: [Bhs] C:\WINDOWS\System32\Qed.exe
O4 - HKLM\..\Run: [Bip] C:\WINDOWS\Osr.exe
O4 - HKLM\..\Run: [Vko] C:\WINDOWS\Eqg.exe
O4 - HKLM\..\Run: [Ous] C:\WINDOWS\Dhs.exe
O4 - HKLM\..\Run: [Mcd] C:\WINDOWS\Mhq.exe
O4 - HKLM\..\Run: [Bbt] C:\WINDOWS\System32\Kpg.exe
O4 - HKLM\..\Run: [Acb] C:\WINDOWS\System32\Cgq.exe
O4 - HKLM\..\Run: [Jse] C:\WINDOWS\Qvm.exe
O4 - HKLM\..\Run: [Pik] C:\WINDOWS\System32\Thp.exe
O4 - HKLM\..\Run: [Ihh] C:\WINDOWS\Fdv.exe
O4 - HKLM\..\Run: [Esn] C:\WINDOWS\System32\Ecu.exe
O4 - HKLM\..\Run: [Veg] C:\WINDOWS\Lqr.exe
O4 - HKLM\..\Run: [Vio] C:\WINDOWS\System32\Lms.exe
O4 - HKLM\..\Run: [Pvc] C:\WINDOWS\System32\Ukv.exe
O4 - HKLM\..\Run: [Kgg] C:\WINDOWS\System32\Coj.exe
O4 - HKLM\..\Run: [Nqm] C:\WINDOWS\Bpj.exe
O4 - HKLM\..\Run: [Hvt] C:\WINDOWS\System32\Sns.exe
O4 - HKLM\..\Run: [Qrm] C:\WINDOWS\Rdh.exe
O4 - HKLM\..\Run: [Hhm] C:\WINDOWS\Dbk.exe
O4 - HKLM\..\Run: [Oje] C:\WINDOWS\System32\Gom.exe
O4 - HKLM\..\Run: [Anf] C:\WINDOWS\System32\Nbu.exe
O4 - HKLM\..\Run: [Sse] C:\WINDOWS\System32\Jei.exe
O4 - HKLM\..\Run: [Dtv] C:\WINDOWS\Hrt.exe
O4 - HKLM\..\Run: [Jbl] C:\WINDOWS\System32\Cph.exe
O4 - HKLM\..\Run: [Lsd] C:\WINDOWS\System32\Jft.exe
O4 - HKLM\..\Run: [Vgu] C:\WINDOWS\System32\Bge.exe
O4 - HKLM\..\Run: [Gjd] C:\WINDOWS\System32\Ith.exe
O4 - HKLM\..\Run: [Sfj] C:\WINDOWS\System32\Gqd.exe
O4 - HKLM\..\Run: [Uqg] C:\WINDOWS\Jor.exe
O4 - HKLM\..\Run: [Kdt] C:\WINDOWS\System32\Ibg.exe
O4 - HKLM\..\Run: [Jfo] C:\WINDOWS\Qnc.exe
O4 - HKLM\..\Run: [Npb] C:\WINDOWS\Fbk.exe
O4 - HKLM\..\Run: [Dht] C:\WINDOWS\System32\Fom.exe
O4 - HKLM\..\Run: [Gte] C:\WINDOWS\System32\Sbk.exe
O4 - HKLM\..\Run: [Tmp] C:\WINDOWS\Her.exe
O4 - HKLM\..\Run: [Glv] C:\WINDOWS\System32\Vgl.exe
O4 - HKLM\..\Run: [Umo] C:\WINDOWS\System32\Ugl.exe
O4 - HKLM\..\Run: [Uno] C:\WINDOWS\Sth.exe
O4 - HKLM\..\Run: [Ehu] C:\WINDOWS\System32\Gnp.exe
O4 - HKLM\..\Run: [Eue] C:\WINDOWS\System32\Jvk.exe
O4 - HKLM\..\Run: [Tha] C:\WINDOWS\Bef.exe
O4 - HKLM\..\Run: [Bsu] C:\WINDOWS\Vkh.exe
O4 - HKLM\..\Run: [Oti] C:\WINDOWS\System32\Itm.exe
O4 - HKLM\..\Run: [Qug] C:\WINDOWS\System32\Oin.exe
O4 - HKLM\..\Run: [Qfd] C:\WINDOWS\Eet.exe
O4 - HKLM\..\Run: [Pfk] C:\WINDOWS\System32\Gij.exe
O4 - HKLM\..\Run: [Chi] C:\WINDOWS\Ilt.exe
O4 - HKLM\..\Run: [Cso] C:\WINDOWS\System32\Vbg.exe
O4 - HKLM\..\Run: [Jtu] C:\WINDOWS\Jou.exe
O4 - HKLM\..\Run: [Sae] C:\WINDOWS\System32\Pke.exe
O4 - HKLM\..\Run: [Abg] C:\WINDOWS\System32\Uet.exe
O4 - HKLM\..\Run: [Una] C:\WINDOWS\System32\Opb.exe
O4 - HKLM\..\Run: [Gii] C:\WINDOWS\System32\Uqt.exe
O4 - HKLM\..\Run: [Beu] C:\WINDOWS\Rie.exe
O4 - HKLM\..\Run: [Ucb] C:\WINDOWS\Cra.exe
O4 - HKLM\..\Run: [Fds] C:\WINDOWS\Kle.exe
O4 - HKLM\..\Run: [Msf] C:\WINDOWS\Evh.exe
O4 - HKLM\..\Run: [Ptv] C:\WINDOWS\System32\Uqf.exe
O4 - HKLM\..\Run: [Evl] C:\WINDOWS\Dfr.exe
O4 - HKLM\..\Run: [Opu] C:\WINDOWS\System32\Ghr.exe
O4 - HKLM\..\Run: [Uhf] C:\WINDOWS\Hhs.exe
O4 - HKLM\..\Run: [Gqs] C:\WINDOWS\System32\Qjo.exe
O4 - HKLM\..\Run: [Ffi] C:\WINDOWS\System32\Mar.exe
O4 - HKLM\..\Run: [Cah] C:\WINDOWS\System32\Ecs.exe
O4 - HKLM\..\Run: [Nnt] C:\WINDOWS\System32\Vkp.exe
O4 - HKLM\..\Run: [Abq] C:\WINDOWS\Tuq.exe
O4 - HKLM\..\Run: [Udm] C:\WINDOWS\System32\Aql.exe
O4 - HKLM\..\Run: [Ioq] C:\WINDOWS\Flo.exe
O4 - HKLM\..\Run: [Bgq] C:\WINDOWS\Iji.exe
O4 - HKLM\..\Run: [Rvq] C:\WINDOWS\System32\Set.exe
O4 - HKLM\..\Run: [Rsr] C:\WINDOWS\Irs.exe
O4 - HKLM\..\Run: [Cut] C:\WINDOWS\System32\Aqk.exe
O4 - HKLM\..\Run: [Hbp] C:\WINDOWS\System32\Get.exe
O4 - HKLM\..\Run: [Dad] C:\WINDOWS\System32\Suf.exe
O4 - HKLM\..\Run: [Tir] C:\WINDOWS\System32\Veb.exe
O4 - HKLM\..\Run: [Vit] C:\WINDOWS\Qfk.exe
O4 - HKLM\..\Run: [Eno] C:\WINDOWS\Aln.exe
O4 - HKLM\..\Run: [Ldj] C:\WINDOWS\Hoe.exe
O4 - HKLM\..\Run: [Hok] C:\WINDOWS\Saj.exe
O4 - HKLM\..\Run: [Rqa] C:\WINDOWS\System32\Slt.exe
O4 - HKLM\..\Run: [Drb] C:\WINDOWS\System32\Dhb.exe
O4 - HKLM\..\Run: [Gqp] C:\WINDOWS\System32\Prh.exe
O4 - HKLM\..\Run: [Gsi] C:\WINDOWS\System32\Epp.exe
O4 - HKLM\..\Run: [Vsg] C:\WINDOWS\System32\Peb.exe
O4 - HKLM\..\Run: [Kkj] C:\WINDOWS\System32\Aru.exe
O4 - HKLM\..\Run: [Djm] C:\WINDOWS\System32\Kmk.exe
O4 - HKLM\..\Run: [Fvf] C:\WINDOWS\System32\Csr.exe
O4 - HKLM\..\Run: [Lkc] C:\WINDOWS\System32\Gaj.exe
O4 - HKLM\..\Run: [Rkl] C:\WINDOWS\Qrc.exe
O4 - HKLM\..\Run: [Ibh] C:\WINDOWS\Pvv.exe
O4 - HKLM\..\Run: [Dps] C:\WINDOWS\System32\Juj.exe
O4 - HKLM\..\Run: [Onk] C:\WINDOWS\Tro.exe
O4 - HKLM\..\Run: [Inj] C:\WINDOWS\Dpg.exe
O4 - HKLM\..\Run: [Uru] C:\WINDOWS\Uei.exe
O4 - HKLM\..\Run: [Irn] C:\WINDOWS\System32\Vfo.exe
O4 - HKLM\..\Run: [Aat] C:\WINDOWS\System32\Cuo.exe
O4 - HKLM\..\Run: [Mkd] C:\WINDOWS\Pcg.exe
O4 - HKLM\..\Run: [Ont] C:\WINDOWS\System32\Tjj.exe
O4 - HKLM\..\Run: [Iot] C:\WINDOWS\Tpk.exe
O4 - HKLM\..\Run: [Jqf] C:\WINDOWS\System32\Mnv.exe
O4 - HKLM\..\Run: [Ofh] C:\WINDOWS\Vap.exe
O4 - HKLM\..\Run: [Ggk] C:\WINDOWS\Lqa.exe
O4 - HKLM\..\Run: [Plm] C:\WINDOWS\System32\Khr.exe
O4 - HKLM\..\Run: [Fnd] C:\WINDOWS\System32\Jla.exe
O4 - HKLM\..\Run: [Pvr] C:\WINDOWS\Aiq.exe
O4 - HKLM\..\Run: [Uhi] C:\WINDOWS\System32\Fik.exe
O4 - HKLM\..\Run: [Ffl] C:\WINDOWS\System32\Hoh.exe
O4 - HKLM\..\Run: [Fav] C:\WINDOWS\Gka.exe
O4 - HKLM\..\Run: [Orp] C:\WINDOWS\Hsi.exe
O4 - HKLM\..\Run: [Upr] C:\WINDOWS\Jro.exe
O4 - HKLM\..\Run: [Avt] C:\WINDOWS\System32\Vfv.exe
O4 - HKLM\..\Run: [Vkm] C:\WINDOWS\System32\Pkn.exe
O4 - HKLM\..\Run: [Rbn] C:\WINDOWS\Kkm.exe
O4 - HKLM\..\Run: [Etc] C:\WINDOWS\Qhl.exe
O4 - HKLM\..\Run: [Mts] C:\WINDOWS\Qti.exe
O4 - HKLM\..\Run: [Gkd] C:\WINDOWS\Cef.exe
O4 - HKLM\..\Run: [Tnk] C:\WINDOWS\System32\Qkt.exe
O4 - HKLM\..\Run: [Por] C:\WINDOWS\Lmp.exe
O4 - HKLM\..\Run: [Jmn] C:\WINDOWS\Cqc.exe
O4 - HKLM\..\Run: [Pen] C:\WINDOWS\Tng.exe
O4 - HKLM\..\Run: [Cql] C:\WINDOWS\System32\Ffr.exe
O4 - HKLM\..\Run: [Lcj] C:\WINDOWS\Qhi.exe
O4 - HKLM\..\Run: [Isr] C:\WINDOWS\System32\Rtl.exe
O4 - HKLM\..\Run: [Vli] C:\WINDOWS\Rqp.exe
O4 - HKLM\..\Run: [Eit] C:\WINDOWS\Pnh.exe
O4 - HKLM\..\Run: [Ham] C:\WINDOWS\System32\Iif.exe
O4 - HKLM\..\Run: [Hko] C:\WINDOWS\System32\Hdc.exe
O4 - HKLM\..\Run: [Jnu] C:\WINDOWS\Iee.exe
O4 - HKLM\..\Run: [Fvq] C:\WINDOWS\Ggm.exe
O4 - HKLM\..\Run: [Umf] C:\WINDOWS\System32\Fqg.exe
O4 - HKLM\..\Run: [Phf] C:\WINDOWS\System32\Ktf.exe
O4 - HKLM\..\Run: [Aog] C:\WINDOWS\Uoe.exe
O4 - HKLM\..\Run: [Unk] C:\WINDOWS\Mrm.exe
O4 - HKLM\..\Run: [Hmg] C:\WINDOWS\System32\Icl.exe
O4 - HKLM\..\Run: [Gng] C:\WINDOWS\System32\Tak.exe
O4 - HKLM\..\Run: [Vqc] C:\WINDOWS\Pvb.exe
O4 - HKLM\..\Run: [Dss] C:\WINDOWS\Rhl.exe
O4 - HKLM\..\Run: [Jqe] C:\WINDOWS\System32\Ibj.exe
O4 - HKLM\..\Run: [Kvb] C:\WINDOWS\Pqk.exe
O4 - HKLM\..\Run: [Src] C:\WINDOWS\Ulc.exe
O4 - HKLM\..\Run: [Lrf] C:\WINDOWS\Gve.exe
O4 - HKLM\..\Run: [Lnq] C:\WINDOWS\Jph.exe
O4 - HKLM\..\Run: [Rsc] C:\WINDOWS\System32\Riu.exe
O4 - HKLM\..\Run: [Pme] C:\WINDOWS\System32\Nql.exe
O4 - HKLM\..\Run: [Tus] C:\WINDOWS\System32\Qrf.exe
O4 - HKLM\..\Run: [Lfu] C:\WINDOWS\System32\Qip.exe
O4 - HKLM\..\Run: [Ast] C:\WINDOWS\Oac.exe
O4 - HKLM\..\Run: [Uts] C:\WINDOWS\System32\Jrf.exe
O4 - HKLM\..\Run: [Sff] C:\WINDOWS\Lqt.exe
O4 - HKLM\..\Run: [Kap] C:\WINDOWS\Bba.exe
O4 - HKLM\..\Run: [Lcv] C:\WINDOWS\Ovk.exe
O4 - HKLM\..\Run: [Bae] C:\WINDOWS\Pfq.exe
O4 - HKLM\..\Run: [Rlo] C:\WINDOWS\Bjg.exe
O4 - HKLM\..\Run: [Dec] C:\WINDOWS\Gjc.exe
O4 - HKLM\..\Run: [Igg] C:\WINDOWS\Pjl.exe
O4 - HKLM\..\Run: [Hrk] C:\WINDOWS\Htk.exe
O4 - HKLM\..\Run: [Orn] C:\WINDOWS\System32\Sfu.exe
O4 - HKLM\..\Run: [Peq] C:\WINDOWS\Pjj.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???????\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Oms] C:\WINDOWS\Chi.exe
O4 - HKCU\..\Run: [wupdate] C:\WINDOWS\System32\wi32.exe
O4 - HKCU\..\Run: [Ovf] C:\WINDOWS\System32\Cbo.exe
O4 - HKCU\..\Run: [Rtl] C:\WINDOWS\Jtt.exe
O4 - HKCU\..\Run: [Vtc] C:\WINDOWS\Gug.exe
O4 - HKCU\..\Run: [Anc] C:\WINDOWS\System32\Atl.exe
O4 - HKCU\..\Run: [Tjn] C:\WINDOWS\Eks.exe
O4 - HKCU\..\Run: [Bgv] C:\WINDOWS\System32\Blf.exe
O4 - HKCU\..\Run: [Ept] C:\WINDOWS\System32\Atj.exe
O4 - HKCU\..\Run: [Uck] C:\WINDOWS\System32\Mro.exe
O4 - HKCU\..\Run: [Blv] C:\WINDOWS\Apv.exe
O4 - HKCU\..\Run: [Osp] C:\WINDOWS\Fto.exe
O4 - HKCU\..\Run: [Icg] C:\WINDOWS\Gdv.exe
O4 - HKCU\..\Run: [Kip] C:\WINDOWS\Gof.exe
O4 - HKCU\..\Run: [Hlu] C:\WINDOWS\System32\Fhp.exe
O4 - HKCU\..\Run: [Htc] C:\WINDOWS\Hbb.exe
O4 - HKCU\..\Run: [Jut] C:\WINDOWS\System32\Oti.exe
O4 - HKCU\..\Run: [Muk] C:\WINDOWS\System32\Eep.exe
O4 - HKCU\..\Run: [Ptn] C:\WINDOWS\System32\Qvg.exe
O4 - HKCU\..\Run: [Bjb] C:\WINDOWS\Vpk.exe
O4 - HKCU\..\Run: [Ooj] C:\WINDOWS\System32\Eef.exe
O4 - HKCU\..\Run: [Qfb] C:\WINDOWS\System32\Njm.exe
O4 - HKCU\..\Run: [Etm] C:\WINDOWS\Njg.exe
O4 - HKCU\..\Run: [Ivd] C:\WINDOWS\System32\Tod.exe
O4 - HKCU\..\Run: [Luq] C:\WINDOWS\Jfq.exe
O4 - HKCU\..\Run: [Jcr] C:\WINDOWS\System32\Pta.exe
O4 - HKCU\..\Run: [Jvb] C:\WINDOWS\System32\Ska.exe
O4 - HKCU\..\Run: [Uag] C:\WINDOWS\Ncg.exe
O4 - HKCU\..\Run: [Pcd] C:\WINDOWS\Duo.exe
O4 - HKCU\..\Run: [Vcq] C:\WINDOWS\Use.exe
O4 - HKCU\..\Run: [Etn] C:\WINDOWS\Tna.exe
O4 - HKCU\..\Run: [Ecl] C:\WINDOWS\Jhc.exe
O4 - HKCU\..\Run: [Lmn] C:\WINDOWS\Tma.exe
O4 - HKCU\..\Run: [Ttg] C:\WINDOWS\Udh.exe
O4 - HKCU\..\Run: [Qiu] C:\WINDOWS\System32\Cld.exe
O4 - HKCU\..\Run: [Pvg] C:\WINDOWS\System32\Fel.exe
O4 - HKCU\..\Run: [Inb] C:\WINDOWS\Ibk.exe
O4 - HKCU\..\Run: [Uqq] C:\WINDOWS\System32\Nvd.exe
O4 - HKCU\..\Run: [Ujq] C:\WINDOWS\System32\Cnv.exe
O4 - HKCU\..\Run: [Psr] C:\WINDOWS\Mga.exe
O4 - HKCU\..\Run: [Pmf] C:\WINDOWS\Kut.exe
O4 - HKCU\..\Run: [Atl] C:\WINDOWS\Std.exe
O4 - HKCU\..\Run: [Erf] C:\WINDOWS\Rjo.exe
O4 - HKCU\..\Run: [Eld] C:\WINDOWS\Ltp.exe
O4 - HKCU\..\Run: [Eou] C:\WINDOWS\System32\Unj.exe
O4 - HKCU\..\Run: [Kvq] C:\WINDOWS\Shd.exe
O4 - HKCU\..\Run: [Lpu] C:\WINDOWS\Hbl.exe
O4 - HKCU\..\Run: [Vuq] C:\WINDOWS\Hoq.exe
O4 - HKCU\..\Run: [Bej] C:\WINDOWS\Jdr.exe
O4 - HKCU\..\Run: [Tkg] C:\WINDOWS\System32\Bmc.exe
O4 - HKCU\..\Run: [Mah] C:\WINDOWS\System32\Jbg.exe
O4 - HKCU\..\Run: [Jop] C:\WINDOWS\System32\Afh.exe
O4 - HKCU\..\Run: [Bes] C:\WINDOWS\Mrf.exe
O4 - HKCU\..\Run: [Qht] C:\WINDOWS\System32\Pbt.exe
O4 - HKCU\..\Run: [Hij] C:\WINDOWS\System32\Iqj.exe
O4 - HKCU\..\Run: [Kjh] C:\WINDOWS\Vtq.exe
O4 - HKCU\..\Run: [Esq] C:\WINDOWS\System32\Crb.exe
O4 - HKCU\..\Run: [Sdq] C:\WINDOWS\Svv.exe
O4 - HKCU\..\Run: [Oaf] C:\WINDOWS\Ptm.exe
O4 - HKCU\..\Run: [Icq] C:\WINDOWS\System32\Uqh.exe
O4 - HKCU\..\Run: [Kkl] C:\WINDOWS\Kec.exe
O4 - HKCU\..\Run: [Qeg] C:\WINDOWS\Kim.exe
O4 - HKCU\..\Run: [Bhu] C:\WINDOWS\Nvv.exe
O4 - HKCU\..\Run: [Rda] C:\WINDOWS\Stt.exe
O4 - HKCU\..\Run: [Igl] C:\WINDOWS\Kqk.exe
O4 - HKCU\..\Run: [Evh] C:\WINDOWS\System32\Lhv.exe
O4 - HKCU\..\Run: [Dtg] C:\WINDOWS\System32\Jtu.exe
O4 - HKCU\..\Run: [Prs] C:\WINDOWS\Ndf.exe
O4 - HKCU\..\Run: [Oif] C:\WINDOWS\Kgg.exe
O4 - HKCU\..\Run: [Cer] C:\WINDOWS\Nnp.exe
O4 - HKCU\..\Run: [Dfv] C:\WINDOWS\System32\Shf.exe
O4 - HKCU\..\Run: [Eor] C:\WINDOWS\System32\Ivj.exe
O4 - HKCU\..\Run: [Rrj] C:\WINDOWS\Eqe.exe
O4 - HKCU\..\Run: [Rlr] C:\WINDOWS\Lcs.exe
O4 - HKCU\..\Run: [Eqa] C:\WINDOWS\Kcu.exe
O4 - HKCU\..\Run: [Bcm] C:\WINDOWS\System32\Vtl.exe
O4 - HKCU\..\Run: [Vje] C:\WINDOWS\Iak.exe
O4 - HKCU\..\Run: [Nnl] C:\WINDOWS\Nve.exe
O4 - HKCU\..\Run: [Qpc] C:\WINDOWS\System32\Alo.exe
O4 - HKCU\..\Run: [Cto] C:\WINDOWS\System32\Kbl.exe
O4 - HKCU\..\Run: [Ikd] C:\WINDOWS\System32\Hmp.exe
O4 - HKCU\..\Run: [Kfh] C:\WINDOWS\Erj.exe
O4 - HKCU\..\Run: [Eme] C:\WINDOWS\System32\Str.exe
O4 - HKCU\..\Run: [Qhl] C:\WINDOWS\Cfp.exe
O4 - HKCU\..\Run: [Vov] C:\WINDOWS\System32\Bvl.exe
O4 - HKCU\..\Run: [Nsh] C:\WINDOWS\System32\Cle.exe
O4 - HKCU\..\Run: [Rjn] C:\WINDOWS\System32\Euj.exe
O4 - HKCU\..\Run: [Blp] C:\WINDOWS\Bnq.exe
O4 - HKCU\..\Run: [Fpq] C:\WINDOWS\Jvm.exe
O4 - HKCU\..\Run: [Ooc] C:\WINDOWS\System32\Psj.exe
O4 - HKCU\..\Run: [Urt] C:\WINDOWS\System32\Bqh.exe
O4 - HKCU\..\Run: [Uec] C:\WINDOWS\Ebk.exe
O4 - HKCU\..\Run: [Fcg] C:\WINDOWS\Hjd.exe
O4 - HKCU\..\Run: [Otb] C:\WINDOWS\System32\Sdp.exe
O4 - HKCU\..\Run: [Ptd] C:\WINDOWS\Ejh.exe
O4 - HKCU\..\Run: [Bng] C:\WINDOWS\System32\Abh.exe
O4 - HKCU\..\Run: [Bgb] C:\WINDOWS\System32\Cbo.exe
O4 - HKCU\..\Run: [Lvb] C:\WINDOWS\Ust.exe
O4 - HKCU\..\Run: [Gph] C:\WINDOWS\System32\Ocu.exe
O4 - HKCU\..\Run: [Itl] C:\WINDOWS\System32\Mvf.exe
O4 - HKCU\..\Run: [Dfq] C:\WINDOWS\Mkc.exe
O4 - HKCU\..\Run: [Csr] C:\WINDOWS\Vcv.exe
O4 - HKCU\..\Run: [Tkc] C:\WINDOWS\System32\Khm.exe
O4 - HKCU\..\Run: [Rta] C:\WINDOWS\System32\Slo.exe
O4 - HKCU\..\Run: [Rqo] C:\WINDOWS\System32\Mgo.exe
O4 - HKCU\..\Run: [Rmt] C:\WINDOWS\System32\Hhd.exe
O4 - HKCU\..\Run: [Hps] C:\WINDOWS\System32\Sku.exe
O4 - HKCU\..\Run: [Cjd] C:\WINDOWS\Vcv.exe
O4 - HKCU\..\Run: [Sfu] C:\WINDOWS\System32\Qks.exe
O4 - HKCU\..\Run: [Aeh] C:\WINDOWS\Kbl.exe
O4 - HKCU\..\Run: [Jko] C:\WINDOWS\Oam.exe
O4 - HKCU\..\Run: [Obk] C:\WINDOWS\Eeq.exe
O4 - HKCU\..\Run: [Usj] C:\WINDOWS\System32\Gqg.exe
O4 - HKCU\..\Run: [Ibq] C:\WINDOWS\Dtd.exe
O4 - HKCU\..\Run: [Qrs] C:\WINDOWS\Vqk.exe
O4 - HKCU\..\Run: [Gcm] C:\WINDOWS\System32\Cpo.exe
O4 - HKCU\..\Run: [Lvr] C:\WINDOWS\Ura.exe
O4 - HKCU\..\Run: [Reu] C:\WINDOWS\Aan.exe
O4 - HKCU\..\Run: [Auh] C:\WINDOWS\Def.exe
O4 - HKCU\..\Run: [Cnt] C:\WINDOWS\Kds.exe
O4 - HKCU\..\Run: [Vbt] C:\WINDOWS\System32\Mkv.exe
O4 - HKCU\..\Run: [Cat] C:\WINDOWS\System32\Ehi.exe
O4 - HKCU\..\Run: [Dsk] C:\WINDOWS\Gvf.exe
O4 - HKCU\..\Run: [Nke] C:\WINDOWS\Vbc.exe
O4 - HKCU\..\Run: [Cro] C:\WINDOWS\Bmk.exe
O4 - HKCU\..\Run: [Nnh] C:\WINDOWS\System32\Uut.exe
O4 - HKCU\..\Run: [Bac] C:\WINDOWS\Khf.exe
O4 - HKCU\..\Run: [Tjv] C:\WINDOWS\System32\Ggb.exe
O4 - HKCU\..\Run: [Oge] C:\WINDOWS\System32\Mas.exe
O4 - HKCU\..\Run: [Slo] C:\WINDOWS\Tst.exe
O4 - HKCU\..\Run: [Reg] C:\WINDOWS\System32\Isg.exe
O4 - HKCU\..\Run: [Jpi] C:\WINDOWS\System32\Nfv.exe
O4 - HKCU\..\Run: [Jsh] C:\WINDOWS\Vrb.exe
O4 - HKCU\..\Run: [Bnu] C:\WINDOWS\Jmr.exe
O4 - HKCU\..\Run: [Odq] C:\WINDOWS\Kvo.exe
O4 - HKCU\..\Run: [Eui] C:\WINDOWS\System32\Sub.exe
O4 - HKCU\..\Run: [Hrn] C:\WINDOWS\Tah.exe
O4 - HKCU\..\Run: [Crr] C:\WINDOWS\System32\Naa.exe
O4 - HKCU\..\Run: [Occ] C:\WINDOWS\System32\Cgd.exe
O4 - HKCU\..\Run: [Hre] C:\WINDOWS\System32\Ami.exe
O4 - HKCU\..\Run: [Bsd] C:\WINDOWS\System32\Oqq.exe
O4 - HKCU\..\Run: [Bol] C:\WINDOWS\Nul.exe
O4 - HKCU\..\Run: [Fqg] C:\WINDOWS\System32\Psn.exe
O4 - HKCU\..\Run: [Hup] C:\WINDOWS\Jqh.exe
O4 - HKCU\..\Run: [Epk] C:\WINDOWS\System32\Ojl.exe
O4 - HKCU\..\Run: [Ngh] C:\WINDOWS\Skp.exe
O4 - HKCU\..\Run: [Kuh] C:\WINDOWS\Kfh.exe
O4 - HKCU\..\Run: [Grs] C:\WINDOWS\System32\Fab.exe
O4 - HKCU\..\Run: [Hso] C:\WINDOWS\System32\Goi.exe
O4 - HKCU\..\Run: [Uaf] C:\WINDOWS\Sro.exe
O4 - HKCU\..\Run: [Dsn] C:\WINDOWS\System32\Kgv.exe
O4 - HKCU\..\Run: [Hao] C:\WINDOWS\System32\Lch.exe
O4 - HKCU\..\Run: [Nub] C:\WINDOWS\System32\Hpv.exe
O4 - HKCU\..\Run: [Pii] C:\WINDOWS\Ecr.exe
O4 - HKCU\..\Run: [Jhc] C:\WINDOWS\Rdj.exe
O4 - HKCU\..\Run: [Djq] C:\WINDOWS\System32\Cll.exe
O4 - HKCU\..\Run: [Nec] C:\WINDOWS\Saq.exe
O4 - HKCU\..\Run: [Bhs] C:\WINDOWS\System32\Qed.exe
O4 - HKCU\..\Run: [Bip] C:\WINDOWS\Osr.exe
O4 - HKCU\..\Run: [Vko] C:\WINDOWS\Eqg.exe
O4 - HKCU\..\Run: [Ous] C:\WINDOWS\Dhs.exe
O4 - HKCU\..\Run: [Mcd] C:\WINDOWS\Mhq.exe
O4 - HKCU\..\Run: [Bbt] C:\WINDOWS\System32\Kpg.exe
O4 - HKCU\..\Run: [Acb] C:\WINDOWS\System32\Cgq.exe
O4 - HKCU\..\Run: [Jse] C:\WINDOWS\Qvm.exe
O4 - HKCU\..\Run: [Pik] C:\WINDOWS\System32\Thp.exe
O4 - HKCU\..\Run: [Ihh] C:\WINDOWS\Fdv.exe
O4 - HKCU\..\Run: [Esn] C:\WINDOWS\System32\Ecu.exe
O4 - HKCU\..\Run: [Veg] C:\WINDOWS\Lqr.exe
O4 - HKCU\..\Run: [Vio] C:\WINDOWS\System32\Lms.exe
O4 - HKCU\..\Run: [Pvc] C:\WINDOWS\System32\Ukv.exe
O4 - HKCU\..\Run: [Kgg] C:\WINDOWS\System32\Coj.exe
O4 - HKCU\..\Run: [Nqm] C:\WINDOWS\Bpj.exe
O4 - HKCU\..\Run: [Hvt] C:\WINDOWS\System32\Sns.exe
O4 - HKCU\..\Run: [Qrm] C:\WINDOWS\Rdh.exe
O4 - HKCU\..\Run: [Hhm] C:\WINDOWS\Dbk.exe
O4 - HKCU\..\Run: [Oje] C:\WINDOWS\System32\Gom.exe
O4 - HKCU\..\Run: [Anf] C:\WINDOWS\System32\Nbu.exe
O4 - HKCU\..\Run: [Sse] C:\WINDOWS\System32\Jei.exe
O4 - HKCU\..\Run: [Dtv] C:\WINDOWS\Hrt.exe
O4 - HKCU\..\Run: [Jbl] C:\WINDOWS\System32\Cph.exe
O4 - HKCU\..\Run: [Lsd] C:\WINDOWS\System32\Jft.exe
O4 - HKCU\..\Run: [Vgu] C:\WINDOWS\System32\Bge.exe
O4 - HKCU\..\Run: [Gjd] C:\WINDOWS\System32\Ith.exe
O4 - HKCU\..\Run: [Sfj] C:\WINDOWS\System32\Gqd.exe
O4 - HKCU\..\Run: [Uqg] C:\WINDOWS\Jor.exe
O4 - HKCU\..\Run: [Kdt] C:\WINDOWS\System32\Ibg.exe
O4 - HKCU\..\Run: [Jfo] C:\WINDOWS\Qnc.exe
O4 - HKCU\..\Run: [Npb] C:\WINDOWS\Fbk.exe
O4 - HKCU\..\Run: [Dht] C:\WINDOWS\System32\Fom.exe
O4 - HKCU\..\Run: [Gte] C:\WINDOWS\System32\Sbk.exe
O4 - HKCU\..\Run: [Tmp] C:\WINDOWS\Her.exe
O4 - HKCU\..\Run: [Glv] C:\WINDOWS\System32\Vgl.exe
O4 - HKCU\..\Run: [Umo] C:\WINDOWS\System32\Ugl.exe
O4 - HKCU\..\Run: [Uno] C:\WINDOWS\Sth.exe
O4 - HKCU\..\Run: [Ehu] C:\WINDOWS\System32\Gnp.exe
O4 - HKCU\..\Run: [Eue] C:\WINDOWS\System32\Jvk.exe
O4 - HKCU\..\Run: [Tha] C:\WINDOWS\Bef.exe
O4 - HKCU\..\Run: [Bsu] C:\WINDOWS\Vkh.exe
O4 - HKCU\..\Run: [Oti] C:\WINDOWS\System32\Itm.exe
O4 - HKCU\..\Run: [Qug] C:\WINDOWS\System32\Oin.exe
O4 - HKCU\..\Run: [Qfd] C:\WINDOWS\Eet.exe
O4 - HKCU\..\Run: [Pfk] C:\WINDOWS\System32\Gij.exe
O4 - HKCU\..\Run: [Chi] C:\WINDOWS\Ilt.exe
O4 - HKCU\..\Run: [Cso] C:\WINDOWS\System32\Vbg.exe
O4 - HKCU\..\Run: [Jtu] C:\WINDOWS\Jou.exe
O4 - HKCU\..\Run: [Sae] C:\WINDOWS\System32\Pke.exe
O4 - HKCU\..\Run: [Abg] C:\WINDOWS\System32\Uet.exe
O4 - HKCU\..\Run: [Una] C:\WINDOWS\System32\Opb.exe
O4 - HKCU\..\Run: [Gii] C:\WINDOWS\System32\Uqt.exe
O4 - HKCU\..\Run: [Beu] C:\WINDOWS\Rie.exe
O4 - HKCU\..\Run: [Ucb] C:\WINDOWS\Cra.exe
O4 - HKCU\..\Run: [Fds] C:\WINDOWS\Kle.exe
O4 - HKCU\..\Run: [Msf] C:\WINDOWS\Evh.exe
O4 - HKCU\..\Run: [Ptv] C:\WINDOWS\System32\Uqf.exe
O4 - HKCU\..\Run: [Evl] C:\WINDOWS\Dfr.exe
O4 - HKCU\..\Run: [Opu] C:\WINDOWS\System32\Ghr.exe
O4 - HKCU\..\Run: [Uhf] C:\WINDOWS\Hhs.exe
O4 - HKCU\..\Run: [Gqs] C:\WINDOWS\System32\Qjo.exe
O4 - HKCU\..\Run: [Ffi] C:\WINDOWS\System32\Mar.exe
O4 - HKCU\..\Run: [Cah] C:\WINDOWS\System32\Ecs.exe
O4 - HKCU\..\Run: [Nnt] C:\WINDOWS\System32\Vkp.exe
O4 - HKCU\..\Run: [Abq] C:\WINDOWS\Tuq.exe
O4 - HKCU\..\Run: [Udm] C:\WINDOWS\System32\Aql.exe
O4 - HKCU\..\Run: [Ioq] C:\WINDOWS\Flo.exe
O4 - HKCU\..\Run: [Bgq] C:\WINDOWS\Iji.exe
O4 - HKCU\..\Run: [Rvq] C:\WINDOWS\System32\Set.exe
O4 - HKCU\..\Run: [Rsr] C:\WINDOWS\Irs.exe
O4 - HKCU\..\Run: [Cut] C:\WINDOWS\System32\Aqk.exe
O4 - HKCU\..\Run: [Hbp] C:\WINDOWS\System32\Get.exe
O4 - HKCU\..\Run: [Dad] C:\WINDOWS\System32\Suf.exe
O4 - HKCU\..\Run: [Tir] C:\WINDOWS\System32\Veb.exe
O4 - HKCU\..\Run: [Vit] C:\WINDOWS\Qfk.exe
O4 - HKCU\..\Run: [Eno] C:\WINDOWS\Aln.exe
O4 - HKCU\..\Run: [Ldj] C:\WINDOWS\Hoe.exe
O4 - HKCU\..\Run: [Hok] C:\WINDOWS\Saj.exe
O4 - HKCU\..\Run: [Rqa] C:\WINDOWS\System32\Slt.exe
O4 - HKCU\..\Run: [Drb] C:\WINDOWS\System32\Dhb.exe
O4 - HKCU\..\Run: [Gqp] C:\WINDOWS\System32\Prh.exe
O4 - HKCU\..\Run: [Gsi] C:\WINDOWS\System32\Epp.exe
O4 - HKCU\..\Run: [Vsg] C:\WINDOWS\System32\Peb.exe
O4 - HKCU\..\Run: [Kkj] C:\WINDOWS\System32\Aru.exe
O4 - HKCU\..\Run: [Djm] C:\WINDOWS\System32\Kmk.exe
O4 - HKCU\..\Run: [Fvf] C:\WINDOWS\System32\Csr.exe
O4 - HKCU\..\Run: [Lkc] C:\WINDOWS\System32\Gaj.exe
O4 - HKCU\..\Run: [Rkl] C:\WINDOWS\Qrc.exe
O4 - HKCU\..\Run: [Ibh] C:\WINDOWS\Pvv.exe
O4 - HKCU\..\Run: [Dps] C:\WINDOWS\System32\Juj.exe
O4 - HKCU\..\Run: [Onk] C:\WINDOWS\Tro.exe
O4 - HKCU\..\Run: [Inj] C:\WINDOWS\Dpg.exe
O4 - HKCU\..\Run: [Uru] C:\WINDOWS\Uei.exe
O4 - HKCU\..\Run: [Irn] C:\WINDOWS\System32\Vfo.exe
O4 - HKCU\..\Run: [Aat] C:\WINDOWS\System32\Cuo.exe
O4 - HKCU\..\Run: [Mkd] C:\WINDOWS\Pcg.exe
O4 - HKCU\..\Run: [Ont] C:\WINDOWS\System32\Tjj.exe
O4 - HKCU\..\Run: [Iot] C:\WINDOWS\Tpk.exe
O4 - HKCU\..\Run: [Jqf] C:\WINDOWS\System32\Mnv.exe
O4 - HKCU\..\Run: [Ofh] C:\WINDOWS\Vap.exe
O4 - HKCU\..\Run: [Ggk] C:\WINDOWS\Lqa.exe
O4 - HKCU\..\Run: [Plm] C:\WINDOWS\System32\Khr.exe
O4 - HKCU\..\Run: [Fnd] C:\WINDOWS\System32\Jla.exe
O4 - HKCU\..\Run: [Pvr] C:\WINDOWS\Aiq.exe
O4 - HKCU\..\Run: [Uhi] C:\WINDOWS\System32\Fik.exe
O4 - HKCU\..\Run: [Ffl] C:\WINDOWS\System32\Hoh.exe
O4 - HKCU\..\Run: [Fav] C:\WINDOWS\Gka.exe
O4 - HKCU\..\Run: [Orp] C:\WINDOWS\Hsi.exe
O4 - HKCU\..\Run: [Upr] C:\WINDOWS\Jro.exe
O4 - HKCU\..\Run: [Avt] C:\WINDOWS\System32\Vfv.exe
O4 - HKCU\..\Run: [Vkm] C:\WINDOWS\System32\Pkn.exe
O4 - HKCU\..\Run: [Rbn] C:\WINDOWS\Kkm.exe
O4 - HKCU\..\Run: [Etc] C:\WINDOWS\Qhl.exe
O4 - HKCU\..\Run: [Mts] C:\WINDOWS\Qti.exe
O4 - HKCU\..\Run: [Gkd] C:\WINDOWS\Cef.exe
O4 - HKCU\..\Run: [Tnk] C:\WINDOWS\System32\Qkt.exe
O4 - HKCU\..\Run: [Por] C:\WINDOWS\Lmp.exe
O4 - HKCU\..\Run: [Jmn] C:\WINDOWS\Cqc.exe
O4 - HKCU\..\Run: [Pen] C:\WINDOWS\Tng.exe
O4 - HKCU\..\Run: [Cql] C:\WINDOWS\System32\Ffr.exe
O4 - HKCU\..\Run: [Lcj] C:\WINDOWS\Qhi.exe
O4 - HKCU\..\Run: [Isr] C:\WINDOWS\System32\Rtl.exe
O4 - HKCU\..\Run: [Vli] C:\WINDOWS\Rqp.exe
O4 - HKCU\..\Run: [Eit] C:\WINDOWS\Pnh.exe
O4 - HKCU\..\Run: [Ham] C:\WINDOWS\System32\Iif.exe
O4 - HKCU\..\Run: [Hko] C:\WINDOWS\System32\Hdc.exe
O4 - HKCU\..\Run: [Jnu] C:\WINDOWS\Iee.exe
O4 - HKCU\..\Run: [Fvq] C:\WINDOWS\Ggm.exe
O4 - HKCU\..\Run: [Umf] C:\WINDOWS\System32\Fqg.exe
O4 - HKCU\..\Run: [Phf] C:\WINDOWS\System32\Ktf.exe
O4 - HKCU\..\Run: [Aog] C:\WINDOWS\Uoe.exe
O4 - HKCU\..\Run: [Unk] C:\WINDOWS\Mrm.exe
O4 - HKCU\..\Run: [Hmg] C:\WINDOWS\System32\Icl.exe
O4 - HKCU\..\Run: [Gng] C:\WINDOWS\System32\Tak.exe
O4 - HKCU\..\Run: [Vqc] C:\WINDOWS\Pvb.exe
O4 - HKCU\..\Run: [Dss] C:\WINDOWS\Rhl.exe
O4 - HKCU\..\Run: [Jqe] C:\WINDOWS\System32\Ibj.exe
O4 - HKCU\..\Run: [Kvb] C:\WINDOWS\Pqk.exe
O4 - HKCU\..\Run: [Src] C:\WINDOWS\Ulc.exe
O4 - HKCU\..\Run: [Lrf] C:\WINDOWS\Gve.exe
O4 - HKCU\..\Run: [Lnq] C:\WINDOWS\Jph.exe
O4 - HKCU\..\Run: [Rsc] C:\WINDOWS\System32\Riu.exe
O4 - HKCU\..\Run: [Pme] C:\WINDOWS\System32\Nql.exe
O4 - HKCU\..\Run: [Tus] C:\WINDOWS\System32\Qrf.exe
O4 - HKCU\..\Run: [Lfu] C:\WINDOWS\System32\Qip.exe
O4 - HKCU\..\Run: [Ast] C:\WINDOWS\Oac.exe
O4 - HKCU\..\Run: [Uts] C:\WINDOWS\System32\Jrf.exe
O4 - HKCU\..\Run: [Sff] C:\WINDOWS\Lqt.exe
O4 - HKCU\..\Run: [Kap] C:\WINDOWS\Bba.exe
O4 - HKCU\..\Run: [Lcv] C:\WINDOWS\Ovk.exe
O4 - HKCU\..\Run: [Bae] C:\WINDOWS\Pfq.exe
O4 - HKCU\..\Run: [Rlo] C:\WINDOWS\Bjg.exe
O4 - HKCU\..\Run: [Dec] C:\WINDOWS\Gjc.exe
O4 - HKCU\..\Run: [Igg] C:\WINDOWS\Pjl.exe
O4 - HKCU\..\Run: [Hrk] C:\WINDOWS\Htk.exe
O4 - HKCU\..\Run: [Orn] C:\WINDOWS\System32\Sfu.exe
O4 - HKCU\..\Run: [Peq] C:\WINDOWS\Pjj.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\GetRight\GetRight\GRdownload.htm
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Dave Goddard.DAVE\Application Data\Mozilla\Firefox\Profiles\wcvdf4sd.Default User\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Open with GetRight Browser - C:\GetRight\GetRight\GRbrowse.htm
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Dave Goddard.DAVE\Application Data\Mozilla\Firefox\Profiles\wcvdf4sd.Default User\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: f3dsl - MSplg7.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#8 Kat

Group: Retired Staff
Posts: 19,704
Joined: 05-April 05

Posted 05 May 2005 - 07:11 PM

C:\WINDOWS\System32\Iqj.exe

follow my earlier directions the same way, starting with step #2 again..only use that file name above instead of the original one.

#9 Discogod

Group: Member
Posts: 12
Joined: 02-May 05

Posted 06 May 2005 - 05:39 PM

thanks alot Kat. I've done as you've said from step 2 onwards.

encoutered only 1 problem, when running ewido security suite it was somewhere between 92% & 100% & it shut itself down with one of those XP time-out messages (sorry, hard to explain).

here's my new log looking very much cleaner! on the last reboot just now, no pop-ups at all! thanks so much for your help, hopefully i shan't need to pop back! many thanks

#10 Kat

Group: Retired Staff
Posts: 19,704
Joined: 05-April 05

Posted 06 May 2005 - 05:52 PM

Let me see that HJT log so we can be sure we got it all.

#11 Discogod

Group: Member
Posts: 12
Joined: 02-May 05

Posted 06 May 2005 - 05:56 PM

duuuuh i'm so stupid sometimes!

Logfile of HijackThis v1.99.1
Scan saved at 00:56:05, on 07/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Free Surfer\fs20.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\cidaemon.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [freesurfer] C:\Program Files\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\GetRight\GetRight\GRdownload.htm
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Dave Goddard.DAVE\Application Data\Mozilla\Firefox\Profiles\wcvdf4sd.Default User\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Open with GetRight Browser - C:\GetRight\GetRight\GRbrowse.htm
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Dave Goddard.DAVE\Application Data\Mozilla\Firefox\Profiles\wcvdf4sd.Default User\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#12 Kat

Group: Retired Staff
Posts: 19,704
Joined: 05-April 05

Posted 06 May 2005 - 06:00 PM

you're not stupid! I have tons of Posted Image

every day, so it's all good!

Give me a couple of minutes to scan thru the log

#13 Discogod

Group: Member
Posts: 12
Joined: 02-May 05

Posted 06 May 2005 - 06:03 PM

hehe thanks.

I assume it's safe to upgrade to XP service pack 2 now aswell?

#14 Kat

Group: Retired Staff
Posts: 19,704
Joined: 05-April 05

Posted 06 May 2005 - 06:05 PM

now *THAT* is a much prettier hjt log!!!!

we're just about there!

Open HJT and scan for a log. Close ALL programs, internet connections, browsers, etc. Put a check next to the following and click "Fix". Then reboot and let me peek at one last HJT log!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - Default URLSearchHook is missing

#15 Discogod

Group: Member
Posts: 12
Joined: 02-May 05

Posted 06 May 2005 - 06:10 PM

please excuse the blonde moment, but how do you shut off internet connections when i'm on broadband? (short of pulling the cable out!)

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages
1
2
→

Please log in to reply

Trojans & auto-emails, help please :)[RESOLVED] - Geeks to Go Forums