Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

abcsearch4u [RESOLVED]

Started by szwag , May 31 2005 01:40 AM

  • This topic is locked This topic is locked

#16
szwag
Posted 03 June 2005 - 12:44 AM

szwag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I'm back... I did make a mistake - I did run AboutBlaster in NL mode before I did 2nd time in the safe mode. Something went wrong ADS not scanned ? After reboot to the NL mode I got again so much already hated abcsearch4u /HP and under IE and URL - as per Microsoft antispyware settings - they keep changing/.

AboutBuster 5.0 reference file 28
Scan started on [06/03/2005] at [1:37:19 AM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:38:43 AM


AboutBuster 5.0 reference file 28
Scan started on [06/03/2005] at [1:47:12 AM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:48:06 AM


AboutBuster 5.0 reference file 28
Scan started on [06/03/2005] at [2:15:59 AM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:17:00 AM


Logfile of HijackThis v1.99.1
Scan saved at 2:09:06 AM, on 06/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\mirek\My Documents\PrOgRaMs\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {38D2A281-0444-433C-9ED6-A2851795F32A} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Y357RXJ7g] penvol32.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [hmeufom] c:\windows\xprbbku.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [jjjpjju] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [yvjgrpe] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [kpwdyyf] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [jguexnp] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [ohblcig] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [nuxuieo] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [beklrui] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [lihxlod] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [cwelyxi] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [lagncer] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [ubqnsjp] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [sfxteed] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [lsssehp] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [nlikulo] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [svtswom] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [lgunyfa] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [pxoaoaf] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [ymxhfbv] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [jjcsjxt] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [pcpwwme] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [blwbfee] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [gsihkir] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [ypqybfc] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [kpgfhkt] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [xtbbmck] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [pcwexwd] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [lpxbtpq] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [fwsoeei] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [kybadle] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [dptuvlc] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [wkochna] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [sepmcom] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [qpnlnex] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [vlrrevv] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [lcyjsos] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [jtxhqxq] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [drclagx] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [btpivww] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [roaqnmy] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [kyrlmcs] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [vojmtwb] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [kshoajl] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [upvnuch] c:\windows\nmuxpdw.exe
O4 - HKCU\..\Run: [tifvwuw] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [igkpaut] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [qugnewc] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [yyuxgot] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ridntsb] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [cixdcyk] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [glwprrw] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [gomywbe] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [vryhmpu] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ihrherc] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [slcrnku] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [agaaoks] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [vaymdhp] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ewptruv] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [xgxvjik] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [addploi] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [iuwrxah] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ddlmrcx] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [pdysjsl] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [afcuepf] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [wpbrurl] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [xpwnovv] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ftqpsjw] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [crtrmjb] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [mnohelm] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [bwajshr] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [nnfjkte] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [osvpatd] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [kpqioaw] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [mefmdxg] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [jdyjwxi] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [mpbywho] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [umqqgej] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [kkpkecf] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [kvpjuoi] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [oejhkmm] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [hnhybec] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [vcauhhl] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [obgmnob] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [qmbyuhe] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [wnwubet] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [lihdpta] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ysqecnq] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [mabiuli] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [nxlnasa] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [aqlwsum] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [mtlerbq] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [lfcrmef] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [skbekfj] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [jcxgjgc] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [nmihkgf] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [eysyvhu] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ihskydo] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [wvofwvy] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [qadowid] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [hyuwmwc] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [hyangtq] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [htenjue] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [gufaeri] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [adkwkqd] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [fguimmi] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [jnglvfb] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [fblrest] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [xefymii] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [yxtbhex] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [kinxjij] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [uamokyu] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [suopmgp] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [shkkdsu] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [gfcjkhn] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [cpblwtf] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [rmrwknn] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [fgjihmj] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [smkqtgo] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [suxbmop] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [powfkto] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [tbkdioi] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [kgrxbar] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [uagqyik] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [gxuijii] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [srvixmw] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [hsxvpkd] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [fmulidd] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [hgmiqxn] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [jeqmlky] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [nsieasm] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [rayatkp] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [urporum] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [jdnjuti] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [bfdxufx] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [dxbqfpb] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ayslvla] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [tferxnt] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [hmfhekj] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [rxncblk] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [yfknwwu] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [hmofpsh] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [xxvltqo] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [bjemwik] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [hcjlwco] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [kvamcwl] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [kehpeml] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [nqcjcyu] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [tiutsof] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [tpjaukg] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [trrbtdd] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ireopro] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [efkbvqy] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ashxdfq] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [kekriwi] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [oldfowb] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [uytobxq] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [iljgytm] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [myensph] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [vgrmbme] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [fhhmauw] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [jnhmjav] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [wpgdqdg] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [xgwvqjr] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [anprcxf] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [rwcwmkd] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [udpvgpi] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [kwaritg] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [jlrrvmg] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [oxgbxph] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [klgrudy] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ljcmxtq] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [vlyqcra] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [rxbftsb] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [mdedpcb] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [javnatc] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [bdqgcky] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [voovyac] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ijsgily] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [osccmug] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [fptpqgg] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [nlywgyc] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [fvtoxnx] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [vmqffcl] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [bbnioky] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [shrnobe] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [duvxgcc] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [msuquky] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [kbiimrg] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [nmpbeav] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [ovgnvaw] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [qthviof] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [teavkik] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [vrecuhi] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [eanwmoy] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [firxwtt] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [geegndi] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [dasfuor] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [glgowao] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [htjmjgt] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [yreewbl] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [cppapdc] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [swokmxq] c:\windows\luwjsgc.exe
O4 - HKCU\..\Run: [breshhf] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [aplofby] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [jbnobkm] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [pickskq] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [miemvne] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [uumciar] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [eypqdwf] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [uxwutgf] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [senkhhe] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [skaphkj] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [vaphgsm] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [jvccbwo] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [nbsirpq] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [qytgauu] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [ywqtscj] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [nljbout] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [nilaiyj] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [rutslcq] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [wumvykh] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [lquynwc] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [hypbhoq] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [oijyyjh] c:\windows\cnlmytc.exe
O4 - HKCU\..\Run: [lxnwrfa] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [mnjoxrp] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [clctitt] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [ouldcsn] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [jtvrepf] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [sthjcil] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [vlfofox] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [arfuxra] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [igkywmv] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [fdyntnd] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [jlilwkq] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [rhgclhv] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [oeixfij] c:\windows\fgoabxn.exe
O4 - HKCU\..\Run: [gajfavf] c:\windows\ykeafru.exe
O4 - HKCU\..\Run: [lbonpcr] c:\windows\ykeafru.exe
O4 - HKCU\..\Run: [nhvvknw] c:\windows\ykeafru.exe
O4 - HKCU\..\Run: [dktnrpj] c:\windows\ykeafru.exe
O4 - HKCU\..\Run: [cigreud] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [ildtkva] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [mmhmsjh] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [kqxrjhu] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [ihwqyqw] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [ayhghwx] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [gbxerad] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [mgcydth] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [obuxjce] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [leaxtpq] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [uydbswx] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [somxjmd] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [prlhqpp] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [npmpldi] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [myulkwf] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [wdioxon] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [rhaxhrq] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [rsyxoql] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [nrrglmt] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [mqjkvay] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [rtivdpf] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [gspxbkp] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [kpwndkd] c:\windows\hxywohr.exe
O4 - HKCU\..\Run: [tqvkykb] c:\windows\qedqxbc.exe
O4 - HKCU\..\Run: [rkywvip] c:\windows\qedqxbc.exe
O4 - HKCU\..\Run: [ldauioa] c:\windows\kwgyaqy.exe
O4 - HKCU\..\Run: [hcsligw] c:\windows\kwgyaqy.exe
O4 - HKCU\..\Run: [lwlvuff] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [kmyhyqc] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [skwhoyr] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [rcmlfwb] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [xjxrbmd] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [tbuiwkt] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [logmjbu] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [kwmfaob] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [akirhpe] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [gkndrdm] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [mqtoubx] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [bgreigh] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [kfkbqeh] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [ydbasaj] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [epsxwpl] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [cyorfem] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [pccutlv] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [mwsaufk] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [evheevp] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [iueyqwc] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [vxwutee] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [rdpkcpa] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [ivwlpfs] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [xcnmkxp] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [behygby] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [ttdrykm] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [putooxr] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [jkfbapf] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [tgincpr] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [cvitavl] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [djgftxm] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [gjqypqb] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [dkufmve] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [gdjdybg] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [yhhcdln] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [jhqhavs] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [rhxhwuv] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [wcaetki] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [fdyftpe] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [ltsaqsu] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [mvryvmh] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [ufbhfov] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [uxtyyhb] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [llseiic] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [xsgjchp] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [qypydwy] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [oacicsq] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [cubdivd] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [rejwivy] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [altfhhi] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [blsdmer] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [bpirjit] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [spxjhty] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [jvymgum] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [pxieknm] c:\windows\rpcfsss.exe
O4 - HKCU\..\Run: [ispeium] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [tcbhgos] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [scadqok] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [hitrqfn] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [lhpstam] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [wnbvllj] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [deayxdf] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [jgtjvpi] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [fspdpmj] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [udyrxig] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [odqxylq] c:\windows\sxihexe.exe
O4 - HKCU\..\Run: [wnqjqgq] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [hdmwbnk] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [iumpmyw] c:\windows\sxihexe.exe
O4 - HKCU\..\Run: [awslbwx] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [barksqb] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [gtgubii] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [pxbxwfh] c:\windows\sxihexe.exe
O4 - HKCU\..\Run: [slwcxqt] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [uqdhfgj] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [iwbdoxo] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [nqphdcb] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [regcklj] c:\windows\sxihexe.exe
O4 - HKCU\..\Run: [ibghctf] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [amgqrfq] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [clixsjj] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [gcvgnsd] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [uooidsn] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [ccggunf] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [mprkmit] c:\windows\sxihexe.exe
O4 - HKCU\..\Run: [mhwgyuw] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [xpbhdaq] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [oqphwen] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [awyjynh] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ajqnqan] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [yyjtfvw] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [hsgjoyp] c:\windows\sxihexe.exe
O4 - HKCU\..\Run: [vanqfqq] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [krvbsbs] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [whxfoya] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [ajixugw] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [iwxssel] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [kswcsis] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [uuuqcmx] c:\windows\sxihexe.exe
O4 - HKCU\..\Run: [olwbgvh] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [jitpjaj] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [tmfkjkd] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [xsbrjbn] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [fxbguia] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [ffucdku] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [sksyiqx] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [rxkyvgp] c:\windows\sxihexe.exe
O4 - HKCU\..\Run: [djbqnxi] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [eerganb] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [lwlooku] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [nvcvkdd] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [btmwajy] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [agugjsp] c:\windows\sxihexe.exe
O4 - HKCU\..\Run: [vfduuxp] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [dwsuwob] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [hbyscod] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [ckjeawj] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [flctqeh] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [rfvwhxp] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [jxewxdw] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [myebuik] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [cdkvebf] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [nemuiss] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [oinpewc] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [nravxug] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [efhntju] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [qiigrtl] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [ocvdnfp] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [mwyarkt] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [xpfqcqw] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [qntmpno] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [rfoecam] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [thugqqb] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [ytotyhs] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [gogmdmd] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [gxtbjus] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [vyuicqp] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [ypchvke] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [gytqnwd] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [kbtomay] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [epngove] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [xasvppd] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [rcvfgpr] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [etbomay] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [libkbll] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [tukvcbq] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [pwcymyp] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [upwvvvu] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [wesayha] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [mxjjolc] c:\windows\qbqngjs.exe
O4 - HKCU\..\Run: [erljxcc] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [ojjpwea] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [kcuqfgd] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [aavfgqh] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [yqplwpy] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [fvoobxf] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [tsxukqe] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [ortjvpq] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [xkrhhre] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [mwuaddm] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [iqujtai] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [tvabahj] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [fqcgsbj] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [pigfufc] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [yglgkja] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [tsedwto] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [rhbxcur] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [qoumcvj] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [yeonuin] c:\windows\uuwxhqc.exe
O4 - HKCU\..\Run: [ctcadfy] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [awcfubs] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [pksmiuu] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [mevyrfe] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [gchqyyd] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [punybke] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [fnpxkbt] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [lkcbnqc] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [vaoaheg] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [tcvxcne] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [hkhtnqm] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [njobwjt] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [wiimbvt] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [vhqvgdi] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [lqxodxw] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [ohovoka] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [tythyps] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ydaeajj] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [itjchlw] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [edxijbj] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [kkvujcw] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [fwuixat] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ghrlyea] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [otryktq] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [qiufqcd] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [idygpjl] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [muqepdo] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [wagwrad] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [jyrngir] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [gyfdnks] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [xkfjywr] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [qtddicb] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [tymaoux] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [vsbqorw] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [dbvaxiq] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [aknigrd] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [jeexpjd] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ycyapim] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [xtusfsl] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [okagtyf] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [jgdxaxd] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [iwmkpkj] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [xvvsyfd] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [pofcdaj] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [hbnwngd] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [bewpukh] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [skgttoq] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [vihlwsk] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [ekbpvdf] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [rrswmrj] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [xonkawr] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [ovvctku] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [lmvqkod] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [roewjjx] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [rjpveac] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [uksxrhg] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [ckbnhbn] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ewuqmts] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [xvijpqf] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [tjjhdxu] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [pkcveua] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [yqnvrdo] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ekymojj] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [jgdfbkg] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [vxxmbig] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [rhpbmlr] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [mmwnoss] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [yaecbpg] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [tgnyovs] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [anpthjp] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [pwxbhfx] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [dpoarmx] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ilbeynl] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [iredrey] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [rksribj] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [gisrnnq] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [ojpiofw] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [fmmgnpi] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [ogdgoqw] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [mchppmu] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [xtxgfwg] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [ipetyae] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [fxoytja] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [grochte] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [rwgytwr] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [xpglknr] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [cortiyp] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [btkarml] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [hgshsmr] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [fnsihbf] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [lmtqjff] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [nmetfsu] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [wbgmstl] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [glstyve] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [tpvggkj] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [tdutigg] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [vhorqfq] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ykascop] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [aaivhot] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [kcblxth] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [irxmwav] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [bgsyfnj] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [uestrei] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [gqhijqn] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [dudmqru] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [yajdgxk] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [qeamvko] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [kktwkwo] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [ouipnao] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [ewshnar] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [kmpssyf] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [owvyspw] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ygageyx] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [bftkbln] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [svrmenk] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [cfmbube] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [fvnigyw] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [vtxcahr] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [ekkvkgc] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [sdsqwlt] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [kcacltj] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [cdehbnx] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [wkqgosf] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [dsgtkot] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [uwxnufo] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [cvshbam] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [dntnkkv] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [wubdvax] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [mekuckn] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [hjwolum] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [ycauykf] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [fbpjbhb] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [vnvbfls] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [qcndogm] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [cfhmgse] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [luliycl] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [evhjmqu] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [xbcwuwf] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [bbplcnq] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [cuinbxb] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [ljgawob] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [vjkrxvw] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [iqifddr] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [qgkbfrj] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [qcupdxj] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [qgxjcgu] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [ciwyrpa] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [bqpnbvd] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [ydiaqlf] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [csobqna] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [mjeoacy] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [urtagfx] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [qxacccf] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [pyvywwu] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [yeapjrg] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [wmxbjcu] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [itmrwig] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ffkpbhy] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [wnvtiyo] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [fwuyleq] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [ohwjdie] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [ujymxds] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [iflcrmx] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [plkcnah] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [ioymcco] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [hqdokbh] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [thtyuho] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [pnglpvv] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [icmwyug] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [acjmmix] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [firlicb] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [ynhinyo] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [haejycc] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [elelmed] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [ofvcswa] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [flpmfff] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [llxagsc] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [smkgjwo] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [hnhhbyv] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [mupghqa] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [aasmhqy] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [vmenagb] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [qbukitq] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [fabgicr] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [bdsvjtl] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [ccsettl] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [vxphddc] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [hvtorei] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [hasjfvf] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [dpfqwwi] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [prcadcw] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [jggjjws] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [trylsgb] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [nsbvayp] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [bbpjnya] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [jggkpys] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [iaxbsvq] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [tlaqqqe] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [mrbihrd] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [rcnbogm] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [gxatqnc] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [vtrlojw] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [qkdkdvw] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [fjicvet] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [hrxlkpo] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [xxadxqf] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [qfchecy] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [euoymhi] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [jhjwjsb] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [rppcysx] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [marjmgg] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [waibfsh] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [lhyojml] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [yoatngv] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [bidsviy] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [qtkgrhy] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [qhxvpof] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [cugujxg] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [mrxomxl] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [uwbhukq] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [fpbtclp] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [trarqhc] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [puvihku] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [alvrtwg] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [jpxvkau] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [mvvksrj] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [thndsvs] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ygqvhfq] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [wtqviey] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [aftfqvg] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [dlesnex] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [jddfqit] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [bjagefc] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [ciwmsxf] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [ovjhajg] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [reyuyha] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [aovuhph] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [bmuronc] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [hybhmcs] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [nfmgvpm] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [jvutcih] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [pqvwsiy] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [udovkvf] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [yqpxnlg] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [gfuoqtq] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [ltmkksr] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [jfnbqqi] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [bnyvmgt] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [gnmablx] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [wtyakwu] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [pujrrtn] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [qvubcjs] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ytertvt] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [asbncww] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [kdqdobt] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [tydofja] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [xmnyhwh] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [vmwhgnq] c:\windows\evshtvs.exe
O4 - HKCU\..\Run: [bvoxbcs] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [clgfixn] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [envibjr] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [ivnwvym] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [ukwnphi] c:\windows\xprbbku.exe
O4 - HKCU\..\Run: [kuselku] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [ciswnjf] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [uudlvec] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [sjhltxx] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [sthldxt] c:\windows\xprbbku.exe
O4 - HKCU\..\Run: [fafdvkn] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [ngmfbwg] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [wntrvgd] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [nahxabg] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [lljhodb] c:\windows\xprbbku.exe
O4 - HKCU\..\Run: [lwmxbxh] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [cswauhg] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [dqtbybs] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [qjeednu] c:\windows\atspjsi.exe
O4 - HKCU\..\Run: [qusejhe] c:\windows\xprbbku.exe
O4 - HKCU\..\Run: [ghjnokm] c:\windows\envkwem.exe
O4 - HKCU\..\Run: [vywunkf] c:\windows\hxivget.exe
O4 - HKCU\..\Run: [wlrokyn] c:\windows\cgrbhbo.exe
O4 - HKCU\..\Run: [akmohnx] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [xinjspk] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [xwtburd] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [alyfqgf] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [nbqhehg] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [ojatvcm] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [tfcahuf] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [ukykgvo] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [wujdnof] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [pbmvfbi] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [kqxnlfg] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [svalyrf] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [wskirfu] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [ryvdbag] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [rfbxlry] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [pjlunmn] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [fxhhtvs] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [riakvtw] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [gdxdqro] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [rwhiurf] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [aehkfdn] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [ekbqcfm] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [ymyofln] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [jcjwpvt] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [pfrfslv] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [gwobxmy] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [unphqlc] c:\windows\udoptue.exe
O4 - HKCU\..\Run: [kyfrwlb] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [wnhdorx] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [vtsnfqm] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [ldjunys] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [kmxjbwd] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [nflmncb] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [lqwfoog] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [lwiwkww] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [koiyafe] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [fixhixt] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [ttcxsex] c:\windows\cuoppvy.exe
O4 - HKCU\..\Run: [nhulild] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [ljopyxw] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [jptpafo] c:\windows\cuoppvy.exe
O4 - HKCU\..\Run: [sgrwtmc] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [aqchtpp] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [qhcegnn] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [qfrncax] c:\windows\cuoppvy.exe
O4 - HKCU\..\Run: [kjokfwi] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [ppockda] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [eyrhqki] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [tmcvqii] c:\windows\cuoppvy.exe
O4 - HKCU\..\Run: [wahisix] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [ahgyjfg] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [ngitdwv] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [hfwacgb] c:\windows\cuoppvy.exe
O4 - HKCU\..\Run: [ddrcrcx] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [xncpbic] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [gwjgkqj] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [nmcoock] c:\windows\cuoppvy.exe
O4 - HKCU\..\Run: [bnpjwov] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [etjbjme] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [hphpqux] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [peyqeua] c:\windows\cuoppvy.exe
O4 - HKCU\..\Run: [krshyfe] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [dlcmjsl] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [tntemtl] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [novrjuv] c:\windows\cuoppvy.exe
O4 - HKCU\..\Run: [eapsegr] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [hxkabgh] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [henteil] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [ncwihdi] c:\windows\cuoppvy.exe
O4 - HKCU\..\Run: [qmtqumr] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [njthkvi] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [afqjfrm] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [jynpxqw] c:\windows\cuopp
  • 0

Advertisements

#17
szwag
Posted 03 June 2005 - 12:53 AM

szwag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
and the rest

O4 - HKCU\..\Run: [jynpxqw] c:\windows\cuoppvy.exe
O4 - HKCU\..\Run: [speuejd] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [fijvqkg] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [vtlsruh] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [schhjli] c:\windows\cuoppvy.exe
O4 - HKCU\..\Run: [fccnbcn] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [mxwntdg] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [ubdciol] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [iansjme] c:\windows\cuoppvy.exe
O4 - HKCU\..\Run: [lytmpsh] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [ntljvby] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [oorvrpe] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [nrgtluh] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [cxvkhni] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [wdrimhu] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [fyrwwwt] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [ryvafur] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [lfayori] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [muhcofw] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [cqoiaho] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [bfbxwmy] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [lfijddy] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [upeluto] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [mpclfvq] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [avivjjm] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [kftkqdj] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [ljnyyay] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [nyegfkv] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [yugisfu] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [uyiiubc] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [fdovndx] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [gpbmvot] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [imxhaaf] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [aumerpq] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [gtokugq] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [hircnja] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [olgyted] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [xifdwtj] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [ejttcmb] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [lpdvhkj] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [vunthih] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [btykfqc] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [sjldueg] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [rlmqsql] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [qwrmqxr] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [hktlmwh] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [onstsgd] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [cslmnli] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [grsghbt] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [dpyjgcc] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [uvqisga] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [ongpplw] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [wsiwula] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [ufjoqcg] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [bxldmkd] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [vrdjeuj] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [dqhyrgl] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [ajrtyjy] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [mcrffof] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [wivujda] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [tcxmmon] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [ysdnljs] c:\windows\aaqsqux.exe
O4 - HKCU\..\Run: [yrpdjec] c:\windows\hrbniqj.exe
O4 - HKCU\..\Run: [rwdpwdh] c:\windows\kxcrtvl.exe
O4 - HKCU\..\Run: [dcchjmn] c:\windows\fmflxun.exe
O4 - HKCU\..\Run: [ivcrcbm] c:\windows\fmflxun.exe
O4 - HKCU\..\Run: [nuscqit] c:\windows\fmflxun.exe
O4 - HKCU\..\Run: [gjajmvk] c:\windows\fmflxun.exe
O4 - HKCU\..\Run: [dtfhawi] c:\windows\fmflxun.exe
O4 - HKCU\..\Run: [grbbkyu] c:\windows\fmflxun.exe
O4 - HKCU\..\Run: [mddiimc] c:\windows\wjbgjtj.exe
O4 - HKCU\..\Run: [tmvucfv] c:\windows\wjbgjtj.exe
O4 - HKCU\..\Run: [amrmkvo] c:\windows\wjbgjtj.exe
O4 - HKCU\..\Run: [mxxwetv] c:\windows\wjbgjtj.exe
O4 - HKCU\..\Run: [qynytlx] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [youjceu] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [apbytxc] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [ughnlgc] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [ilqniof] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [ymcpoba] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [iwidcbr] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [lcgiiqu] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [pgqjbmr] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [bwxyquo] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [npwqnms] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [gelbhey] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [tvdicji] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [uewywst] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [elhiamg] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [gmsuhuo] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [pwqpbsm] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [ubfdawt] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [lonvlsk] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [xikwnsy] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [kfobhnh] c:\windows\byqnbps.exe
O4 - HKCU\..\Run: [dmcpwgy] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [faxsoel] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [smoagyq] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [vkbwckw] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [fdprbmn] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [brieqil] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [xssfnif] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [cvlapyi] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [doinsiu] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [jrbkyuv] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [latbydj] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [ewgggnp] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [mwdtuph] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [tjlsxhh] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [apxoblb] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [wniasom] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [yoolirj] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [jodouna] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [nqnwwrt] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [fcpbpao] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [ojpkpmb] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [xmqwtco] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [hxpvnyo] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [hkwbncj] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [ogfxljl] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [eqcufir] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [ccmccpl] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [vmiujhp] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [biewiyr] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [rvwuujp] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [ketvykh] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [cpgwmid] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [vsqjpkn] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [nbmiwbd] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [ryshalh] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [ffuyucm] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [trycqyv] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [xjweitb] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [nqbssyv] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [htrgdos] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [ulgueds] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [aanucmb] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [qvsllmh] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [txragry] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [lydteou] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [kexcdrd] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [kpkumlg] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [ifqxejd] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [ohidjxb] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [aaflrho] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [selwlns] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [icumens] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [yaokfym] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [rncjonk] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [ldishhn] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [vxupgui] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [iocyfjy] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [uogxdyh] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [jejbneb] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [asfwcql] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [kaiiapq] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [eteeqma] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [nfqjloy] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [alceggd] c:\windows\ugerdhf.exe
O4 - HKCU\..\Run: [ocsjvnx] c:\windows\psydviu.exe
O4 - HKCU\..\Run: [wejjrxd] c:\windows\psydviu.exe
O4 - HKCU\..\Run: [bfbwklv] c:\windows\psydviu.exe
O4 - HKCU\..\Run: [rlhdhjd] c:\windows\psydviu.exe
O4 - HKCU\..\Run: [utffprk] c:\windows\psydviu.exe
O4 - HKCU\..\Run: [cmafuth] c:\windows\psydviu.exe
O4 - HKCU\..\Run: [rjetstd] c:\windows\psydviu.exe
O4 - HKCU\..\Run: [bxijrtn] c:\windows\psydviu.exe
O4 - HKCU\..\Run: [mttaexj] c:\windows\psydviu.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [qqheark] c:\windows\urfqisy.exe
O4 - HKCU\..\Run: [gebmoof] c:\windows\urfqisy.exe
O4 - HKCU\..\Run: [urapygw] c:\windows\urfqisy.exe
O4 - HKCU\..\Run: [afkjdul] c:\windows\urfqisy.exe
O4 - HKCU\..\Run: [wcnxmfv] c:\windows\urfqisy.exe
O4 - HKCU\..\Run: [uxoxycx] c:\windows\urfqisy.exe
O4 - HKCU\..\Run: [yklwpqh] c:\windows\urfqisy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117294761653
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

[edit]

Edited by bananafanafo, 03 June 2005 - 02:02 AM.

  • 0

#18
Michelle
Posted 03 June 2005 - 02:04 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
PLEASE tell me you didn't download that program from your e-mail?

There is no need to e-mail anyone, we will take care of everything here! Including removing the URLs from your favorites!

Please delete that e-mail and do not use that program...
  • 0

#19
szwag
Posted 03 June 2005 - 07:42 AM

szwag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Yes, I did. Unwanted favorite come back anyway.
I did run Active scan.


Incident Status Location

Adware:Adware/BrilliantDigitalNo disinfected C:\_RESTORE\ARCHIVE\FS268.CAB[A0177999.CPY]
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\system32\mlybaaaa.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\qedqxbc.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\kwgyaqy.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\udoptue.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\wjbgjtj.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\rpcfsss.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\byqnbps.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\ugerdhf.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\psydviu.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\hxivget.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\urfqisy.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\rigbdag.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\atspjsi.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\qiftnch.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\jdnyofo.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\sepxifw.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\jncpdrq.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\qnbkngi.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\eqahgnq.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\cedtywd.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\iubabiw.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\oooailo.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\nmuxpdw.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\luwjsgc.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\cnlmytc.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\fgoabxn.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\ykeafru.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\hrbniqj.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\aaqsqux.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\sxihexe.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\cgrbhbo.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\qbqngjs.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\uuwxhqc.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\envkwem.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\cuoppvy.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\kxcrtvl.exe
Adware:Adware/Startpage.XT No disinfected C:\WINDOWS\fmflxun.exe
Adware:Adware/Findspy No disinfected C:\Documents and Settings\mirek\Favorites\ Free Hidden Cams World - Realtime.url
Adware:Adware/Findspy No disinfected C:\Documents and Settings\mirek\Favorites\ Free Spy Cam - Realtime.url
Adware:Adware/Findspy No disinfected C:\Documents and Settings\mirek\Favorites\ FREE Access to 800 Paid sites.url
Have a good day
  • 0

#20
Michelle
Posted 03 June 2005 - 11:16 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
That's because the "uninstaller" they sent you was actually Trojan Startpage. You can't trust the people who infected to actually remove what they infected you with. We will do everything here, you just have to be patient because your system is a mess!
  • 0

#21
Michelle
Posted 03 June 2005 - 11:31 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Do me a favor and do not restart, shutdown or log off your computer unless specifically asked because these files might change names on us and we'll spend way longer on this than neccessary.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\system32\mlybaaaa.exe
C:\WINDOWS\qedqxbc.exe
C:\WINDOWS\kwgyaqy.exe
C:\WINDOWS\udoptue.exe
C:\WINDOWS\wjbgjtj.exe
C:\WINDOWS\rpcfsss.exe
C:\WINDOWS\byqnbps.exe
C:\WINDOWS\ugerdhf.exe
C:\WINDOWS\psydviu.exe
C:\WINDOWS\hxivget.exe
C:\WINDOWS\urfqisy.exe
C:\WINDOWS\rigbdag.exe
C:\WINDOWS\atspjsi.exe
C:\WINDOWS\qiftnch.exe
C:\WINDOWS\jdnyofo.exe
C:\WINDOWS\sepxifw.exe
C:\WINDOWS\jncpdrq.exe
C:\WINDOWS\qnbkngi.exe
C:\WINDOWS\eqahgnq.exe
C:\WINDOWS\cedtywd.exe
C:\WINDOWS\iubabiw.exe
C:\WINDOWS\oooailo.exe
C:\WINDOWS\nmuxpdw.exe
C:\WINDOWS\luwjsgc.exe
C:\WINDOWS\cnlmytc.exe
C:\WINDOWS\fgoabxn.exe
C:\WINDOWS\ykeafru.exe
C:\WINDOWS\hrbniqj.exe
C:\WINDOWS\aaqsqux.exe
C:\WINDOWS\sxihexe.exe
C:\WINDOWS\cgrbhbo.exe
C:\WINDOWS\qbqngjs.exe
C:\WINDOWS\uuwxhqc.exe
C:\WINDOWS\envkwem.exe
C:\WINDOWS\cuoppvy.exe
C:\WINDOWS\kxcrtvl.exe
C:\WINDOWS\fmflxun.exe
c:\windows\nmuxpdw.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it manually.

After reboot, Run HijackThis. Place a check next to the following items and click FIX CHECKED:

O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" (don't check this)

Everything from the above entry to the one below (Except SpySweeper):

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (don't check this)

Post a new HiJackThis log. And please remember do not reboot, shutdown, or log-off until instructed.
  • 0

#22
szwag
Posted 03 June 2005 - 01:08 PM

szwag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Sorry for doing the things I shuldn't be doing and thank you for getting back.
Is it possible I had to paste from Clipboard all files individually? - could see only one pasted there.


Logfile of HijackThis v1.99.1
Scan saved at 2:59:58 PM, on 06/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\mirek\My Documents\PrOgRaMs\HijackThis\HijackThis.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {38D2A281-0444-433C-9ED6-A2851795F32A} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Y357RXJ7g] penvol32.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [hmeufom] c:\windows\xprbbku.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [bxpgjyk] c:\windows\ystpmyx.exe
O4 - HKCU\..\Run: [ocxoyeb] c:\windows\ystpmyx.exe
O4 - HKCU\..\Run: [vjivrry] c:\windows\ystpmyx.exe
O4 - HKCU\..\Run: [eldipuh] c:\windows\ystpmyx.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117294761653
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  • 0

#23
Michelle
Posted 03 June 2005 - 01:44 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Looks much better!! If you highlight ALL of the file paths, then go to the Killbox File menu and choose the option "Paste from clipboard" it will paste the files in (you won't see all of them), there is no need to copy and paste each individual file. You did well! :tazz: just a couple of more to do!

I'll be right back ;)

Edited by bananafanafo, 03 June 2005 - 01:46 PM.

  • 0

#24
Michelle
Posted 03 June 2005 - 01:49 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

c:\windows\xprbbku.exe
c:\windows\ystpmyx.exe
C:\Windows\System32\penvol32.exe
C:\Windows\penvol32.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it manually.

After reboot, Run HijackThis. Place a check next to the following items and click FIX CHECKED:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm

O3 - Toolbar: (no name) - {38D2A281-0444-433C-9ED6-A2851795F32A} - (no file)

O4 - HKCU\..\Run: [Y357RXJ7g] penvol32.exe
O4 - HKCU\..\Run: [hmeufom] c:\windows\xprbbku.exe
O4 - HKCU\..\Run: [bxpgjyk] c:\windows\ystpmyx.exe
O4 - HKCU\..\Run: [ocxoyeb] c:\windows\ystpmyx.exe
O4 - HKCU\..\Run: [vjivrry] c:\windows\ystpmyx.exe
O4 - HKCU\..\Run: [eldipuh] c:\windows\ystpmyx.exe

Post a new HiJackThis log!

Edited by bananafanafo, 03 June 2005 - 01:50 PM.

  • 0

#25
szwag
Posted 03 June 2005 - 05:33 PM

szwag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Thank you. Is hmkluu.exe is the next to delete? The list is gettin shorter indeed.

Logfile of HijackThis v1.99.1
Scan saved at 7:26:38 PM, on 06/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\mirek\My Documents\PrOgRaMs\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [eyxdnar] c:\windows\hmkeluu.exe
O4 - HKCU\..\Run: [gidfrxb] c:\windows\hmkeluu.exe
O4 - HKCU\..\Run: [luvqrjm] c:\windows\hmkeluu.exe
O4 - HKCU\..\Run: [isalugt] c:\windows\hmkeluu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117294761653
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  • 0

Advertisements

#26
Michelle
Posted 03 June 2005 - 07:48 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You are correct!

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

c:\windows\hmkeluu.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it manually.

After reboot, Run HijackThis. Place a check next to the following items and click FIX CHECKED:

O4 - HKCU\..\Run: [eyxdnar] c:\windows\hmkeluu.exe
O4 - HKCU\..\Run: [gidfrxb] c:\windows\hmkeluu.exe
O4 - HKCU\..\Run: [luvqrjm] c:\windows\hmkeluu.exe
O4 - HKCU\..\Run: [isalugt] c:\windows\hmkeluu.exe

Post a new HiJackThis log!
  • 0

#27
szwag
Posted 03 June 2005 - 09:05 PM

szwag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Thank you for getting back so quickly.

I did not have abcsearch4u when opening internet for last few hrs but now I do.
I can see new files to get rid off -

I have some questions.
1. Is it OK to load msn messenger and change the setting for this program /hp, search.../?
2.Before rebooting I'm gettig the window with the info about "End-Program Win Min
- this program is not responding" and in order to proceed I have to click on "end Now" all the times.
3. I ran Spy Sweper - I did not change anything - I've got alerts about new programs when restarting. Some of them look bad. Aren't they?
bxpjyk
ocxoyeb
vjirry
eldipuh
eyxdner
luvgrjm
isalugt
jynetwu
iiwqwy
dgrsgql
iujhkno
tttdirp
qwswmai
ljljbt
bbftodt
jjintu
fvlqvne
pcklkmo
lpqgxwv
pcyqvoy
xcyxruf

Logfile of HijackThis v1.99.1
Scan saved at 10:45:52 PM, on 06/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\windows\yketteq.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\mirek\My Documents\PrOgRaMs\HijackThis\HijackThis.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [loaxrlc] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [jynetvu] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [iiiwgwy] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [dgrsggl] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [iujhkno] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [tttdirp] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [qwswmai] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [ljljnbt] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [bbftodt] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [jjinjtu] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [fvlgvhe] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [flviywi] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [pcklkmo] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [lpqgxwv] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [pcyqvoy] c:\windows\uvxbans.exe
O4 - HKCU\..\Run: [xcyxruf] c:\windows\uvxbans.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117294761653
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  • 0

#28
Michelle
Posted 03 June 2005 - 10:02 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Yep, those are bad!

Ok, let's try this. Please avoid surfing the Internet and do not shutdown your computer until instructed, please.

Run HijackThis Place a check next to the following items and clikc FIX CHECKED:

O4 - HKCU\..\Run: [loaxrlc] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [jynetvu] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [iiiwgwy] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [dgrsggl] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [iujhkno] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [tttdirp] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [qwswmai] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [ljljnbt] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [bbftodt] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [jjinjtu] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [fvlgvhe] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [flviywi] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [pcklkmo] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [lpqgxwv] c:\windows\yketteq.exe
O4 - HKCU\..\Run: [pcyqvoy] c:\windows\uvxbans.exe
O4 - HKCU\..\Run: [xcyxruf] c:\windows\uvxbans.exe

Close HijackThis.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

c:\windows\yketteq.exe
c:\windows\uvxbans.exe
c:\windows\bxpjyk.exe
c:\windows\ocxoyeb.exe
c:\windows\vjirry.exe
c:\windows\eldipuh.exe
c:\windows\eyxdner.exe
c:\windows\luvgrjm.exe
c:\windows\isalugt.exe
c:\windows\jynetwu.exe
c:\windows\iiwqwy.exe
c:\windows\dgrsgql.exe
c:\windows\iujhkno.exe
c:\windows\tttdirp.exe
c:\windows\qwswmai.exe
c:\windows\ljljbt.exe
c:\windows\bbftodt.exe
c:\windows\jjintu.exe
c:\windows\fvlqvne.exe
c:\windows\pcklkmo.exe
c:\windows\lpqgxwv.exe
c:\windows\pcyqvoy.exe
c:\windows\xcyxruf.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, post a new HiJackThis log.
  • 0

#29
szwag
Posted 03 June 2005 - 10:59 PM

szwag

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi again,

Logfile of HijackThis v1.99.1
Scan saved at 12:56:08 AM, on 06/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\HPHipm11.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\mirek\My Documents\PrOgRaMs\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AskCosmo! - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1117294761653
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe


Thank you
  • 0

#30
Michelle
Posted 04 June 2005 - 02:05 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Finally! Hope those files don't come back!

Run HijackThis. Place a check next to the following items and click FIX CHECKED:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm

Close HiJackThis.

Using Windows Explorer, please delete the items in bold:

C:\Documents and Settings\mirek\Favorites\ FREE Access to 800 Paid sites.url
C:\Documents and Settings\mirek\Favorites\ Free Hidden Cams World - Realtime.url
C:\Documents and Settings\mirek\Favorites\ Free Spy Cam - Realtime.url
C:\Documents and Settings\mirek\Favorites\ FREE Access to 800 Paid sites.url
C:\WINDOWS\system32\feqbufsc.exe

Reboot and post another HiJackThis log!

Edited by bananafanafo, 04 June 2005 - 02:10 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP