Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

PLEASE HELP! My internet is messed up!

Started by crimsoncuda , May 11 2005 02:23 PM

This topic is locked

#16
crimsoncuda

Posted 17 May 2005 - 09:27 PM

Member

Topic Starter
Member
25 posts

I don't believe this laptop has a firewall. I did, however, try to turn the internet security to below medium and the same thing is happening. This is really frustrating.

Edited by crimsoncuda, 17 May 2005 - 09:27 PM.

#17
coachwife6

Posted 18 May 2005 - 08:13 PM

SuperStar

Retired Staff
11,413 posts

This is really not my area of expertise. I work on hijack this logs and clean up malware. You might try the microsoft forums and explain what problem you're having regarding windows updates.

If you are running Windows XP, go to My computer>>help>>is my version of windows legal

#18
crimsoncuda

Posted 20 May 2005 - 06:19 PM

Member

Topic Starter
Member
25 posts

Lets try this again, here's my hijacklog:

Logfile of HijackThis v1.99.1
Scan saved at 5:15:51 PM, on 5/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\CePMTray.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hotecell.exe
C:\WINDOWS\System32\hlig57j6.exe
C:\program files\tvs\tvs_b.exe
C:\WINDOWS\System32\combop.exe
C:\WINDOWS\System32\combo.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\HijackThis.exe
C:\PROGRA~1\Toolbar\tbps.exe
C:\PROGRA~1\Toolbar\PIB.exe
c:\PROGRA~1\Toolbar\radio.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50245
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50245
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [37Ek3pg] hotecell.exe
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\roe\LOCALS~1\Temp\ICD1.tmp\svcmm32.exe" /startup
O4 - HKLM\..\Run: [hlig57j6] C:\WINDOWS\System32\hlig57j6.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [fc42m] C:\WINDOWS\System32\fc42m.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115312308842
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#19
coachwife6

Posted 20 May 2005 - 11:19 PM

SuperStar

Retired Staff
11,413 posts

How did you get it to update?

#20
coachwife6

Posted 20 May 2005 - 11:22 PM

SuperStar

Retired Staff
11,413 posts

First, get rid of NewDotNet. Go to Control Panel:Add/Remove Programs and remove it. If it is not there, go here and follow Procedure 4: http://www.newdotnet.com

#21
coachwife6

Posted 20 May 2005 - 11:29 PM

SuperStar

Retired Staff
11,413 posts

Please Download CoolWebShredder, from http://www.geekstogo...=download&id=17 , Extract it & run the program. Click the Next Button & let it scan. Make sure you let it fix all CWS Remnants. Afterwards, Please Post a fresh Hijack This log.

Please set your system to show
all hidden files; please see here if you're unsure how to do this.

Please download LSPfix and save it to the Desktop and unzip it.

Press Control-Alt-Del to enter the Task Manager.

Click on the Processes tab and end the following processes:

C:\WINDOWS\System32\combop.exe
C:\WINDOWS\System32\combo.exe
C:\PROGRA~1\Toolbar\PIB.exe
c:\PROGRA~1\Toolbar\radio.exe
Exit the Task Manager when finished.

Run LSPfix and place a check against the I know what I am doing checkbox.

Highlight every instance of the following names and move them from the Keep to the Remove panel. Be sure to move nothing other than the files listed below!

flsmngr.dll

When done, click on Finish to exit the program; do not use the X in the top right-hand corner as nothing will happen!

Close all programs and all windows, leaving only HijackThis running. Please disconnect from the internet. Place a check narj against each of the following, making sure you get each one and not any others by mistake:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50245
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50245
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\roe\LOCALS~1\Temp\ICD1.tmp\svcmm32.exe" /startup
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\System32\combop.exe
C:\WINDOWS\System32\combo.exe
C:\PROGRA~1\Toolbar\<<entire folder
C:\PROGRA~1\COMMON~1\WinTools\<<entire folder
c:\Program Files\Fln<<entire folder
C:\DOCUME~1\roe\LOCALS~1\Temp\ICD1.tmp\svcmm32.exe
combop.exe
combo.exe
C:\Program Files\Common Files\Java\flncpy.exe
C:\WINDOWS\zeta.exe

Exit Explorer, and reboot as normal afterwards.

If you were unable to find any of the files then please follow these additional instructions:

Download Pocket Killbox and unzip it; save it to your Desktop.

Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

Let the system reboot.

Please reboot and post a fresh HijackThis log and we will take another look to see how we did.

#22
crimsoncuda

Posted 21 May 2005 - 01:04 AM

Member

Topic Starter
Member
25 posts

I took the update number and did a search in the Microsoft website and had to download that and the sp1 that way, now my automatic update works so I downloaded sp2, I added a firewall and an antivirus and did a boot up scan w/the antivirus, please tell me if I should take the same steps you discussed after seeing my new hijacklog, thanks. By the way, the computer works much better after the service pack downloads; however, I know there's still malware on here. Sorry it's so long.

Logfile of HijackThis v1.99.1
Scan saved at 11:54:58 PM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\CePMTray.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\program files\tvs\tvs_b.exe
C:\WINDOWS\system32\combop.exe
C:\WINDOWS\system32\combo.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\SMARTD~1\SDPhotoBar.exe
C:\windows\pelblog.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [37Ek3pg] hotecell.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [fc42m] C:\WINDOWS\System32\fc42m.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SDPhotoBar.exe] C:\SMARTD~1\SDPhotoBar.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [IwxqRfM2e] ssdcui.exe
O4 - HKCU\..\Run: [liospst] c:\windows\pelblog.exe
O4 - HKCU\..\Run: [eaqtyed] c:\windows\pelblog.exe
O4 - HKCU\..\Run: [xgprklv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sgmbbvc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [upviaiu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xevsjiw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vmwiuoc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qbegkmu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [congdka] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [krsenuf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [odwfxdm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ajuqhtu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eppsovy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gyriyvu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kuscnug] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bjtqijo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jyehkmn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uybkbby] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [llrgtrg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iwarqjy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [monlilp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fhibfvh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sajstld] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [etacgda] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xdeoepl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kqbdqto] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ryjjxic] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cxuonvc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kkrnipg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vyremnw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ulminqw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jltapks] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fjrmgbj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xmphmjk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xjkvasu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gbtdsul] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tjuktty] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [faaudbk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pnvulen] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qbvfxfx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ajmvpbf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eewuked] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sajocdd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hokrgdt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tbeptpc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [imxccht] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [thjqoia] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [luyaftn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hdymcbi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xpnocel] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kgbfrjs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ffdciao] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sktwntk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gmnddxc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [srfcnyc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [voqfntb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kadnqmk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aqlixhh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xeidaxa] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ljenmax] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kqffebc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ahfyvpm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [omldkom] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gujyher] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xrshfxp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gjcvcgq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eqfjqtl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cbsroao] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [skurwgr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rdtnmqi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ihokveu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tlnxffg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pdbhraj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mvewnpq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qnxrsli] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [psurqfx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vmktxhd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ljludjc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rmagakn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wdhhgoe] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pqcgckq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oexbwup] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [titmwfu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dojeady] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hgnymeu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jmwrpsl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dkjsnmb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rxwnpen] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fwkckxr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jpuarya] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pneyjsx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dfgdgpj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tdkduyk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oaaaoqc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wcmpqfo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sqhstgd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cviwple] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tmuhdfk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bhtbuir] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [syfcgwm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hdvdeuc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [emgnhux] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xkhjavh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [colillg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [curbrve] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [regkgin] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rthekxw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nquyekf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [djhfuxh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kqjcatb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cdteukg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [joehrra] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kjabsed] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bevxucf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aupsxyj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qsofibd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ulvsaqy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kgnhnvo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wvfvvjj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sddxtfy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lonqsnw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [taseham] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [desponq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rfxqlan] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eghgcik] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jdhvphw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pxvaivm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tgxefqm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wrattbr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [thjpakm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [akuncgh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [upcplte] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fxyqklg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [meokocl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iogxali] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qqcfuum] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qgwnxbe] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [csrncmm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ixevths] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pdivmdq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hbwvfnq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aktlrcu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wvaodnm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [akxvqbn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yhhihui] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qdygggx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ovhqilg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jnppagc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [amsawfy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dvonwyt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wqvqnul] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bksgcvu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ibyrxso] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mjvaenk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yirsedb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rcymuqh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fjupved] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ercdwge] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sqsmnsq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mxqcseh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mcgibis] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oilyeyo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mecobff] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tsgqucq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cgcgkfj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jewrffc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lkrgwhh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mxsklfi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lkegrdy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ybeikeh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ycjighs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kwergsg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yydqydh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aotncbq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bhwrybp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uyxuinf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lgjobvw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [spwdsio] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vpoyskk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [trjqscu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nrdwywy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [khdansf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dlpiqdq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rbahvyp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bdfrick] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vfunuqn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ncubsgb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qrjxyvr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rxadvnt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vtpkjce] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dxkhgfj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wxtipty] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cbndqty] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mcokbdk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yrivfch] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hdonagw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qlgvycm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rngydtd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gpvorqo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rtttomk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qeaqhrg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qpgvrnr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [blpknsr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lthvfra] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vmapwsk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hgnwdgv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lcqsjga] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vlnbxao] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [adtgjuk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ncerpnv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iffkopq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [marrdxi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bmbgata] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yoihlue] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mxscfni] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sjkxelu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [utscfea] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eceuoop] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fpugurl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eswipdt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fgvtwkj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ehvgyod] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tkdqpma] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cmsryjc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wjknywy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [telbbxu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uehcdok] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [unvouqv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oyklxdt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ggtwgmv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qsydnsm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hkpdjpc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [llweadp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lxofhtk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yepsbjn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [imlpaiv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qanqtkb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pkddsip] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cwoxllb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ffdipkb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uvytnfo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kdmyiyn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kuxqmuu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aflbxfn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hhmbvth] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rsgyntw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wqlfijv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [epgxfew] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rwcivla] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tnpaxkk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mbmcxge] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tblbltk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [luhmtvc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xibhofg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pscsqwy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cyvcaud] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bahbhgk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tapypol] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lrsakmj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ytbdtrp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ndpycki] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ujqynxk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nnhckwl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jcohyly] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [achhecp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qosmsye] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fjdakac] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oupiicv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [byrtjej] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tcruvaf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ujxmfvb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wlcnnpg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cilqupx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pflbivh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [momkavu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xenduin] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wlligaw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hucpsjq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gjyuawo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cbxffck] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yhrxpla] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xardhhp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [toohrqb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ajxjefs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dakgiwb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xxgbetv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mnotjqq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yomhvao] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rusdwiv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ufsgefb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iliiood] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hpynrtc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ekukfvg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fxxuwtc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wocrkit] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xcbdqwm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nasmcby] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [objtjjt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dfxafjg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sopjvix] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rsmxoyl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ojhokvv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pdvortl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yltlwnn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ylriond] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mvqabhy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [applrln] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [totekrg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nkwxclx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qvwuaep] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ornfijw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oyuohbt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uyditro] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xcbicka] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mgsnqry] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mmerkwp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wedajni] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [acperuc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lluawbi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tobetwv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cregcqx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dglyeyl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wowsepm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [itmcegh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gdasenr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fxtbhre] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qnndojw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [csjlmvd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eesebmf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mvcdrax] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gvskxhw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jlhafnd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [grwbdxm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vedxint] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kwrlamn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nnoywcm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qdfgblt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jqsywkf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ldbkckt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dfbokrr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xnuxcdn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [outffvb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sglmibd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qqfvryn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ittypsk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [chhqtxi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ciumheu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rdahvec] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ltlsqtc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yvffabh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iebogjl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ogvowio] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jpewfuh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cqhfyah] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ngdytkj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qbmewof] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jtewrms] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rjhfoiu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rcxpyhd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vgydrgj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ejsvjaa] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [soorcdi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xkgwemv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bioqeyk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lgwcwam] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kphnorg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dgqhegt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oxtxrdn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ifnxpwm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mbhaikv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ffnbsll] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nvfqorv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sgfgccu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [utwijbg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qrwycgs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jhnwotf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uqghmcb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sdcfsxi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yxmxguj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gdjnfkf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lekjbrk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ofetccp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cinsmvj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kxihjfd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sjdlngn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yxyccmj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sourwro] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tgvcodv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [griupsm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kinxthi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yvnjpiw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hwdymwt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qogyicx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pqimauu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qbgflua] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iwgpjeu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xuncpgr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bqvxaan] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rvyigil] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fxudlog] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eqctnlv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fpxfsko] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rbucgkl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ohetles] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pyduwjv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [frjtilk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hreuqey] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uhembhf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ikxuqgf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [edyblpr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pdnoako] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qgdtecw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ptyxhhl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qeqkwoj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rnmrqvk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iuuellb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jxqkjmf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cqaqxok] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wrqqdga] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hdjfwif] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oglnsgd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [etstsgx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lmmpptm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lyhuauu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tqsahgq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lraqvgb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uwmbjxg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sygellh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kuswdqc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [niaspdu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ajwthax] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ltbkjib] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jikgcoo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tvirpod] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jtqedbo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [shtfvkh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gbmphxv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nrgdbrt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ovlgceh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aulnjmc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dbjyltk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ruqhhcg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jeqcfth] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lfchiod] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oychgoh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aurshft] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [amervoy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kfqchyv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kedgadb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [shdywie] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kujoawo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tmavmng] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [axoxwds] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [utwhlww] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [apemywi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ltumltw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tntjmat] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mdhgcpu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [udselrk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vijsdfu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nonofhw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [srumhrj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ckquinq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [juvqpil] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bdxuqve] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ohblhag] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qnsbxcs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pqwjjxo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jwhodvv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qrsyljo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kwalkma] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aetusgi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jjbfdeh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [prratnq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [teqeipk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gwdllgy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [beumrob] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ldnigpb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [avuwbhk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rkguapa] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [badltqp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fkwflaj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tatddib] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [raoicda] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gbpyvik] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cifcuuk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pxrityt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [goavatp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ucsphwv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bosidyv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dxqfgvj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gsopdwk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aowaree] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jsjuahl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [trmrmgx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [agopkjx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lyfylsi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ulsqhxs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xmvlfju] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tcknran] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qxosedy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [huxwmec] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [skdqrkm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wrlfglj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fjmacyn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ehrhfds] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dgfpyts] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pxepfni] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rtclkhw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ueetrkl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pfrmjhd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gqxgwiy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nickyom] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vmwkyqt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [knobajk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [royaipl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xcprlxh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [umtusrs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ebkgbgf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xohturk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bffcylp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mnybjnw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ejaxjea] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kwqdbvc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mdvfjhb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [imvhqrg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [auqptjd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [djddlmi] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [nkyxyna] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [yirfakq] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [nvglhkk] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [iqhwfkn] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [oejcpqm] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [ygsdmvk] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [anhumiq] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [uymsvhg] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [jgcsdsb] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [nwgcggj] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [yvgadfr] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [rnawgny] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [slewilb] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [sduhgwq] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [tjyviqg] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [hfbuvfg] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [ymfmpiq] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [vxnycej] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [rmwamhu] c:\windows\xtdemij.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {35688650-8BD1-48E5-99F7-CD481E92E2BF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {35688650-8BD1-48E5-99F7-CD481E92E2BF} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115312308842
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#23
coachwife6

Posted 21 May 2005 - 07:16 AM

SuperStar

Retired Staff
11,413 posts

You should not have updated to SP2 until you were clean. I think I covered that earlier, but we will continue to work on it.

I have to do something for my job right now, but will try to get back with you soon.

Yes, you do have malware and it has spawned new life.

#24
coachwife6

Posted 21 May 2005 - 03:57 PM

SuperStar

Retired Staff
11,413 posts

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of flsmngr.dll. Reboot.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:

C:\WINDOWS\system32\combop.exe
C:\WINDOWS\system32\combo.exe
C:\windows\pelblog.exe

Exit Task Manager.

I need you to copy all of the Killbox file paths below and paste them into Notepad.

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.
Unzip it to the desktop.

* Please run Killbox.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting them and pressing CTRL + C:

C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

Open Notepad. Copy EVERYTHING in the box below and paste it into a new notepad file. Change the 'Save As Type' to "All Files" and save it as fix.reg on your desktop. Make sure there is NO blank line above REGEDIT4:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"notepad.exe"=-
"notepad2.exe"=-
"winlogon.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"WallpaperStyle"=-
"Wallpaper"=-
"NoDispBackgroundPage"=-
"NoDispAppearancePage"=-

[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=-
"WallpaperStyle"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"NoActiveDesktop"=-
"NoSaveSettings"=-
"ClassicShell"=-
"NoThemesTab"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-

Locate fix.reg on your desktop and doubleclick on it. When asked if you want to merge with the registry click YES. After you receive the prompt "merged successfully", follow the rest of instructions below.

1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right Click HERE and go to Save As in order to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

Reboot your computer

Run Hijack This and put a checkmark next to these.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapp...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [37Ek3pg] hotecell.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [fc42m] C:\WINDOWS\System32\fc42m.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SDPhotoBar.exe] C:\SMARTD~1\SDPhotoBar.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [IwxqRfM2e] ssdcui.exe
O4 - HKCU\..\Run: [liospst] c:\windows\pelblog.exe
O4 - HKCU\..\Run: [eaqtyed] c:\windows\pelblog.exe
O4 - HKCU\..\Run: [xgprklv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sgmbbvc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [upviaiu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xevsjiw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vmwiuoc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qbegkmu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [congdka] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [krsenuf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [odwfxdm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ajuqhtu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eppsovy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gyriyvu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kuscnug] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bjtqijo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jyehkmn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uybkbby] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [llrgtrg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iwarqjy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [monlilp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fhibfvh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sajstld] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [etacgda] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xdeoepl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kqbdqto] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ryjjxic] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cxuonvc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kkrnipg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vyremnw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ulminqw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jltapks] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fjrmgbj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xmphmjk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xjkvasu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gbtdsul] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tjuktty] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [faaudbk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pnvulen] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qbvfxfx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ajmvpbf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eewuked] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sajocdd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hokrgdt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tbeptpc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [imxccht] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [thjqoia] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [luyaftn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hdymcbi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xpnocel] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kgbfrjs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ffdciao] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sktwntk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gmnddxc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [srfcnyc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [voqfntb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kadnqmk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aqlixhh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xeidaxa] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ljenmax] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kqffebc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ahfyvpm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [omldkom] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gujyher] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xrshfxp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gjcvcgq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eqfjqtl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cbsroao] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [skurwgr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rdtnmqi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ihokveu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tlnxffg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pdbhraj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mvewnpq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qnxrsli] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [psurqfx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vmktxhd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ljludjc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rmagakn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wdhhgoe] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pqcgckq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oexbwup] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [titmwfu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dojeady] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hgnymeu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jmwrpsl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dkjsnmb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rxwnpen] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fwkckxr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jpuarya] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pneyjsx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dfgdgpj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tdkduyk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oaaaoqc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wcmpqfo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sqhstgd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cviwple] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tmuhdfk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bhtbuir] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [syfcgwm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hdvdeuc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [emgnhux] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xkhjavh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [colillg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [curbrve] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [regkgin] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rthekxw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nquyekf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [djhfuxh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kqjcatb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cdteukg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [joehrra] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kjabsed] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bevxucf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aupsxyj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qsofibd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ulvsaqy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kgnhnvo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wvfvvjj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sddxtfy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lonqsnw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [taseham] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [desponq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rfxqlan] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eghgcik] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jdhvphw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pxvaivm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tgxefqm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wrattbr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [thjpakm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [akuncgh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [upcplte] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fxyqklg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [meokocl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iogxali] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qqcfuum] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qgwnxbe] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [csrncmm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ixevths] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pdivmdq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hbwvfnq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aktlrcu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wvaodnm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [akxvqbn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yhhihui] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qdygggx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ovhqilg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jnppagc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [amsawfy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dvonwyt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wqvqnul] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bksgcvu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ibyrxso] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mjvaenk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yirsedb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rcymuqh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fjupved] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ercdwge] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sqsmnsq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mxqcseh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mcgibis] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oilyeyo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mecobff] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tsgqucq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cgcgkfj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jewrffc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lkrgwhh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mxsklfi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lkegrdy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ybeikeh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ycjighs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kwergsg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yydqydh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aotncbq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bhwrybp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uyxuinf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lgjobvw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [spwdsio] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vpoyskk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [trjqscu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nrdwywy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [khdansf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dlpiqdq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rbahvyp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bdfrick] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vfunuqn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ncubsgb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qrjxyvr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rxadvnt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vtpkjce] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dxkhgfj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wxtipty] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cbndqty] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mcokbdk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yrivfch] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hdonagw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qlgvycm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rngydtd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gpvorqo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rtttomk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qeaqhrg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qpgvrnr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [blpknsr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lthvfra] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vmapwsk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hgnwdgv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lcqsjga] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vlnbxao] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [adtgjuk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ncerpnv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iffkopq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [marrdxi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bmbgata] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yoihlue] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mxscfni] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sjkxelu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [utscfea] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eceuoop] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fpugurl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eswipdt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fgvtwkj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ehvgyod] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tkdqpma] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cmsryjc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wjknywy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [telbbxu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uehcdok] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [unvouqv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oyklxdt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ggtwgmv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qsydnsm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hkpdjpc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [llweadp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lxofhtk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yepsbjn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [imlpaiv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qanqtkb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pkddsip] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cwoxllb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ffdipkb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uvytnfo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kdmyiyn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kuxqmuu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aflbxfn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hhmbvth] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rsgyntw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wqlfijv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [epgxfew] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rwcivla] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tnpaxkk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mbmcxge] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tblbltk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [luhmtvc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xibhofg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pscsqwy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cyvcaud] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bahbhgk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tapypol] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lrsakmj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ytbdtrp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ndpycki] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ujqynxk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nnhckwl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jcohyly] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [achhecp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qosmsye] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fjdakac] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oupiicv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [byrtjej] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tcruvaf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ujxmfvb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wlcnnpg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cilqupx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pflbivh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [momkavu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xenduin] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wlligaw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hucpsjq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gjyuawo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cbxffck] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yhrxpla] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xardhhp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [toohrqb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ajxjefs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dakgiwb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xxgbetv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mnotjqq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yomhvao] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rusdwiv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ufsgefb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iliiood] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hpynrtc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ekukfvg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fxxuwtc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wocrkit] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xcbdqwm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nasmcby] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [objtjjt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dfxafjg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sopjvix] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rsmxoyl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ojhokvv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pdvortl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yltlwnn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ylriond] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mvqabhy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [applrln] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [totekrg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nkwxclx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qvwuaep] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ornfijw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oyuohbt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uyditro] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xcbicka] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mgsnqry] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mmerkwp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wedajni] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [acperuc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lluawbi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tobetwv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cregcqx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dglyeyl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wowsepm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [itmcegh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gdasenr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fxtbhre] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qnndojw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [csjlmvd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eesebmf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mvcdrax] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gvskxhw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jlhafnd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [grwbdxm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vedxint] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kwrlamn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nnoywcm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qdfgblt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jqsywkf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ldbkckt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dfbokrr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xnuxcdn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [outffvb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sglmibd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qqfvryn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ittypsk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [chhqtxi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ciumheu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rdahvec] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ltlsqtc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yvffabh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iebogjl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ogvowio] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jpewfuh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cqhfyah] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ngdytkj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qbmewof] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jtewrms] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rjhfoiu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rcxpyhd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vgydrgj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ejsvjaa] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [soorcdi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xkgwemv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bioqeyk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lgwcwam] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kphnorg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dgqhegt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oxtxrdn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ifnxpwm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mbhaikv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ffnbsll] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nvfqorv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sgfgccu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [utwijbg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qrwycgs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jhnwotf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uqghmcb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sdcfsxi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yxmxguj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gdjnfkf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lekjbrk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ofetccp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cinsmvj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kxihjfd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sjdlngn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yxyccmj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sourwro] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tgvcodv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [griupsm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kinxthi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [yvnjpiw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hwdymwt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qogyicx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pqimauu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qbgflua] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iwgpjeu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xuncpgr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bqvxaan] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rvyigil] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fxudlog] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [eqctnlv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fpxfsko] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rbucgkl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ohetles] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pyduwjv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [frjtilk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hreuqey] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uhembhf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ikxuqgf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [edyblpr] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pdnoako] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qgdtecw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ptyxhhl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qeqkwoj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rnmrqvk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [iuuellb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jxqkjmf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cqaqxok] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wrqqdga] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [hdjfwif] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oglnsgd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [etstsgx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lmmpptm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lyhuauu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tqsahgq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lraqvgb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [uwmbjxg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [sygellh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kuswdqc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [niaspdu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ajwthax] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ltbkjib] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jikgcoo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tvirpod] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jtqedbo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [shtfvkh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gbmphxv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nrgdbrt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ovlgceh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aulnjmc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dbjyltk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ruqhhcg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jeqcfth] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lfchiod] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [oychgoh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aurshft] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [amervoy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kfqchyv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kedgadb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [shdywie] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kujoawo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tmavmng] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [axoxwds] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [utwhlww] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [apemywi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ltumltw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tntjmat] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mdhgcpu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [udselrk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vijsdfu] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nonofhw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [srumhrj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ckquinq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [juvqpil] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bdxuqve] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ohblhag] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qnsbxcs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pqwjjxo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jwhodvv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qrsyljo] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kwalkma] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aetusgi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jjbfdeh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [prratnq] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [teqeipk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gwdllgy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [beumrob] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ldnigpb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [avuwbhk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rkguapa] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [badltqp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fkwflaj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tatddib] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [raoicda] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gbpyvik] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [cifcuuk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pxrityt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [goavatp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ucsphwv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bosidyv] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dxqfgvj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gsopdwk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [aowaree] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [jsjuahl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [trmrmgx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [agopkjx] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [lyfylsi] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ulsqhxs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xmvlfju] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [tcknran] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [qxosedy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [huxwmec] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [skdqrkm] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [wrlfglj] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [fjmacyn] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ehrhfds] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [dgfpyts] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pxepfni] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [rtclkhw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ueetrkl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [pfrmjhd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [gqxgwiy] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [nickyom] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [vmwkyqt] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [knobajk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [royaipl] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xcprlxh] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [umtusrs] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ebkgbgf] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [xohturk] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [bffcylp] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mnybjnw] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [ejaxjea] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [kwqdbvc] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [mdvfjhb] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [imvhqrg] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [auqptjd] c:\windows\yutltpg.exe
O4 - HKCU\..\Run: [djddlmi] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [nkyxyna] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [yirfakq] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [nvglhkk] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [iqhwfkn] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [oejcpqm] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [ygsdmvk] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [anhumiq] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [uymsvhg] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [jgcsdsb] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [nwgcggj] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [yvgadfr] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [rnawgny] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [slewilb] c:\windows\rptlsdh.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [sduhgwq] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [tjyviqg] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [hfbuvfg] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [ymfmpiq] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [vxnycej] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [rmwamhu] c:\windows\xtdemij.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\Toolbar\navigate.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Microsoft AntiSpyware helper - {35688650-8BD1-48E5-99F7-CD481E92E2BF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {35688650-8BD1-48E5-99F7-CD481E92E2BF} - (no file) (HKCU)

O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

Reboot into safe mode and find these files and get rid of them.'

C:\WINDOWS\system32\combop.exe
C:\WINDOWS\system32\combo.exe
C:\windows\pelblog.exe
C:\Program Files\Common Files\Java\flncpy.exe
ssdcui.exe
c:\windows\yutltpg.exe

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

#25
crimsoncuda

Posted 24 May 2005 - 02:30 AM

Member

Topic Starter
Member
25 posts

Here is my virus scan, it doesn't look too good :tazz:

. I wasn't able to find that ssdcui.exe file that I was supposed to delete in the final steps before the virus scan.

Incident Status Location

Virus:Trj/Small.LQ Disinfected Operating system
Adware:Adware/Findspy No disinfected C:\windows\xtdemij.exe
Adware:Adware/Findspy No disinfected c:\windows\xtdemij.exe
Adware:Adware/Findspy No disinfected c:\windows\jepiiic.exe
Adware:Adware/Findspy No disinfected c:\windows\ksaybek.exe
Adware:Adware/Findspy No disinfected c:\windows\twptixj.exe
Adware:Adware/Findspy No disinfected c:\windows\kxqlwki.exe
Adware:Adware/Findspy No disinfected c:\windows\kltgwcc.exe
Adware:Adware/Findspy No disinfected c:\windows\yvbxivy.exe
Adware:Adware/Findspy No disinfected c:\windows\tuxfxmh.exe
Adware:Adware/Findspy No disinfected c:\windows\rysuisu.exe
Spyware:Spyware/CommonName No disinfected C:\Documents and Settings\roe\Application Data\CommonName
Spyware:Spyware/Cydoor No disinfected Windows Registry
Spyware:Spyware/New.net No disinfected C:\Program Files\NewDotNet
Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\bbchk.exe
Adware:Adware/nCase No disinfected Windows Registry
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\BDE
Spyware:Spyware/AdClicker No disinfected Windows Registry
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/SAHAgent No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\WinTools
Adware:Adware/VirtualBouncer No disinfected C:\Documents and Settings\All Users\Application Data\VBouncer
Adware:Adware/Sqwire No disinfected Windows Registry
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\roe\Application Data\Lycos
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\polall1r.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates*.exe
Adware:Adware/Twain-Tech No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\ide21201.vxd
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\System32\BDEinsta25.dll
Adware:Adware/ExactSearch No disinfected Windows Registry
Adware:Adware/Megasearch No disinfected C:\WINDOWS\system32\MegasearchBarSetup.exe
Adware:Adware/MyWebSearch No disinfected Windows Registry
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\msxmidi.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\Common Files\java\bcre.exe
Spyware:Spyware/SurfSideKick No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINDOWS\dlmax.dll
Adware:Adware/Adsmart No disinfected C:\WINDOWS\System32\thun32.dll
Adware:Adware/IGuard No disinfected Windows Registry
Adware:Adware/Findspy No disinfected C:\Documents and Settings\roe\Favorites\ FREE Access to 800 Paid sites.url
Adware:Adware/Findspy No disinfected C:\Documents and Settings\roe\Favorites\ Free Hidden Cams World - Realtime.url
Adware:Adware/Findspy No disinfected C:\Documents and Settings\roe\Favorites\ Free Spy Cam - Realtime.url
Adware:Adware/BroadcastPC No disinfected C:\Program Files\Bcpc\bcpc.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\Bcpc\bcpc_c.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\Bcpc\bcre_inst.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\Common Files\Java\bcre.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\Common Files\Java\tvs_re_inst.exe
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\WinTools\WSup.exe
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\WinTools\WToolsA.exe
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\WinTools\WToolsD.cfg
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\zzqm\zzqmd\zzqmc.dll
Adware:Adware/SideFind No disinfected C:\Program Files\Common Files\zzqm\zzqmp.exe
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccC.dll
Adware:Adware/MediaTickets No disinfected C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access\MediaAccK.exe
Spyware:Spyware/New.net No disinfected C:\Program Files\NewDotNet\newdotnet6_38.dll
Spyware:Spyware/New.net No disinfected C:\Program Files\NewDotNet\uninstall6_38.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Preview AdService\PrevAdComm.dll
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\TVSv2.dll
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\TVS_B.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\tvs_clean.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\tvs_ln.exe
Adware:Adware/BroadcastPC No disinfected C:\Program Files\tvs\tvs_re_inst.exe
Virus:W32/Bagz.S.worm Disinfected C:\RECYCLER\S-1-5-21-1904607352-1065543706-2027339946-1005\Dc1.exe
Virus:Bck/Combo.B Disinfected C:\RECYCLER\S-1-5-21-1904607352-1065543706-2027339946-1005\Dc2.exe
Adware:Adware/Findspy No disinfected C:\RECYCLER\S-1-5-21-1904607352-1065543706-2027339946-1005\Dc3.exe
Adware:Adware/Findspy No disinfected C:\RECYCLER\S-1-5-21-1904607352-1065543706-2027339946-1005\Dc5.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\axeesps.exe
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\BDE\bdeimage.dll
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\BDE\Cache\bdedetect1.dll
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\2504041110.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\AdSmartMedia_bundle.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adv0ltc0m.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ast_5_adsav.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Beryllium.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bruzmoh.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-tsrkqn.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Century.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\CSV7P070.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\cxt_big.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Decade.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\desktrf-162813.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ez_advolt.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\HelperInstaller.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\icmedia2_56.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\ICMMedia_1cmm3d1a.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\InvestorIntelligenceInstallWeb.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\optimizejames.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\runsearch.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\s4Sept.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\sahagent-dectest1001.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\saie1101.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Setup.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_silent_26221.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\shopinst.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\snackman.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\SSK_B5.EXE
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\stlb2_seed.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\thin-8-1-x-x.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\TrafficSpec8.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\Verti1.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\vl_ezstub.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\winversion.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\inf\bi6.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\dlmax.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\polall1r.inf
Adware:Adware/Findspy No disinfected C:\WINDOWS\jepiiic.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\kltgwcc.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\ksaybek.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\kxqlwki.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\msbb.log
Adware:Adware/nCase No disinfected C:\WINDOWS\msbbau.dat
Adware:Adware/nCase No disinfected C:\WINDOWS\msbbau_update.dat
Adware:Adware/nCase No disinfected C:\WINDOWS\msbb_gdf.dat
Adware:Adware/nCase No disinfected C:\WINDOWS\msbb_kyf.dat
Adware:Adware/nCase No disinfected C:\WINDOWS\msbb_kyf_update.dat
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\msxmidi.exe
Adware:Adware/NewDotNet.A No disinfected C:\WINDOWS\NDNuninstall4_50.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall4_88.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_10.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_22.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_30.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\NDNuninstall6_38.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\rptlsdh.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\rysuisu.exe
Adware:Adware/NetPals No disinfected C:\WINDOWS\system32\atiupdate5.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\bbchk.exe
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\system32\bdedata2.dll
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\system32\bdedownloader.dll
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\system32\bdefdi.dll
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\system32\bdeinsta25.dll
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\system32\bdeinstall.exe
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\system32\bdeload.dll
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\system32\BDESac10.dll
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\system32\bdeverify.dll
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\system32\bdeverify.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\exclean.exe
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\exul.exe
Adware:Adware/CWS.Flsmngr No disinfected C:\WINDOWS\system32\flsmngr.dll
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\ide21201.vxd
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\javexulm.vxd
Adware:Adware/Findspy No disinfected C:\WINDOWS\system32\kxvkkmby.exe
Adware:Adware/BlazeFind No disinfected C:\WINDOWS\system32\lcinstaller.exe
Adware:Adware/Megasearch No disinfected C:\WINDOWS\system32\megaV2Wbr.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exul.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[javexulm.vxd]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[msexreg.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exclean.exe]
Virus:W32/Bagz.S.worm Disinfected C:\WINDOWS\system32\scombo.exe
Virus:Bck/Combo.B Disinfected C:\WINDOWS\system32\scombop.exe
Adware:Adware/Adsmart No disinfected C:\WINDOWS\system32\thun.dll
Virus:Trj/Small.LQ Disinfected C:\WINDOWS\system32\thun32.dll
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\system32\tsuninst.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\vx0.nls
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.bin
Adware:Adware/Findspy No disinfected C:\WINDOWS\tuxfxmh.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\twptixj.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\xtdemij.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\yvbxivy.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\zeta.exe

#26
coachwife6

Posted 24 May 2005 - 04:42 AM

SuperStar

Retired Staff
11,413 posts

Please scan your system with Ad-aware:
Ad-aware SE - Download - Home Page

If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.
Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".
Once the definitions have been updated:
Reconfigure Ad-Aware for Full Scan as per the following instructions:
- Launch the program, and click on the Gear at the top of the start screen.
- Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
  - "Automatically save logfile"
  - Automatically quarantine objects prior to removal"
  - Safe Mode (always request confirmation)
  - Prompt to update outdated confirmation) - Change to 7 days.
- Click the "Scanning" button (On the left side).
- Under Drives & Folders, select "Scan within Archives"
- Click "Click here to select Drives + folders" and select your installed hard drives.
- Under Memory & Registry, select all options.
- Click the "Advanced" button (On the left hand side).
- Under "Shell Integration", select "Move deleted files to Recycle Bin".
- Under "Log-file detail", select all options.
- Click on the "Defaults" button on the left.
- Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
- Click the "Tweak" button (Again, on the left hand side).
- Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:
  - "Unload recognized processes during scanning."
  - "Obtain command line of scanned processes"
  - "Scan registry for all users instead of current user only"
- Under "Cleaning Engine", select the following:
  - "Automatically try to unregister objects prior to deletion."
  - "During removal, unload explorer and IE if necessary"
  - "Let Windows remove files in use at next reboot."
  - "Delete quarrantined objects after restoring"
- Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
- Click on "Proceed" to save these Preferences.
- Click on the "Scan Now" button on the left.
- Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
Close all programs except ad-aware.
Click on "Next" in the bottom right corner to start the scan.
Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Click OK and Disk Cleanup will delete those files for you.

If you would please, rescan with HijackThis and post a fresh log in this same topic.

#27
crimsoncuda

Posted 26 May 2005 - 05:40 PM

Member

Topic Starter
Member
25 posts

Here you go, sorry for the delay.

Logfile of HijackThis v1.99.1
Scan saved at 4:36:01 PM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\CePMTray.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\xtdemij.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [nkwtfin] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [bpvbhou] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [ouutsww] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [ruwpbwu] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [hkwtqkv] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [dnyjakt] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [vuhtlde] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [bgiymcb] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [dkrhmcn] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [xwjqjhb] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [sfeywhr] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [lekhrcr] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [obrsweq] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [jxkbwod] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [kqxepvn] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [amyciua] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [rncprtu] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [cgceefm] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [wbgihwh] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [glkoent] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [fmjqglt] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [gxmnlet] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ooiwiww] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [gbdjexj] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [onlfcsh] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [vbthhvj] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [mencadt] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [oqpjoqx] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [lpuxmiq] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ecobhfl] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ovueiyq] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [hggmkni] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [gfomret] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [pibwoyw] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [jprkqgf] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [tpjhdte] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [pmlglse] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [vutsiud] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [cuglbke] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ylgpsyn] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [pnqymfs] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [jsqhekg] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [jhyisrc] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [vqxjlne] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [lmpnxqu] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xmuqmvu] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [oosvmgn] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [tmeearg] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [stjlqea] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [aaqwaru] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [darogls] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [dtkciwi] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xhcvtdg] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [fsrvher] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [fcjggyu] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nysensi] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [wngveks] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [pynwvhc] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xlkptck] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nmujvgn] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [gwkmvks] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [kcvjbhb] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [aepcisx] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [tvsbsfj] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [utgihko] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [doendlr] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [yatmith] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [owbrkfl] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xspaars] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [hhccxpj] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [sluqhet] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [kurpitm] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [gsdearm] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [psvycgk] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [byoemfi] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [eqwtpsh] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [sjnbegf] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [qcpxtmg] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [virxgob] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [wddgjhn] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [lafaouw] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [cnfitoe] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [vmscjsm] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ubbbiex] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [rwnnenm] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ghbtfwk] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [scxmtuj] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [fnlscxy] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [snmocmo] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [obgswea] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [tmhnofo] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nydescy] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [bqroayi] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xwijrss] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [iwlsxif] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [wkwgbhx] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [vnnvtmq] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [eokebpd] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [arnlfch] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ssnkenn] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [lfsmpdu] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [muwoitg] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [lphqlby] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ytqmagc] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [sppxtpr] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [yjoqmhw] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nttmwmg] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nlqjkrl] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [pqwtvpl] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ufladod] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [tbpbjqa] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xcsqbyw] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nqpgitq] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [atwdhls] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ycnbtxw] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [losgkgd] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [rgeetdd] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [refismr] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nsskkfk] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [undgmyh] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [swdjqaw] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [mgylici] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [wylcnsq] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [njxohcs] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [brgoimd] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [byrgqsh] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xecusnh] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [fsqkyeb] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [wlsxjkp] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [rvpevpp] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [tdfaubj] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [dgutolh] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [mmiudie] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [rfpucao] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [cdtqwhs] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [wrwqvej] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [mnfjtgn] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [sskoiac] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [pinhdas] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [neuuusk] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [nsqqpij] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [mmnxqkc] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [njlnibn] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [gwgxdfy] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [pqdwqiw] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [byyvnlh] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [gjefktf] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [soaylfm] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [xbmtepl] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [hookmnm] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [qksrjyo] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [xirlbkp] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [gaeibsq] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [laeijyn] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [ruqvmkd] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [sabxjdc] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [qkjhkml] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [anixpvs] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [dqwcqej] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [shiyysu] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [waghimg] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [ulblqwe] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [hsxoche] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [yqhgpld] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [yjfrjet] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [knaycvp] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [hydossm] c:\windows\kltgwcc.exe
O4 - HKCU\..\Run: [tjaseeh] c:\windows\kltgwcc.exe
O4 - HKCU\..\Run: [vcmqkcd] c:\windows\kltgwcc.exe
O4 - HKCU\..\Run: [lftlhfj] c:\windows\kltgwcc.exe
O4 - HKCU\..\Run: [iobqyiw] c:\windows\kltgwcc.exe
O4 - HKCU\..\Run: [ufdeiyg] c:\windows\yvbxivy.exe
O4 - HKCU\..\Run: [bxofmdq] c:\windows\yvbxivy.exe
O4 - HKCU\..\Run: [ycqtjsu] c:\windows\yvbxivy.exe
O4 - HKCU\..\Run: [asxbpno] c:\windows\yvbxivy.exe
O4 - HKCU\..\Run: [fqcigmx] c:\windows\yvbxivy.exe
O4 - HKCU\..\Run: [koxuwvb] c:\windows\tuxfxmh.exe
O4 - HKCU\..\Run: [homhgae] c:\windows\tuxfxmh.exe
O4 - HKCU\..\Run: [lgnfnqk] c:\windows\tuxfxmh.exe
O4 - HKCU\..\Run: [trbjepy] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [elpkykv] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [xpbtgcj] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [pquqklb] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [qtviktc] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [sigpwsf] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [jpatfvy] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [rcvygsn] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [fgyench] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [tipnvyx] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [utxlsiq] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [bgwejwe] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [hlvijtq] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [bdcshqh] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [hskkliq] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [idxevuv] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [pcendkr] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [ldklsmj] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [uorqdwo] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [vfegbuu] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [wmtyqkl] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [oypffpb] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [rcwmhhq] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [qqcdwrd] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [kugbnpt] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [ljeyfcx] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [nfsvyqk] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [gnobnky] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [skdokfg] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [nfnvxtk] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [dflruhm] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [aeffqxx] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [puisars] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [kqymuyq] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [fesgwpw] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [ijrtkei] c:\windows\xyhrjss.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115312308842
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#28
coachwife6

Posted 27 May 2005 - 10:56 PM

SuperStar

Retired Staff
11,413 posts

Let's try this again. :tazz:

Open task manager Ctrl>>alt>>del
And stop this process if it is running.

C:\windows\xtdemij.exe

Run Hijack This and put a check mark next to these.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R3 - Default URLSearchHook is missing

O4 - HKCU\..\Run: [nkwtfin] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [bpvbhou] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [ouutsww] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [ruwpbwu] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [hkwtqkv] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [dnyjakt] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [vuhtlde] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [bgiymcb] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [dkrhmcn] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [xwjqjhb] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [sfeywhr] c:\windows\xtdemij.exe
O4 - HKCU\..\Run: [lekhrcr] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [obrsweq] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [jxkbwod] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [kqxepvn] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [amyciua] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [rncprtu] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [cgceefm] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [wbgihwh] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [glkoent] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [fmjqglt] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [gxmnlet] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ooiwiww] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [gbdjexj] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [onlfcsh] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [vbthhvj] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [mencadt] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [oqpjoqx] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [lpuxmiq] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ecobhfl] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ovueiyq] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [hggmkni] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [gfomret] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [pibwoyw] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [jprkqgf] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [tpjhdte] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [pmlglse] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [vutsiud] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [cuglbke] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ylgpsyn] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [pnqymfs] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [jsqhekg] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [jhyisrc] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [vqxjlne] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [lmpnxqu] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xmuqmvu] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [oosvmgn] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [tmeearg] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [stjlqea] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [aaqwaru] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [darogls] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [dtkciwi] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xhcvtdg] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [fsrvher] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [fcjggyu] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nysensi] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [wngveks] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [pynwvhc] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xlkptck] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nmujvgn] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [gwkmvks] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [kcvjbhb] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [aepcisx] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [tvsbsfj] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [utgihko] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [doendlr] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [yatmith] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [owbrkfl] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xspaars] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [hhccxpj] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [sluqhet] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [kurpitm] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [gsdearm] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [psvycgk] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [byoemfi] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [eqwtpsh] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [sjnbegf] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [qcpxtmg] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [virxgob] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [wddgjhn] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [lafaouw] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [cnfitoe] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [vmscjsm] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ubbbiex] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [rwnnenm] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ghbtfwk] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [scxmtuj] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [fnlscxy] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [snmocmo] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [obgswea] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [tmhnofo] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nydescy] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [bqroayi] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xwijrss] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [iwlsxif] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [wkwgbhx] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [vnnvtmq] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [eokebpd] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [arnlfch] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ssnkenn] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [lfsmpdu] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [muwoitg] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [lphqlby] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ytqmagc] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [sppxtpr] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [yjoqmhw] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nttmwmg] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nlqjkrl] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [pqwtvpl] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ufladod] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [tbpbjqa] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xcsqbyw] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nqpgitq] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [atwdhls] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [ycnbtxw] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [losgkgd] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [rgeetdd] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [refismr] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [nsskkfk] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [undgmyh] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [swdjqaw] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [mgylici] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [wylcnsq] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [njxohcs] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [brgoimd] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [byrgqsh] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [xecusnh] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [fsqkyeb] c:\windows\jepiiic.exe
O4 - HKCU\..\Run: [wlsxjkp] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [rvpevpp] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [tdfaubj] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [dgutolh] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [mmiudie] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [rfpucao] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [cdtqwhs] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [wrwqvej] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [mnfjtgn] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [sskoiac] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [pinhdas] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [neuuusk] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [nsqqpij] c:\windows\ksaybek.exe
O4 - HKCU\..\Run: [mmnxqkc] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [njlnibn] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [gwgxdfy] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [pqdwqiw] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [byyvnlh] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [gjefktf] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [soaylfm] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [xbmtepl] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [hookmnm] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [qksrjyo] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [xirlbkp] c:\windows\twptixj.exe
O4 - HKCU\..\Run: [gaeibsq] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [laeijyn] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [ruqvmkd] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [sabxjdc] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [qkjhkml] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [anixpvs] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [dqwcqej] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [shiyysu] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [waghimg] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [ulblqwe] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [hsxoche] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [yqhgpld] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [yjfrjet] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [knaycvp] c:\windows\kxqlwki.exe
O4 - HKCU\..\Run: [hydossm] c:\windows\kltgwcc.exe
O4 - HKCU\..\Run: [tjaseeh] c:\windows\kltgwcc.exe
O4 - HKCU\..\Run: [vcmqkcd] c:\windows\kltgwcc.exe
O4 - HKCU\..\Run: [lftlhfj] c:\windows\kltgwcc.exe
O4 - HKCU\..\Run: [iobqyiw] c:\windows\kltgwcc.exe
O4 - HKCU\..\Run: [ufdeiyg] c:\windows\yvbxivy.exe
O4 - HKCU\..\Run: [bxofmdq] c:\windows\yvbxivy.exe
O4 - HKCU\..\Run: [ycqtjsu] c:\windows\yvbxivy.exe
O4 - HKCU\..\Run: [asxbpno] c:\windows\yvbxivy.exe
O4 - HKCU\..\Run: [fqcigmx] c:\windows\yvbxivy.exe
O4 - HKCU\..\Run: [koxuwvb] c:\windows\tuxfxmh.exe
O4 - HKCU\..\Run: [homhgae] c:\windows\tuxfxmh.exe
O4 - HKCU\..\Run: [lgnfnqk] c:\windows\tuxfxmh.exe
O4 - HKCU\..\Run: [trbjepy] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [elpkykv] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [xpbtgcj] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [pquqklb] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [qtviktc] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [sigpwsf] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [jpatfvy] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [rcvygsn] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [fgyench] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [tipnvyx] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [utxlsiq] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [bgwejwe] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [hlvijtq] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [bdcshqh] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [hskkliq] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [idxevuv] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [pcendkr] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [ldklsmj] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [uorqdwo] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [vfegbuu] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [wmtyqkl] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [oypffpb] c:\windows\rysuisu.exe
O4 - HKCU\..\Run: [rcwmhhq] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [qqcdwrd] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [kugbnpt] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [ljeyfcx] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [nfsvyqk] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [gnobnky] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [skdokfg] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [nfnvxtk] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [dflruhm] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [aeffqxx] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [puisars] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [kqymuyq] c:\windows\cqetdpt.exe
O4 - HKCU\..\Run: [fesgwpw] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [ijrtkei] c:\windows\xyhrjss.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE<<resource hog

Reboot into safe mode and run Killbox.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting them and pressing CTRL + C:

c:\windows\cqetdpt.exe
c:\windows\xyhrjss.exe
c:\windows\tuxfxmh.exe
c:\windows\rysuisu.exe
c:\windows\ksaybek.exe
c:\windows\kxqlwki.exe
c:\windows\kltgwcc.exe
c:\windows\xtdemij.exe
c:\windows\jepiiic.exe
c:\windows\yvbxivy.exe
c:\windows\jepiiic.exe
c:\windows\ksaybek.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Run CleanUp, Reboot and post a new Hijack This log.

#29
crimsoncuda

Posted 28 May 2005 - 10:44 AM

Member

Topic Starter
Member
25 posts

Here you go.

Logfile of HijackThis v1.99.1
Scan saved at 9:32:37 AM, on 5/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\CePMTray.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\windows\yfhcfht.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [lgcspox] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [anbhraq] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [amlaesj] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [hnhgkpj] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [hhifbov] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [hikhrmc] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [yhjmdmb] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [gggxrql] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [djvpblv] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [bcxaruj] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [pasykfo] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [xkglkfm] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [ikuntyv] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [jptbnsx] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [pwkupwh] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [lmxdaam] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [ycyaoww] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [pnmnxqa] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [yspbkeq] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [kmnknlg] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [yrfxvel] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [vqmitur] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [gyptwhe] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [bvpgtud] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [nahkmwj] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [xqwqgbf] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [rqhoobx] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [mmwppuh] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [enxewnt] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [kklfael] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [iurrfce] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [lpfmjsb] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [gbfdwpw] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [xvkqnuj] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [wlkkyqp] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [acsdils] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [ldmnapp] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [uocebcy] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [estlfuj] c:\windows\ffnvelx.exe
O4 - HKCU\..\Run: [agebknx] c:\windows\ffnvelx.exe
O4 - HKCU\..\Run: [buncysg] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [oodpnic] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [xgvoyqo] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [rfyqsof] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [sdxtjey] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [bptlsae] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [kgtgcwh] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [idgrcug] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [shkvyiv] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [fuwprip] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [bqldrfv] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [rfayups] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [vemepqa] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [angatsm] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [kqvkrad] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [eatahqv] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [highlpa] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [tpbybkh] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [nrkqgkw] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [pewsgof] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [cuasbgn] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [wtmiixr] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [dulryba] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [ugrrnuc] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [nssxews] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [ykarxbt] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [kroeorg] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [wfdhbex] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [sdjqtxp] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [qixlwdl] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [xagoywh] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [tgewssu] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [rkjaygo] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [qirhneb] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [qjbfeto] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [olebneu] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [igdvwht] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [nxmaueo] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [wxgwhni] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [fnmsgwp] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [idjrtko] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [udoxydi] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [eafnhkl] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [kkqlmgq] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [acrdsrc] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [uardmke] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [eusuedn] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [vxymsqu] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [jnuwstj] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [okpjesd] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [reqesro] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [tqybcyv] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [crfcqfe] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [xqmpaqq] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [qffxoch] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [dkvnikq] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [gkkjcmb] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [ghhwcig] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [skxnuht] c:\windows\qocyuqn.exe
O4 - HKCU\..\Run: [kcboukl] c:\windows\qocyuqn.exe
O4 - HKCU\..\Run: [tneifiy] c:\windows\urgkgjl.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115312308842
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#30
coachwife6

Posted 28 May 2005 - 11:39 AM

SuperStar

Retired Staff
11,413 posts

Click My Computer, then C:\ and then on Program Files.
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.

* Download this regfix: HSfix
Unzip it and place it on your desktop, don't use it yet!

* Download and install Ccleaner
Do not use it yet.

* Please download ewido:
http://www.ewido.net/en/download/
Let it update, but don't let it scan yet!!

*It's better to print out these instructions out, because you have a lot of steps to take, so you have a better look on it and this page wouldn't be available all the time. It's also really important you perform everything in the right order.

*Please reboot your system into SAFE MODE.
°To get into the Windows XP Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.

*Start hijackthis and click scan and put a checkmark next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm

O4 - HKCU\..\Run: [lgcspox] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [anbhraq] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [amlaesj] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [hnhgkpj] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [hhifbov] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [hikhrmc] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [yhjmdmb] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [gggxrql] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [djvpblv] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [bcxaruj] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [pasykfo] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [xkglkfm] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [ikuntyv] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [jptbnsx] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [pwkupwh] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [lmxdaam] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [ycyaoww] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [pnmnxqa] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [yspbkeq] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [kmnknlg] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [yrfxvel] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [vqmitur] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [gyptwhe] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [bvpgtud] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [nahkmwj] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [xqwqgbf] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [rqhoobx] c:\windows\xyhrjss.exe
O4 - HKCU\..\Run: [mmwppuh] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [enxewnt] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [kklfael] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [iurrfce] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [lpfmjsb] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [gbfdwpw] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [xvkqnuj] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [wlkkyqp] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [acsdils] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [ldmnapp] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [uocebcy] c:\windows\yfhcfht.exe
O4 - HKCU\..\Run: [estlfuj] c:\windows\ffnvelx.exe
O4 - HKCU\..\Run: [agebknx] c:\windows\ffnvelx.exe
O4 - HKCU\..\Run: [buncysg] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [oodpnic] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [xgvoyqo] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [rfyqsof] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [sdxtjey] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [bptlsae] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [kgtgcwh] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [idgrcug] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [shkvyiv] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [fuwprip] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [bqldrfv] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [rfayups] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [vemepqa] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [angatsm] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [kqvkrad] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [eatahqv] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [highlpa] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [tpbybkh] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [nrkqgkw] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [pewsgof] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [cuasbgn] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [wtmiixr] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [dulryba] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [ugrrnuc] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [nssxews] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [ykarxbt] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [kroeorg] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [wfdhbex] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [sdjqtxp] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [qixlwdl] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [xagoywh] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [tgewssu] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [rkjaygo] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [qirhneb] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [qjbfeto] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [olebneu] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [igdvwht] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [nxmaueo] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [wxgwhni] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [fnmsgwp] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [idjrtko] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [udoxydi] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [eafnhkl] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [kkqlmgq] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [acrdsrc] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [uardmke] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [eusuedn] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [vxymsqu] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [jnuwstj] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [okpjesd] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [reqesro] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [tqybcyv] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [crfcqfe] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [xqmpaqq] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [qffxoch] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [dkvnikq] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [gkkjcmb] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [ghhwcig] c:\windows\efaliog.exe
O4 - HKCU\..\Run: [skxnuht] c:\windows\qocyuqn.exe
O4 - HKCU\..\Run: [kcboukl] c:\windows\qocyuqn.exe
O4 - HKCU\..\Run: [tneifiy] c:\windows\urgkgjl.exe

*Close all open windows except hijackthis and click 'Fix Checked'.

REboot into safe mode.

*Navigate to and delete the following files if present:

c:\windows\xyhrjss.exe
c:\windows\yfhcfht.exe
c:\windows\ffnvelx.exe
c:\windows\efaliog.exe
c:\windows\qocyuqn.exe
c:\windows\urgkgjl.exe

*Start Aboutbuster and let it scan. Click Ok/yes for every instruction that aboutbuster is giving you.
Let it scan a second time to make sure it can get rid of everything.
When finished, click 'save log'

*Start Cwshredder and click FIX

* Doubleclick on HSfix you downloaded earlier before which is present on your desktop and when it asks you if you want to add the contents to the registry, click yes/ok

* Start Ccleaner and click Run cleaner

* Still in safe mode, perform a full scan with ewido and let it delete everything it is finding!
When done, you'll get the option to make a log and save it.
So save it because I'll need it later.

*Go to start>Control Panel>Internet Options>tab programs> and click restore websettings.

*Reboot your PC back to normal.

*Post a new hijackthis-log + log aboutbuster + ewido-log