Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HiJackThis Log ... Help Please

Started by HardcoreZ28 , May 31 2005 02:08 PM

  • Please log in to reply

#1
HardcoreZ28
Posted 31 May 2005 - 02:08 PM

HardcoreZ28

    Member

  • Member
  • PipPip
  • 20 posts
Ok I'm new here so bear with me....I'm not the most computer savvy person. I followed a user from this boards instructions however it didn't completely fix my problems.

Here's a bried synopsis of what I did:
Removed Search Maid, Virtual Maid, Log Files, Security IGuard.
Merged a new registry file in
Installed a DelDomains.inf file to remove all trusted zone and ranges entries
Ran clean up
Tried to run ActiveScan....kept freezing up before it could finish....my computer is horrible but I can't afford a new one yet.

Below is my Hijackthis log it's huge. Please let me know if you can help. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 3:30:44 PM, on 5/31/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MPRMMON.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\M2AUDMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SERVICES\{DB0E7598-E1CC-4D6A-9113-7AF8A7C1CBDA}\SVCHOST.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE
C:\AIM95\AIM.EXE
C:\WINDOWS\SLPRQBO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\AT&T\WNS\PROGRAMS\CONNECT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://window-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://window-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...index.php?aff=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://window-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://window-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\PROGRAM FILES\AIM TOOLBAR\AIMHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mmpti] C:\WINDOWS\SYSTEM\m1mmpti.exe
O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\asp4setp.exe 3
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\Services\{DB0E7598-E1CC-4D6A-9113-7AF8A7C1CBDA}\SVCHOST.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [rmmon] C:\WINDOWS\SYSTEM\mprmmon.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKCU\..\Run: [AIM] C:\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [alflufq] c:\windows\wfgekyo.exe
O4 - HKCU\..\Run: [mcfspio] c:\windows\wfgekyo.exe
O4 - HKCU\..\Run: [ylqgiws] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [abdqwqf] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [qdoxrkg] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [cthmgox] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [ahnqmck] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [cpxolgk] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [weabvcq] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [iuhmsvo] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [nnowyah] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [ybnnqen] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [ocbwsjh] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [xiarmot] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [jjigxcm] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [jnjuvfi] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [dqnyfti] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [twxygyi] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [qirwkmi] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [sgykxvb] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [hrosoxw] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [yfgmivt] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [yuavkru] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [ibkghxw] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [fvdslcl] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [wgoylhu] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [gtsjred] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [bgvjqik] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [iemrsxm] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [xpetqhs] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [qnscreb] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [kgvagux] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [durxwpd] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [fbuqkmg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [tilauat] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hdttteb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dasvsyw] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [mrglsrt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [svstaht] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [pkmhjbi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dkkpytf] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [oqcyuou] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [irucedd] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [einbidj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [esxehld] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [cvehnmc] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ucxotnh] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [upajnfw] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ayhwpbq] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [sixoklp] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [aigybni] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ykngmpy] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vuvjtac] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ashgutv] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [jjnopsm] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [jtssmvl] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [nqoytnr] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [jysjoun] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [rnnmqao] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dmrvhhp] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [easqkpw] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ddxqcor] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [igforij] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [qrgcdvj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [kibmknw] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [gueshon] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vtltpha] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [mpqgtpu] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [etjshqa] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [kgrhkfj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hqlinvo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [kfvyiqo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [qqyuiac] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [xofieuo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ssxwvbj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [gvxpfpj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ehbxkbc] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [puignco] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [mowtaro] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vbqrdmj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hudtehj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ukbdpxp] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [biubrxi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [bdswaes] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [omodrce] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [iybwsxa] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vhewlfo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [owmkugu] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [puwuoeb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hxflkjq] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hqyoxoe] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [xjcyqsu] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wxgvwnk] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ehdxcpl] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ugxsnsn] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [llaeppf] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wkaxaxt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [pglwgxs] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [obgsqma] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [fmrnuoc] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vxyeqqi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [nvhlfer] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ocuminh] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wgpsduq] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [rxwsufj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wvsmgmu] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [oyqyket] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [thcyion] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [flarpbr] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [sejvjwl] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [xrmiivg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [qwluxwm] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [rnjkgeb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dtkmiey] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [rebvdcc] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [snordio] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [aehpdwn] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [bfntnhn] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [icqnkwt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [tvkvtpt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [oxvrmme] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hkanyjg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wnkxdqi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [saftigg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hoetpud] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [nigifbt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [uoyntsv] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vpedpiy] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [isexndk] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dqiohor] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [veqwbes] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [qiufcgb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [iromgtb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ekfvpby] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dpetcli] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [spgvmgd] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [bbtbiqs] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [jvlwamk] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wlukbbg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wfxuwey] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [njwtegd] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [xujapja] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [pwasjet] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [teuxpdt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wvonsbi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [otscqem] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wuujnmn] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [efyfejo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [iclhdtn] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [knbxyxd] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [vhptqrp] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [tlinqyo] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [ieutnqv] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [tptwwhe] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [joigwgd] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [dfyuxrj] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [mjbbksr] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [pmguvxd] c:\windows\fwrmusx.exe
O4 - HKCU\..\Run: [eatjltw] c:\windows\fwrmusx.exe
O4 - HKCU\..\Run: [fweopll] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [tmogpqt] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [gbnohtu] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [mmushav] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [wbijbvq] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [usajwie] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [nmaikpw] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [ijplgdt] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [pteorpp] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [lfwyilc] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [xsmsoxd] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [mqyypfx] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [llthgug] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [aokfmqg] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [rrefexb] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [oblcsda] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [skeodtk] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [lvmxylh] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [vpyvgqc] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [orqkkcf] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [issmfpf] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [ekhrhec] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [juyliaj] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [xupjuiq] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [euwnybl] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [wnlctjf] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [vgwpndv] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [mjakmra] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [peengye] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [rarvqpk] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [rjibgjv] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [dlruasw] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sjpmspn] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [yfcxftf] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [pfuvfoq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ijyqwgt] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [odqppyg] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ftwpoao] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [yqlnhro] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [jqjvstc] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [jbtmlve] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [tdcyous] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [lgsrmwv] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bkvexoo] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [eubkjjr] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [jtqxbfs] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ypvyijp] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [akwvxpj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [agtuaeq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [eaqpxse] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [liohkdx] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ukxshfl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [wttjhaq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [npxecer] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sniydqk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sdqmprx] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sjdhpok] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fqggmdi] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [moautoq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [swqtjdq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fbjhrxj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [xbbcata] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [eufkmmm] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ofskbbm] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [tqaekma] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sjqqipy] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [aesiymq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [knjotaw] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [qkyownj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [pjsvwae] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [vaygqwc] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bwcyplf] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [oualjwk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ovwuxbu] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [eqkeobk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [stbdefi] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [xgeddsl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ngwxjds] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ybaoguh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [cmikuiw] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [qnfplcs] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ihgdqot] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [spsqqka] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [benjjtu] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ysbomuq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ovqbtng] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ivumgcu] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [wfytixs] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [qyhsjwk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ojighmo] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [byjfrsk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bdjakmm] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [rtjxyog] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ltmjcxi] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [kqufbph] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [deeyxcn] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [kcjlvod] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [tcwhkfb] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [escinbh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [vbxokvg] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [hvfakgv] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [uddivcn] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [hwmamda] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [wowrpjo] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [wpeblvv] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [gcdnemd] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ugqnjkd] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [xhhmobh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [yhiaonh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fkorhcl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [teifqkb] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [okwmkcp] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fvwiqwt] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fiiriep] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [gysnure] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fdixiyl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fauudpq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bpaojfs] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fjwieei] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [asqtoga] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [owershk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ugeuklj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [lneawxj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [xvqxgeb] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ormwpbh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [qeyjnva] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [plruyyk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [lmlqlmo] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [jmgdaen] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [atnelni] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bvsuaxl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [tprjayx] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [vwgravj] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [kxypsco] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [qwywomh] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [uklaxfl] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [rrciifw] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [ftaovkd] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [nboduvn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [dygprwi] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [mqqrtxi] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [atsmdhh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [unhwxag] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ynfckjn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [dqqqmvx] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [heijcvy] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [vlpnypt] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [vyjglyc] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jmngwvm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [luxoaoh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ousfbvn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [wsroodn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ectvdcv] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jtioniw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [mostdei] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qyjagri] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [xysnebt] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ryfsovj] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ovnodmk] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [trysctb] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [bjtoiwx] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hivyxrk] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [gexanlh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ewcuebb] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hpveqmr] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [quhloul] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [gomgulq] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [rvnxlcq] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hctejqd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [gqbgfhu] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qulbwyn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [mfebjhw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [wmyujhb] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ftgdoyn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [sqqgkrw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ifvbgho] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qbnhors] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [lpmcyij] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [axpoluw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [gxgnmye] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [juyljpc] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jnqeusr] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [yrfgrxq] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ujdjkvs] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hnkqfmk] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [cbccstn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [kqwuyqd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qsunhau] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [sehftrl] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [bujxjgh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [sckpvjh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [umoqdon] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [lalhqpf] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jygvpmw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [pdwrtsv] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hsfvwrk] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [epalqwd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [girrbnr] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jasjrse] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [lhgexrf] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [uihjgpq] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [nmquoeg] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hekyowm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jtspnmd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [divqcon] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [aagqnkm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [fnsjokm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [kcdnkpn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [eshiign] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [wrkmjil] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [unjyrmm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [pfmmxkx] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [kxgqfgm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hsdbcnj] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [fmdcfjh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ytcwrfx] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qritihd] c:\windows\jdginua.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM95\AIM.EXE
O9 - Extra button: Netnews - {E9362460-1255-11D9-A537-0000F4B37811} - news:worldnet.help.new-users (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.n...080/java/cr.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102...hm::/update.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

Advertisements

#2
Metallica
Posted 01 June 2005 - 08:06 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Click here to download pskill.zip
http://www.sysintern...iles/pskill.zip

Extract pskill.exe to your system32 folder. It is a zip and the exe must be extracted to system32 for this to have any chance of working.

------------------------------
Download and Save Spywad Remove.zip to your C:\ Directory from this link:

http://spywarewarrio...ywad_Remove.zip


Open C:\ (Go to Start>Run and type C: Press enter) and extract the Spywad Folder from Spywad Remove.zip to C:\. This will create a folder --
C:\Spywad Remove. Open the folder. Double click on Remove Spywad.vbs If you have script blocking enabled you will get a warning about a malicious script. Please allow this script to run. It is not malicious.

It will open an Input box. Type the full path and file name of the running process:
C:\WINDOWS\SLPRQBO.EXE
In the dialog box.


The script will kill that process, backup and then delete any matching files in System32 and your Windows Directory. It will create a log of all files deleted. This log file will be named Spywad.txt and be located inside the C:\Spywad Remove Folder. The backups will also be located in two subfolders there. One named Systems and the other named Window.

The script will search the Windows Directory and delete desktop.html and popup.html if they exist. It will add entries to the log if these files are found and deleted.

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.

It will restart Explorer.


** Script Does not remove the orphaned run entries.

Finally, it will Run hijackthis so that you can remove the orphaned run entries and anything else as instructed by your Advisor on the forums.

-------------------------
When finished, post the contents of Spywad.txt and a new Hijackthis log.

If the files deleted are all found to be part of the infection and nothing important has been deleted, you will be instructed to delete the entire Spywad Remove Folder after you have cleaned up all other User Profiles on that system.


Once you have performed the big cleanup, each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.

I have included another vbs to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

Then check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://window-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://window-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...index.php?aff=9

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://window-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://window-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htm

O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\Services\{DB0E7598-E1CC-4D6A-9113-7AF8A7C1CBDA}\SVCHOST.EXE

O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe

O4 - HKCU\..\Run: [alflufq] c:\windows\wfgekyo.exe
O4 - HKCU\..\Run: [mcfspio] c:\windows\wfgekyo.exe
O4 - HKCU\..\Run: [ylqgiws] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [abdqwqf] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [qdoxrkg] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [cthmgox] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [ahnqmck] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [cpxolgk] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [weabvcq] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [iuhmsvo] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [nnowyah] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [ybnnqen] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [ocbwsjh] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [xiarmot] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [jjigxcm] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [jnjuvfi] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [dqnyfti] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [twxygyi] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [qirwkmi] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [sgykxvb] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [hrosoxw] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [yfgmivt] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [yuavkru] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [ibkghxw] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [fvdslcl] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [wgoylhu] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [gtsjred] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [bgvjqik] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [iemrsxm] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [xpetqhs] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [qnscreb] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [kgvagux] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [durxwpd] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [fbuqkmg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [tilauat] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hdttteb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dasvsyw] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [mrglsrt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [svstaht] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [pkmhjbi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dkkpytf] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [oqcyuou] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [irucedd] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [einbidj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [esxehld] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [cvehnmc] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ucxotnh] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [upajnfw] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ayhwpbq] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [sixoklp] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [aigybni] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ykngmpy] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vuvjtac] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ashgutv] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [jjnopsm] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [jtssmvl] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [nqoytnr] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [jysjoun] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [rnnmqao] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dmrvhhp] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [easqkpw] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ddxqcor] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [igforij] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [qrgcdvj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [kibmknw] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [gueshon] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vtltpha] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [mpqgtpu] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [etjshqa] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [kgrhkfj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hqlinvo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [kfvyiqo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [qqyuiac] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [xofieuo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ssxwvbj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [gvxpfpj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ehbxkbc] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [puignco] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [mowtaro] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vbqrdmj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hudtehj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ukbdpxp] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [biubrxi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [bdswaes] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [omodrce] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [iybwsxa] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vhewlfo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [owmkugu] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [puwuoeb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hxflkjq] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hqyoxoe] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [xjcyqsu] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wxgvwnk] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ehdxcpl] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ugxsnsn] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [llaeppf] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wkaxaxt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [pglwgxs] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [obgsqma] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [fmrnuoc] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vxyeqqi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [nvhlfer] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ocuminh] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wgpsduq] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [rxwsufj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wvsmgmu] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [oyqyket] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [thcyion] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [flarpbr] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [sejvjwl] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [xrmiivg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [qwluxwm] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [rnjkgeb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dtkmiey] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [rebvdcc] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [snordio] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [aehpdwn] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [bfntnhn] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [icqnkwt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [tvkvtpt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [oxvrmme] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hkanyjg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wnkxdqi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [saftigg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hoetpud] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [nigifbt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [uoyntsv] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vpedpiy] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [isexndk] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dqiohor] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [veqwbes] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [qiufcgb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [iromgtb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ekfvpby] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dpetcli] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [spgvmgd] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [bbtbiqs] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [jvlwamk] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wlukbbg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wfxuwey] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [njwtegd] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [xujapja] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [pwasjet] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [teuxpdt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wvonsbi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [otscqem] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wuujnmn] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [efyfejo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [iclhdtn] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [knbxyxd] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [vhptqrp] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [tlinqyo] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [ieutnqv] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [tptwwhe] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [joigwgd] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [dfyuxrj] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [mjbbksr] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [pmguvxd] c:\windows\fwrmusx.exe
O4 - HKCU\..\Run: [eatjltw] c:\windows\fwrmusx.exe
O4 - HKCU\..\Run: [fweopll] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [tmogpqt] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [gbnohtu] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [mmushav] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [wbijbvq] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [usajwie] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [nmaikpw] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [ijplgdt] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [pteorpp] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [lfwyilc] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [xsmsoxd] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [mqyypfx] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [llthgug] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [aokfmqg] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [rrefexb] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [oblcsda] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [skeodtk] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [lvmxylh] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [vpyvgqc] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [orqkkcf] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [issmfpf] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [ekhrhec] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [juyliaj] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [xupjuiq] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [euwnybl] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [wnlctjf] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [vgwpndv] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [mjakmra] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [peengye] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [rarvqpk] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [rjibgjv] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [dlruasw] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sjpmspn] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [yfcxftf] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [pfuvfoq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ijyqwgt] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [odqppyg] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ftwpoao] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [yqlnhro] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [jqjvstc] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [jbtmlve] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [tdcyous] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [lgsrmwv] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bkvexoo] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [eubkjjr] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [jtqxbfs] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ypvyijp] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [akwvxpj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [agtuaeq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [eaqpxse] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [liohkdx] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ukxshfl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [wttjhaq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [npxecer] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sniydqk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sdqmprx] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sjdhpok] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fqggmdi] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [moautoq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [swqtjdq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fbjhrxj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [xbbcata] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [eufkmmm] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ofskbbm] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [tqaekma] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sjqqipy] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [aesiymq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [knjotaw] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [qkyownj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [pjsvwae] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [vaygqwc] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bwcyplf] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [oualjwk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ovwuxbu] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [eqkeobk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [stbdefi] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [xgeddsl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ngwxjds] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ybaoguh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [cmikuiw] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [qnfplcs] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ihgdqot] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [spsqqka] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [benjjtu] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ysbomuq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ovqbtng] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ivumgcu] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [wfytixs] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [qyhsjwk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ojighmo] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [byjfrsk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bdjakmm] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [rtjxyog] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ltmjcxi] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [kqufbph] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [deeyxcn] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [kcjlvod] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [tcwhkfb] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [escinbh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [vbxokvg] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [hvfakgv] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [uddivcn] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [hwmamda] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [wowrpjo] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [wpeblvv] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [gcdnemd] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ugqnjkd] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [xhhmobh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [yhiaonh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fkorhcl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [teifqkb] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [okwmkcp] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fvwiqwt] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fiiriep] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [gysnure] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fdixiyl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fauudpq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bpaojfs] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fjwieei] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [asqtoga] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [owershk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ugeuklj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [lneawxj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [xvqxgeb] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ormwpbh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [qeyjnva] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [plruyyk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [lmlqlmo] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [jmgdaen] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [atnelni] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bvsuaxl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [tprjayx] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [vwgravj] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [kxypsco] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [qwywomh] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [uklaxfl] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [rrciifw] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [ftaovkd] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [nboduvn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [dygprwi] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [mqqrtxi] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [atsmdhh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [unhwxag] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ynfckjn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [dqqqmvx] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [heijcvy] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [vlpnypt] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [vyjglyc] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jmngwvm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [luxoaoh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ousfbvn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [wsroodn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ectvdcv] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jtioniw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [mostdei] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qyjagri] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [xysnebt] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ryfsovj] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ovnodmk] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [trysctb] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [bjtoiwx] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hivyxrk] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [gexanlh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ewcuebb] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hpveqmr] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [quhloul] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [gomgulq] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [rvnxlcq] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hctejqd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [gqbgfhu] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qulbwyn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [mfebjhw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [wmyujhb] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ftgdoyn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [sqqgkrw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ifvbgho] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qbnhors] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [lpmcyij] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [axpoluw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [gxgnmye] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [juyljpc] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jnqeusr] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [yrfgrxq] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ujdjkvs] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hnkqfmk] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [cbccstn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [kqwuyqd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qsunhau] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [sehftrl] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [bujxjgh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [sckpvjh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [umoqdon] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [lalhqpf] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jygvpmw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [pdwrtsv] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hsfvwrk] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [epalqwd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [girrbnr] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jasjrse] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [lhgexrf] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [uihjgpq] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [nmquoeg] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hekyowm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jtspnmd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [divqcon] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [aagqnkm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [fnsjokm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [kcdnkpn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [eshiign] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [wrkmjil] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [unjyrmm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [pfmmxkx] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [kxgqfgm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hsdbcnj] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [fmdcfjh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ytcwrfx] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qritihd] c:\windows\jdginua.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102...hm::/update.exe


After everything has been fixed, and you want to reset your wallpaper, open Display Properties > Desktop Tab. Choose a Wallpaper and apply. Close Display Properties. To see the change, click on the desktop and press F5.

Regards,
  • 0

#3
HardcoreZ28
Posted 01 June 2005 - 08:24 AM

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks a lot. I will give this a try after work today and post the new log and other file results tonight or tomorrow morning.
  • 0

#4
Metallica
Posted 01 June 2005 - 08:28 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
OK. I'll have a look after you posted a new log.

Regards,
  • 0

#5
HardcoreZ28
Posted 01 June 2005 - 09:42 AM

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
One question I have after reading your instructions

"I have included another vbs to do this. It is named Other Profiles Regfix.vbs"

Is this in spywad or should there be a link to another program?

Thanks.
  • 0

#6
Metallica
Posted 01 June 2005 - 11:30 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
That is in the spywad.zip

The first script to use is called "Remove Spywad.vbs"
The second one is "Other Profiles Regfix.vbs"

Regards,
  • 0

#7
HardcoreZ28
Posted 01 June 2005 - 03:32 PM

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Pieter.....I'm at home now trying to go through the process you described, however I have a problem. When I run spywad remove and type in C:\WINDOWS\SLPRQBO.EXE is comes up as "cannot find".

Any idea why?
  • 0

#8
Metallica
Posted 02 June 2005 - 12:33 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Did you reboot after you posted the log?

It could have been replaced with a new process.

You can also try to copy & paste the full path and filename from my post

Regards,
  • 0

#9
HardcoreZ28
Posted 02 June 2005 - 06:58 AM

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Yeah I definitely rebooted after I posted my log. Let me know if I should post another log during my lunch break today and I'll leave the computer on until I get home again tonight so nothing is changed. Sorry didn't realize rebooting is an issue.
  • 0

#10
Metallica
Posted 02 June 2005 - 07:25 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
It isn't always, so there is no way you could have known.

Post a new log and I'll have a look as quickly as possible.

Regards,
  • 0

Advertisements

#11
HardcoreZ28
Posted 02 June 2005 - 07:31 AM

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks....I'll have one up in about 3 hours....hopefully you'll be around...not sure what the time difference is between you and I.
  • 0

#12
Metallica
Posted 02 June 2005 - 07:38 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
In three hours it'll be about 18.30 for me and I wil be having diner, but I usually get back on around 20.00 so I'll see it then.

Regards,
  • 0

#13
HardcoreZ28
Posted 02 June 2005 - 11:19 AM

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok here's the most recent log. Hopefully my computer doesn't freeze up before I get home tonight....it has a habit of doing that, but most often when it's left online, which it isn't now.

Logfile of HijackThis v1.99.1
Scan saved at 12:17:22 PM, on 6/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MPRMMON.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
C:\WINDOWS\SYSTEM\M2AUDMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SERVICES\{DB0E7598-E1CC-4D6A-9113-7AF8A7C1CBDA}\SVCHOST.EXE
C:\WINDOWS\WFGEKYO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://window-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://window-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksear...index.php?aff=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://window-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://window-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: AIM Helper - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\PROGRAM FILES\AIM TOOLBAR\AIMHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [mmpti] C:\WINDOWS\SYSTEM\m1mmpti.exe
O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\asp4setp.exe 3
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Dcfssvc] C:\WINDOWS\System32\Drivers\dcfssvc.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\Services\{DB0E7598-E1CC-4D6A-9113-7AF8A7C1CBDA}\SVCHOST.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [_AntiSpyware] C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MssCli.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [rmmon] C:\WINDOWS\SYSTEM\mprmmon.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKCU\..\Run: [AIM] C:\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [alflufq] c:\windows\wfgekyo.exe
O4 - HKCU\..\Run: [mcfspio] c:\windows\wfgekyo.exe
O4 - HKCU\..\Run: [ylqgiws] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [abdqwqf] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [qdoxrkg] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [cthmgox] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [ahnqmck] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [cpxolgk] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [weabvcq] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [iuhmsvo] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [nnowyah] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [ybnnqen] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [ocbwsjh] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [xiarmot] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [jjigxcm] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [jnjuvfi] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [dqnyfti] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [twxygyi] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [qirwkmi] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [sgykxvb] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [hrosoxw] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [yfgmivt] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [yuavkru] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [ibkghxw] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [fvdslcl] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [wgoylhu] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [gtsjred] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [bgvjqik] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [iemrsxm] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [xpetqhs] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [qnscreb] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [kgvagux] c:\windows\slprqbo.exe
O4 - HKCU\..\Run: [durxwpd] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [fbuqkmg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [tilauat] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hdttteb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dasvsyw] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [mrglsrt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [svstaht] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [pkmhjbi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dkkpytf] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [oqcyuou] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [irucedd] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [einbidj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [esxehld] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [cvehnmc] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ucxotnh] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [upajnfw] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ayhwpbq] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [sixoklp] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [aigybni] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ykngmpy] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vuvjtac] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ashgutv] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [jjnopsm] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [jtssmvl] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [nqoytnr] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [jysjoun] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [rnnmqao] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dmrvhhp] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [easqkpw] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ddxqcor] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [igforij] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [qrgcdvj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [kibmknw] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [gueshon] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vtltpha] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [mpqgtpu] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [etjshqa] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [kgrhkfj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hqlinvo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [kfvyiqo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [qqyuiac] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [xofieuo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ssxwvbj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [gvxpfpj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ehbxkbc] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [puignco] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [mowtaro] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vbqrdmj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hudtehj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ukbdpxp] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [biubrxi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [bdswaes] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [omodrce] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [iybwsxa] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vhewlfo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [owmkugu] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [puwuoeb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hxflkjq] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hqyoxoe] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [xjcyqsu] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wxgvwnk] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ehdxcpl] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ugxsnsn] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [llaeppf] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wkaxaxt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [pglwgxs] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [obgsqma] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [fmrnuoc] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vxyeqqi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [nvhlfer] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ocuminh] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wgpsduq] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [rxwsufj] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wvsmgmu] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [oyqyket] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [thcyion] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [flarpbr] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [sejvjwl] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [xrmiivg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [qwluxwm] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [rnjkgeb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dtkmiey] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [rebvdcc] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [snordio] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [aehpdwn] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [bfntnhn] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [icqnkwt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [tvkvtpt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [oxvrmme] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hkanyjg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wnkxdqi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [saftigg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [hoetpud] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [nigifbt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [uoyntsv] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [vpedpiy] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [isexndk] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dqiohor] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [veqwbes] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [qiufcgb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [iromgtb] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [ekfvpby] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [dpetcli] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [spgvmgd] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [bbtbiqs] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [jvlwamk] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wlukbbg] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wfxuwey] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [njwtegd] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [xujapja] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [pwasjet] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [teuxpdt] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wvonsbi] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [otscqem] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [wuujnmn] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [efyfejo] c:\windows\lbxwkds.exe
O4 - HKCU\..\Run: [iclhdtn] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [knbxyxd] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [vhptqrp] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [tlinqyo] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [ieutnqv] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [tptwwhe] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [joigwgd] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [dfyuxrj] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [mjbbksr] c:\windows\ucletmv.exe
O4 - HKCU\..\Run: [pmguvxd] c:\windows\fwrmusx.exe
O4 - HKCU\..\Run: [eatjltw] c:\windows\fwrmusx.exe
O4 - HKCU\..\Run: [fweopll] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [tmogpqt] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [gbnohtu] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [mmushav] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [wbijbvq] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [usajwie] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [nmaikpw] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [ijplgdt] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [pteorpp] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [lfwyilc] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [xsmsoxd] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [mqyypfx] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [llthgug] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [aokfmqg] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [rrefexb] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [oblcsda] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [skeodtk] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [lvmxylh] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [vpyvgqc] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [orqkkcf] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [issmfpf] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [ekhrhec] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [juyliaj] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [xupjuiq] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [euwnybl] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [wnlctjf] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [vgwpndv] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [mjakmra] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [peengye] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [rarvqpk] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [rjibgjv] c:\windows\ghnewkh.exe
O4 - HKCU\..\Run: [dlruasw] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sjpmspn] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [yfcxftf] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [pfuvfoq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ijyqwgt] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [odqppyg] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ftwpoao] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [yqlnhro] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [jqjvstc] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [jbtmlve] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [tdcyous] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [lgsrmwv] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bkvexoo] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [eubkjjr] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [jtqxbfs] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ypvyijp] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [akwvxpj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [agtuaeq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [eaqpxse] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [liohkdx] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ukxshfl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [wttjhaq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [npxecer] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sniydqk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sdqmprx] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sjdhpok] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fqggmdi] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [moautoq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [swqtjdq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fbjhrxj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [xbbcata] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [eufkmmm] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ofskbbm] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [tqaekma] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [sjqqipy] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [aesiymq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [knjotaw] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [qkyownj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [pjsvwae] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [vaygqwc] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bwcyplf] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [oualjwk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ovwuxbu] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [eqkeobk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [stbdefi] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [xgeddsl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ngwxjds] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ybaoguh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [cmikuiw] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [qnfplcs] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ihgdqot] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [spsqqka] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [benjjtu] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ysbomuq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ovqbtng] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ivumgcu] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [wfytixs] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [qyhsjwk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ojighmo] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [byjfrsk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bdjakmm] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [rtjxyog] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ltmjcxi] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [kqufbph] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [deeyxcn] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [kcjlvod] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [tcwhkfb] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [escinbh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [vbxokvg] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [hvfakgv] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [uddivcn] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [hwmamda] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [wowrpjo] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [wpeblvv] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [gcdnemd] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ugqnjkd] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [xhhmobh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [yhiaonh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fkorhcl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [teifqkb] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [okwmkcp] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fvwiqwt] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fiiriep] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [gysnure] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fdixiyl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fauudpq] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bpaojfs] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [fjwieei] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [asqtoga] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [owershk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ugeuklj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [lneawxj] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [xvqxgeb] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [ormwpbh] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [qeyjnva] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [plruyyk] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [lmlqlmo] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [jmgdaen] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [atnelni] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [bvsuaxl] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [tprjayx] c:\windows\dfwihrl.exe
O4 - HKCU\..\Run: [vwgravj] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [kxypsco] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [qwywomh] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [uklaxfl] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [rrciifw] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [ftaovkd] c:\windows\tpqtllm.exe
O4 - HKCU\..\Run: [nboduvn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [dygprwi] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [mqqrtxi] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [atsmdhh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [unhwxag] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ynfckjn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [dqqqmvx] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [heijcvy] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [vlpnypt] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [vyjglyc] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jmngwvm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [luxoaoh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ousfbvn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [wsroodn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ectvdcv] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jtioniw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [mostdei] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qyjagri] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [xysnebt] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ryfsovj] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ovnodmk] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [trysctb] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [bjtoiwx] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hivyxrk] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [gexanlh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ewcuebb] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hpveqmr] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [quhloul] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [gomgulq] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [rvnxlcq] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hctejqd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [gqbgfhu] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qulbwyn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [mfebjhw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [wmyujhb] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ftgdoyn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [sqqgkrw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ifvbgho] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qbnhors] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [lpmcyij] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [axpoluw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [gxgnmye] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [juyljpc] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jnqeusr] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [yrfgrxq] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ujdjkvs] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hnkqfmk] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [cbccstn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [kqwuyqd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qsunhau] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [sehftrl] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [bujxjgh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [sckpvjh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [umoqdon] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [lalhqpf] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jygvpmw] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [pdwrtsv] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hsfvwrk] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [epalqwd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [girrbnr] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jasjrse] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [lhgexrf] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [uihjgpq] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [nmquoeg] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hekyowm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [jtspnmd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [divqcon] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [aagqnkm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [fnsjokm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [kcdnkpn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [eshiign] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [wrkmjil] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [unjyrmm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [pfmmxkx] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [kxgqfgm] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [hsdbcnj] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [fmdcfjh] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ytcwrfx] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qritihd] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [qwcingo] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [grtvaod] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [eyopwpf] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ajdjeme] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [doubwlg] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [dpvsado] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [uvuuxol] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [rcblonc] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [dhnqfdr] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [obtjtrn] c:\windows\jdginua.exe
O4 - HKCU\..\Run: [ccrqccs] c:\windows\tikjslr.exe
O4 - HKCU\..\Run: [aboxuhv] c:\windows\tikjslr.exe
O4 - HKCU\..\Run: [bpbjtey] c:\windows\ykaapfe.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM95\AIM.EXE
O9 - Extra button: Netnews - {E9362460-1255-11D9-A537-0000F4B37811} - news:worldnet.help.new-users (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: ConferenceRoom Java Client - http://pix.sexyads.n...080/java/cr.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102...hm::/update.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

#14
Metallica
Posted 02 June 2005 - 11:47 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Run the Remove Spywad.vbs like I explained before.

The path to copy into the dialog box is:

C:\WINDOWS\WFGEKYO.EXE

Good luck,
  • 0

#15
HardcoreZ28
Posted 02 June 2005 - 11:51 AM

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks....I'll do it tonight and post up tomorrow morning when I get to work.

I appreciate all your help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP