Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

lizo media, troj_vondo, doubleclick and many more


  • Please log in to reply

#1
selftitled10

selftitled10

    Member

  • Member
  • PipPip
  • 30 posts
These sites have been popping up for over a month or so (search42.com is more recent) I was hoping that you could help me get rid of these programs that make these sites pop up while they are not affiliated with any site I am viewing.

There are also numerous others but I can't remember them all of the top of my head and I believe those ones have been on my computer for a long time because I always have too many processes on my computer and it slows it down.

I have done numerous scans such as the ones listed on you "before posting" topic. I skipped Ewido Security Suite, AVG, and TDS-3.

Below I have pasted the Hijack this log (sorry, but it's quite long):





Logfile of HijackThis v1.99.1
Scan saved at 7:01:57 PM, on 6/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\orulqva.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\WINDOWS\system32\lxrihl.exe
C:\WINDOWS\system32\buvkcy.exe
C:\WINDOWS\system32\vodpx.exe
C:\WINDOWS\System32\dngmhta.exe
C:\WINDOWS\system32\r?ndll.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\New\Desktop\hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {00000000-167B-41bc-95FF-86A07B14712C} - C:\WINDOWS\System32\he3bbcff.dll (file missing)
O2 - BHO: (no name) - {000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} - (no file)
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\inf\cutil.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A05BE538-0DAC-7D57-8497-76A2A8816795} - C:\WINDOWS\system32\qklxlqvd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Antivirus] McAfeeAV.exe
O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\orulqva.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [icddefff] rundll32.exe C:\WINDOWS\System32\icddefff.dll,EnableRunDLL32
O4 - HKLM\..\Run: [ielcaabe] rundll32.exe C:\WINDOWS\System32\ielcaabe.dll,EnableRunDLL32
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [6Wj0.exe] C:\documents and settings\new\local settings\temp\6Wj0.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [s.exe] C:\documents and settings\new\local settings\temp\s.exe
O4 - HKLM\..\Run: [X3XRfK.exe] C:\documents and settings\new\local settings\temp\X3XRfK.exe
O4 - HKLM\..\Run: [VkmKYj.exe] C:\documents and settings\new\local settings\temp\VkmKYj.exe
O4 - HKLM\..\Run: [wyrdpk] C:\WINDOWS\system32\cosny.exe
O4 - HKLM\..\Run: [eltdr] C:\WINDOWS\system32\ibqgj.exe
O4 - HKLM\..\Run: [llijctrf] C:\WINDOWS\system32\groc.exe
O4 - HKLM\..\Run: [xeryiftt] C:\WINDOWS\system32\pnfrdes.exe
O4 - HKLM\..\Run: [fzmzb] C:\WINDOWS\system32\azsfo.exe
O4 - HKLM\..\Run: [rmon] C:\WINDOWS\system32\kmbesv.exe
O4 - HKLM\..\Run: [gjmpvzcr] C:\WINDOWS\system32\hlzzmy.exe
O4 - HKLM\..\Run: [bdlfyaxe] C:\WINDOWS\system32\whjin.exe
O4 - HKLM\..\Run: [ngfsoue] C:\WINDOWS\system32\bdvqg.exe
O4 - HKLM\..\Run: [wbyv] C:\WINDOWS\system32\hvgacu.exe
O4 - HKLM\..\Run: [dqpgnepi] C:\WINDOWS\system32\jpmsd.exe
O4 - HKLM\..\Run: [lzwxwcv] C:\WINDOWS\system32\emevwy.exe
O4 - HKLM\..\Run: [xyvi] C:\WINDOWS\system32\bghd.exe
O4 - HKLM\..\Run: [eoqkwci] C:\WINDOWS\system32\cmzscf.exe
O4 - HKLM\..\Run: [qbnoqo] C:\WINDOWS\system32\xbvjhl.exe
O4 - HKLM\..\Run: [icaezzb] C:\WINDOWS\system32\jwdoc.exe
O4 - HKLM\..\Run: [uhtrwlzg] C:\WINDOWS\system32\knnnw.exe
O4 - HKLM\..\Run: [cvhgdma] C:\WINDOWS\system32\xjgqya.exe
O4 - HKLM\..\Run: [rtfiabac] C:\WINDOWS\system32\uzwmsv.exe
O4 - HKLM\..\Run: [axydim] C:\WINDOWS\system32\kzxctri.exe
O4 - HKLM\..\Run: [qvazxfme] C:\WINDOWS\system32\hxnyvmw.exe
O4 - HKLM\..\Run: [jjrmhf] C:\WINDOWS\system32\djlupja.exe
O4 - HKLM\..\Run: [oktwga] C:\WINDOWS\system32\ljawbx.exe
O4 - HKLM\..\Run: [lheozr] C:\WINDOWS\system32\kbdk.exe
O4 - HKLM\..\Run: [wnnd] C:\WINDOWS\system32\dotjaz.exe
O4 - HKLM\..\Run: [pkznkj] C:\WINDOWS\system32\mjxxs.exe
O4 - HKLM\..\Run: [ibfjlxkc] C:\WINDOWS\system32\htgjz.exe
O4 - HKLM\..\Run: [LzioMediaUpdater] C:\WINDOWS\system32\LzioMediaUpdater.exe
O4 - HKLM\..\Run: [amnfmvlt] C:\WINDOWS\system32\kiwuvss.exe
O4 - HKLM\..\Run: [ytcrkd] C:\WINDOWS\system32\prpes.exe
O4 - HKLM\..\Run: [qkepnox] C:\WINDOWS\system32\kglv.exe
O4 - HKLM\..\Run: [gidyfwi] C:\WINDOWS\system32\oiqup.exe
O4 - HKLM\..\Run: [oger] C:\WINDOWS\system32\rvin.exe
O4 - HKLM\..\Run: [nbqewue] C:\WINDOWS\system32\lkef.exe
O4 - HKLM\..\Run: [qhfcvwa] C:\WINDOWS\system32\ibca.exe
O4 - HKLM\..\Run: [wwkvjh] C:\WINDOWS\system32\uklurpz.exe
O4 - HKLM\..\Run: [nuvm] C:\WINDOWS\system32\rbjqus.exe
O4 - HKLM\..\Run: [yirrlkiz] C:\WINDOWS\system32\lqxhqr.exe
O4 - HKLM\..\Run: [ehtmpl] C:\WINDOWS\system32\unfbhff.exe
O4 - HKLM\..\Run: [ufvjmmj] C:\WINDOWS\system32\rddxjat.exe
O4 - HKLM\..\Run: [ceptitl] C:\WINDOWS\system32\llud.exe
O4 - HKLM\..\Run: [ppymar] C:\WINDOWS\system32\dmyxkrd.exe
O4 - HKLM\..\Run: [fnnai] C:\WINDOWS\system32\adwtmm.exe
O4 - HKLM\..\Run: [wajmqqq] C:\WINDOWS\system32\ijdrvbb.exe
O4 - HKLM\..\Run: [nmfql] C:\WINDOWS\system32\rlbhoq.exe
O4 - HKLM\..\Run: [lwivd] C:\WINDOWS\system32\awhhd.exe
O4 - HKLM\..\Run: [jttf] C:\WINDOWS\system32\whbnacx.exe
O4 - HKLM\..\Run: [havm] C:\WINDOWS\system32\qmmg.exe
O4 - HKLM\..\Run: [xluxkipz] C:\WINDOWS\system32\sulmpb.exe
O4 - HKLM\..\Run: [zxkjolq] C:\WINDOWS\system32\kmvauni.exe
O4 - HKLM\..\Run: [ymein] C:\WINDOWS\system32\xind.exe
O4 - HKLM\..\Run: [wyqwjyum] C:\WINDOWS\system32\sxbu.exe
O4 - HKLM\..\Run: [iqswmnri] C:\WINDOWS\system32\zqejvsx.exe
O4 - HKLM\..\Run: [bcymbht] C:\WINDOWS\system32\uknnef.exe
O4 - HKLM\..\Run: [tfhfgrir] C:\WINDOWS\system32\wkhhyv.exe
O4 - HKLM\..\Run: [wfeyqp] C:\WINDOWS\system32\ifpmt.exe
O4 - HKLM\..\Run: [nwigdu] C:\WINDOWS\system32\sktnvry.exe
O4 - HKLM\..\Run: [ukuqe] C:\WINDOWS\system32\imrdpo.exe
O4 - HKLM\..\Run: [xngmi] C:\WINDOWS\system32\novtpbd.exe
O4 - HKLM\..\Run: [vonohdjq] C:\WINDOWS\system32\mmkvi.exe
O4 - HKLM\..\Run: [rueimyh] C:\WINDOWS\system32\hnnovo.exe
O4 - HKLM\..\Run: [vudnxehv] C:\WINDOWS\system32\gendrig.exe
O4 - HKLM\..\Run: [hgojdgf] C:\WINDOWS\system32\xkzqqk.exe
O4 - HKLM\..\Run: [stlo] C:\WINDOWS\system32\szviui.exe
O4 - HKLM\..\Run: [sawzp] C:\WINDOWS\system32\fpjekf.exe
O4 - HKLM\..\Run: [ttiecty] C:\WINDOWS\system32\fimt.exe
O4 - HKLM\..\Run: [dlfoc] C:\WINDOWS\system32\dumfesm.exe
O4 - HKLM\..\Run: [jdmqburd] C:\WINDOWS\system32\hdnhb.exe
O4 - HKLM\..\Run: [nmfob] C:\WINDOWS\system32\rqwofy.exe
O4 - HKLM\..\Run: [xxlfr] C:\WINDOWS\system32\wxrzgx.exe
O4 - HKLM\..\Run: [ygaglz] C:\WINDOWS\system32\occnf.exe
O4 - HKLM\..\Run: [krwcqswj] C:\WINDOWS\system32\iryeb.exe
O4 - HKLM\..\Run: [rdydfaxz] C:\WINDOWS\system32\zreha.exe
O4 - HKLM\..\Run: [dljgu] C:\WINDOWS\system32\cwkg.exe
O4 - HKLM\..\Run: [wwplzop] C:\WINDOWS\system32\qyrqkz.exe
O4 - HKLM\..\Run: [mbmuqxuj] C:\WINDOWS\system32\psnyp.exe
O4 - HKLM\..\Run: [syctt] C:\WINDOWS\system32\mjlcr.exe
O4 - HKLM\..\Run: [rmmebxwd] C:\WINDOWS\system32\ofif.exe
O4 - HKLM\..\Run: [nbcul] C:\WINDOWS\system32\nlpkm.exe
O4 - HKLM\..\Run: [hydqcepy] C:\WINDOWS\system32\xfcu.exe
O4 - HKLM\..\Run: [vhsno] C:\WINDOWS\system32\yuyhwn.exe
O4 - HKLM\..\Run: [kxqqkdyr] C:\WINDOWS\system32\vtwcqr.exe
O4 - HKLM\..\Run: [hjou] C:\WINDOWS\system32\bzkfjsd.exe
O4 - HKLM\..\Run: [teuk] C:\WINDOWS\system32\sfeshue.exe
O4 - HKLM\..\Run: [nbng] C:\WINDOWS\system32\hcrp.exe
O4 - HKLM\..\Run: [rsrii] C:\WINDOWS\system32\omvwyjs.exe
O4 - HKLM\..\Run: [iovjqogy] C:\WINDOWS\system32\hvbcr.exe
O4 - HKLM\..\Run: [olthsl] C:\WINDOWS\system32\elzyu.exe
O4 - HKLM\..\Run: [ybxhdwe] C:\WINDOWS\system32\zanq.exe
O4 - HKLM\..\Run: [ffiyjazf] C:\WINDOWS\system32\cmnzikdj.exe
O4 - HKLM\..\Run: [yedvp] C:\WINDOWS\system32\piflj.exe
O4 - HKLM\..\Run: [qgvq] C:\WINDOWS\system32\ilvvbvv.exe
O4 - HKLM\..\Run: [uccmps] C:\WINDOWS\system32\qdybe.exe
O4 - HKLM\..\Run: [edzjw] C:\WINDOWS\system32\darmycp.exe
O4 - HKLM\..\Run: [bjbg] C:\WINDOWS\system32\aqhiayv.exe
O4 - HKLM\..\Run: [cdwbw] C:\WINDOWS\system32\pwghhsnp.exe
O4 - HKLM\..\Run: [dzhqnx] C:\WINDOWS\system32\jluydqi.exe
O4 - HKLM\..\Run: [yxzprpld] C:\WINDOWS\system32\zrpg.exe
O4 - HKLM\..\Run: [scstumg] C:\WINDOWS\system32\fwmxo.exe
O4 - HKLM\..\Run: [cjeet] C:\WINDOWS\system32\sseapxv.exe
O4 - HKLM\..\Run: [gzqr] C:\WINDOWS\system32\cmktq.exe
O4 - HKLM\..\Run: [rvoasdau] C:\WINDOWS\system32\zzusaf.exe
O4 - HKLM\..\Run: [glmcos] C:\WINDOWS\system32\wysoui.exe
O4 - HKLM\..\Run: [bihhuu] C:\WINDOWS\system32\hsyg.exe
O4 - HKLM\..\Run: [nbbddrm] C:\WINDOWS\system32\pjomc.exe
O4 - HKLM\..\Run: [jycxlvwx] C:\WINDOWS\system32\adtf.exe
O4 - HKLM\..\Run: [lunbz] C:\WINDOWS\system32\cggpeti.exe
O4 - HKLM\..\Run: [bsqyosn] C:\WINDOWS\system32\zwwtyxp.exe
O4 - HKLM\..\Run: [qand] C:\WINDOWS\system32\mcnu.exe
O4 - HKLM\..\Run: [vjfvjph] C:\WINDOWS\system32\zzffa.exe
O4 - HKLM\..\Run: [pmtzt] C:\WINDOWS\system32\uvqjbmr.exe
O4 - HKLM\..\Run: [abjnju] C:\WINDOWS\system32\rcxji.exe
O4 - HKLM\..\Run: [wvvh] C:\WINDOWS\system32\dwfo.exe
O4 - HKLM\..\Run: [sbjxd] C:\WINDOWS\system32\andk.exe
O4 - HKLM\..\Run: [vqzzrthw] C:\WINDOWS\system32\cqka.exe
O4 - HKLM\..\Run: [tuzroqn] C:\WINDOWS\system32\qkcjfava.exe
O4 - HKLM\..\Run: [eucl] C:\WINDOWS\system32\fgmsyfb.exe
O4 - HKLM\..\Run: [mrscu] C:\WINDOWS\system32\qizlz.exe
O4 - HKLM\..\Run: [qfsgk] C:\WINDOWS\system32\acfv.exe
O4 - HKLM\..\Run: [xcgjbr] C:\WINDOWS\system32\oszdgtdb.exe
O4 - HKLM\..\Run: [ithsvcv] C:\WINDOWS\system32\ihvuksq.exe
O4 - HKLM\..\Run: [wqllhdsh] C:\WINDOWS\system32\dwjlhzk.exe
O4 - HKLM\..\Run: [vrky] C:\WINDOWS\system32\nroeh.exe
O4 - HKLM\..\Run: [bwoaja] C:\WINDOWS\system32\brtzkczm.exe
O4 - HKLM\..\Run: [akfsuoqb] C:\WINDOWS\system32\fiujhb.exe
O4 - HKLM\..\Run: [iabyua] C:\WINDOWS\system32\ucbubwd.exe
O4 - HKLM\..\Run: [yydujbfo] C:\WINDOWS\system32\rtrpdaj.exe
O4 - HKLM\..\Run: [oatwd] C:\WINDOWS\system32\wfqz.exe
O4 - HKLM\..\Run: [ywdk] C:\WINDOWS\system32\otcmdrsb.exe
O4 - HKLM\..\Run: [fclh] C:\WINDOWS\system32\yglt.exe
O4 - HKLM\..\Run: [vbww] C:\WINDOWS\system32\iayezxnn.exe
O4 - HKLM\..\Run: [lecatnj] C:\WINDOWS\system32\cywtj.exe
O4 - HKLM\..\Run: [obofc] C:\WINDOWS\system32\ulnsnb.exe
O4 - HKLM\..\Run: [jlywt] C:\WINDOWS\system32\cvyxdsh.exe
O4 - HKLM\..\Run: [fzvss] C:\WINDOWS\system32\cnblg.exe
O4 - HKLM\..\Run: [uwicpf] C:\WINDOWS\system32\xkmoiq.exe
O4 - HKLM\..\Run: [mnkquupy] C:\WINDOWS\system32\zmrhj.exe
O4 - HKLM\..\Run: [wqvd] C:\WINDOWS\system32\wijd.exe
O4 - HKLM\..\Run: [qfbfkd] C:\WINDOWS\system32\jetgsh.exe
O4 - HKLM\..\Run: [yrvhfbq] C:\WINDOWS\system32\ovuq.exe
O4 - HKLM\..\Run: [etpvmv] C:\WINDOWS\system32\jtsfy.exe
O4 - HKLM\..\Run: [rlwnq] C:\WINDOWS\system32\wpdqssh.exe
O4 - HKLM\..\Run: [sifto] C:\WINDOWS\system32\gjqas.exe
O4 - HKLM\..\Run: [yedrqop] C:\WINDOWS\system32\daowv.exe
O4 - HKLM\..\Run: [irszxcv] C:\WINDOWS\system32\loma.exe
O4 - HKLM\..\Run: [xnwpczkt] C:\WINDOWS\system32\pwkd.exe
O4 - HKLM\..\Run: [ujtnt] C:\WINDOWS\system32\bqsqefii.exe
O4 - HKLM\..\Run: [zlvk] C:\WINDOWS\system32\bghjfd.exe
O4 - HKLM\..\Run: [razi] C:\WINDOWS\system32\tzaiqlyj.exe
O4 - HKLM\..\Run: [tenhlruc] C:\WINDOWS\system32\fvkls.exe
O4 - HKLM\..\Run: [zxxvihx] C:\WINDOWS\system32\asdwlh.exe
O4 - HKLM\..\Run: [coiv] C:\WINDOWS\system32\rnhj.exe
O4 - HKLM\..\Run: [kyexlfbl] C:\WINDOWS\system32\lascsg.exe
O4 - HKLM\..\Run: [mexviua] C:\WINDOWS\system32\xvagn.exe
O4 - HKLM\..\Run: [kuiwxzy] C:\WINDOWS\system32\eygjlr.exe
O4 - HKLM\..\Run: [yfdo] C:\WINDOWS\system32\wmwmapu.exe
O4 - HKLM\..\Run: [lchis] C:\WINDOWS\system32\qcsdwog.exe
O4 - HKLM\..\Run: [srzf] C:\WINDOWS\system32\dykgxycs.exe
O4 - HKLM\..\Run: [jajepwmu] C:\WINDOWS\system32\nsqzyru.exe
O4 - HKLM\..\Run: [eypbn] C:\WINDOWS\system32\lhbi.exe
O4 - HKLM\..\Run: [aqzngu] C:\WINDOWS\system32\nptniyj.exe
O4 - HKLM\..\Run: [sgfnqc] C:\WINDOWS\system32\beok.exe
O4 - HKLM\..\Run: [ybqaugup] C:\WINDOWS\system32\wtcc.exe
O4 - HKLM\..\Run: [yumbbh] C:\WINDOWS\system32\ahfbzcg.exe
O4 - HKLM\..\Run: [knkzhl] C:\WINDOWS\system32\ksdbwg.exe
O4 - HKLM\..\Run: [cenk] C:\WINDOWS\system32\zdjetqx.exe
O4 - HKLM\..\Run: [oholhu] C:\WINDOWS\system32\gwuko.exe
O4 - HKLM\..\Run: [rdnx] C:\WINDOWS\system32\eabzpvjf.exe
O4 - HKLM\..\Run: [qfkuv] C:\WINDOWS\system32\czzurzpu.exe
O4 - HKLM\..\Run: [aehzzk] C:\WINDOWS\system32\vroexxlc.exe
O4 - HKLM\..\Run: [irckz] C:\WINDOWS\system32\bmlt.exe
O4 - HKLM\..\Run: [ckztldt] C:\WINDOWS\system32\cbsqm.exe
O4 - HKLM\..\Run: [dezeuel] C:\WINDOWS\system32\lsreitet.exe
O4 - HKLM\..\Run: [kwfeqe] C:\WINDOWS\system32\cqgfbq.exe
O4 - HKLM\..\Run: [acdfiesv] C:\WINDOWS\system32\fkphld.exe
O4 - HKLM\..\Run: [dtpsr] C:\WINDOWS\system32\sgakmfc.exe
O4 - HKLM\..\Run: [orbhf] C:\WINDOWS\system32\candfy.exe
O4 - HKLM\..\Run: [augzmjcq] C:\WINDOWS\system32\omxycb.exe
O4 - HKLM\..\Run: [likdg] C:\WINDOWS\system32\ibtqya.exe
O4 - HKLM\..\Run: [anrp] C:\WINDOWS\system32\vqhvt.exe
O4 - HKLM\..\Run: [ebvof] C:\WINDOWS\system32\ebne.exe
O4 - HKLM\..\Run: [alknfsma] C:\WINDOWS\system32\whzrpgcd.exe
O4 - HKLM\..\Run: [wcweivej] C:\WINDOWS\system32\zopbpvrz.exe
O4 - HKLM\..\Run: [mhfhjqhc] C:\WINDOWS\system32\hsvw.exe
O4 - HKLM\..\Run: [incxh] C:\WINDOWS\system32\eqts.exe
O4 - HKLM\..\Run: [tplic] C:\WINDOWS\system32\okzkiay.exe
O4 - HKLM\..\Run: [mlvui] C:\WINDOWS\system32\drmwjla.exe
O4 - HKLM\..\Run: [wmcvzins] C:\WINDOWS\system32\qtqvjywg.exe
O4 - HKLM\..\Run: [uozsah] C:\WINDOWS\system32\nkoqdtku.exe
O4 - HKLM\..\Run: [xafwveth] C:\WINDOWS\system32\fbthyu.exe
O4 - HKLM\..\Run: [lhkb] C:\WINDOWS\system32\bkur.exe
O4 - HKLM\..\Run: [xslyc] C:\WINDOWS\system32\mmacwes.exe
O4 - HKLM\..\Run: [pkhyczs] C:\WINDOWS\system32\qflev.exe
O4 - HKLM\..\Run: [zbbcd] C:\WINDOWS\system32\sfkkmib.exe
O4 - HKLM\..\Run: [opfcxk] C:\WINDOWS\system32\arqnksqs.exe
O4 - HKLM\..\Run: [lxmtp] C:\WINDOWS\system32\qtodeqaq.exe
O4 - HKLM\..\Run: [srnzk] C:\WINDOWS\system32\gtqodm.exe
O4 - HKLM\..\Run: [bebzqj] C:\WINDOWS\system32\kusge.exe
O4 - HKLM\..\Run: [foyaqbs] C:\WINDOWS\system32\woas.exe
O4 - HKLM\..\Run: [eepdpvc] C:\WINDOWS\system32\ergnx.exe
O4 - HKLM\..\Run: [hepmajzg] C:\WINDOWS\system32\duscl.exe
O4 - HKLM\..\Run: [huygdl] C:\WINDOWS\system32\xpap.exe
O4 - HKLM\..\Run: [xozs] C:\WINDOWS\system32\gtjegh.exe
O4 - HKLM\..\Run: [mexuo] C:\WINDOWS\system32\djzzic.exe
O4 - HKLM\..\Run: [dqij] C:\WINDOWS\system32\zqxkil.exe
O4 - HKLM\..\Run: [jjufk] C:\WINDOWS\system32\roul.exe
O4 - HKLM\..\Run: [eqwek] C:\WINDOWS\system32\iufyilbc.exe
O4 - HKLM\..\Run: [hyswjq] C:\WINDOWS\system32\tiwg.exe
O4 - HKLM\..\Run: [kqnbhr] C:\WINDOWS\system32\poktgum.exe
O4 - HKLM\..\Run: [iwekeap] C:\WINDOWS\system32\hjss.exe
O4 - HKLM\..\Run: [klujzg] C:\WINDOWS\system32\dwuiz.exe
O4 - HKLM\..\Run: [kzxqlff] C:\WINDOWS\system32\cusktgbc.exe
O4 - HKLM\..\Run: [hhhe] C:\WINDOWS\system32\kwqamek.exe
O4 - HKLM\..\Run: [kklyuhk] C:\WINDOWS\system32\tklydhdo.exe
O4 - HKLM\..\Run: [ocsh] C:\WINDOWS\system32\rypi.exe
O4 - HKLM\..\Run: [jevgmppz] C:\WINDOWS\system32\qwmkoe.exe
O4 - HKLM\..\Run: [rloiy] C:\WINDOWS\system32\ghlz.exe
O4 - HKLM\..\Run: [tlghr] C:\WINDOWS\system32\jheqoby.exe
O4 - HKLM\..\Run: [xusqx] C:\WINDOWS\system32\rkltllop.exe
O4 - HKLM\..\Run: [dcqfdilv] C:\WINDOWS\system32\jfhse.exe
O4 - HKLM\..\Run: [emaoi] C:\WINDOWS\system32\flmfwgr.exe
O4 - HKLM\..\Run: [ivbn] C:\WINDOWS\system32\ejjhp.exe
O4 - HKLM\..\Run: [avrhg] C:\WINDOWS\system32\xtncf.exe
O4 - HKLM\..\Run: [sawwems] C:\WINDOWS\system32\dbgzxv.exe
O4 - HKLM\..\Run: [ldot] C:\WINDOWS\system32\yiczc.exe
O4 - HKLM\..\Run: [afowxsqh] C:\WINDOWS\system32\dnpz.exe
O4 - HKLM\..\Run: [pluzhwhs] C:\WINDOWS\system32\ckwea.exe
O4 - HKLM\..\Run: [vvivsqjx] C:\WINDOWS\system32\rpgn.exe
O4 - HKLM\..\Run: [tmoo] C:\WINDOWS\system32\bylo.exe
O4 - HKLM\..\Run: [pqhfhhth] C:\WINDOWS\system32\ghmyykj.exe
O4 - HKLM\..\Run: [dibs] C:\WINDOWS\system32\ivkj.exe
O4 - HKLM\..\Run: [aqucfkd] C:\WINDOWS\system32\xruslipy.exe
O4 - HKLM\..\Run: [oegl] C:\WINDOWS\system32\fjxhow.exe
O4 - HKLM\..\Run: [czoro] C:\WINDOWS\system32\hxhy.exe
O4 - HKLM\..\Run: [ttudvg] C:\WINDOWS\system32\mgiibte.exe
O4 - HKLM\..\Run: [jfvha] C:\WINDOWS\system32\ydtldeao.exe
O4 - HKLM\..\Run: [twwn] C:\WINDOWS\system32\dhwh.exe
O4 - HKLM\..\Run: [lamx] C:\WINDOWS\system32\lhjzpg.exe
O4 - HKLM\..\Run: [vzap] C:\WINDOWS\system32\ofzscp.exe
O4 - HKLM\..\Run: [tfoten] C:\WINDOWS\system32\qkybhg.exe
O4 - HKLM\..\Run: [nlkny] C:\WINDOWS\system32\rbpx.exe
O4 - HKLM\..\Run: [vcqi] C:\WINDOWS\system32\bbsjx.exe
O4 - HKLM\..\Run: [yaryjoxz] C:\WINDOWS\system32\jhnos.exe
O4 - HKLM\..\Run: [dfjzo] C:\WINDOWS\system32\wjrmkv.exe
O4 - HKLM\..\Run: [disrf] C:\WINDOWS\system32\cdqxeqar.exe
O4 - HKLM\..\Run: [yksxj] C:\WINDOWS\system32\uxzeslkl.exe
O4 - HKLM\..\Run: [ymdgy] C:\WINDOWS\system32\rgbgpc.exe
O4 - HKLM\..\Run: [bbaakry] C:\WINDOWS\system32\mvpyu.exe
O4 - HKLM\..\Run: [kbwbogas] C:\WINDOWS\system32\borl.exe
O4 - HKLM\..\Run: [jvzbudq] C:\WINDOWS\system32\jrfoy.exe
O4 - HKLM\..\Run: [clsiiaf] C:\WINDOWS\system32\rbappw.exe
O4 - HKLM\..\Run: [rtlwcyu] C:\WINDOWS\system32\pamudlh.exe
O4 - HKLM\..\Run: [moty] C:\WINDOWS\system32\mjnea.exe
O4 - HKLM\..\Run: [itlcrqh] C:\WINDOWS\system32\anxn.exe
O4 - HKLM\..\Run: [trlhusoy] C:\WINDOWS\system32\qrtvi.exe
O4 - HKLM\..\Run: [oaouacfm] C:\WINDOWS\system32\nnde.exe
O4 - HKLM\..\Run: [sodky] C:\WINDOWS\system32\klbi.exe
O4 - HKLM\..\Run: [vxamolfu] C:\WINDOWS\system32\qlgk.exe
O4 - HKLM\..\Run: [jkahwf] C:\WINDOWS\system32\bwlqm.exe
O4 - HKLM\..\Run: [dlqpja] C:\WINDOWS\system32\lxnkok.exe
O4 - HKLM\..\Run: [jeidkm] C:\WINDOWS\system32\xdsariat.exe
O4 - HKLM\..\Run: [ueky] C:\WINDOWS\system32\pjenqka.exe
O4 - HKLM\..\Run: [rkykez] C:\WINDOWS\system32\obhct.exe
O4 - HKLM\..\Run: [mtfpqpev] C:\WINDOWS\system32\knhdgvr.exe
O4 - HKLM\..\Run: [owwycvmw] C:\WINDOWS\system32\pxind.exe
O4 - HKLM\..\Run: [gxfubur] C:\WINDOWS\system32\nmxxtewc.exe
O4 - HKLM\..\Run: [oykgorrx] C:\WINDOWS\system32\zzsy.exe
O4 - HKLM\..\Run: [dvneuo] C:\WINDOWS\system32\dgjj.exe
O4 - HKLM\..\Run: [qaiqs] C:\WINDOWS\system32\drmxezm.exe
O4 - HKLM\..\Run: [bbsojv] C:\WINDOWS\system32\fjynbmgj.exe
O4 - HKLM\..\Run: [sibc] C:\WINDOWS\system32\pwgm.exe
O4 - HKLM\..\Run: [yhrccswr] C:\WINDOWS\system32\fznod.exe
O4 - HKLM\..\Run: [qblmutvi] C:\WINDOWS\system32\dewyupat.exe
O4 - HKLM\..\Run: [fgnrwwh] C:\WINDOWS\system32\mpczstb.exe
O4 - HKLM\..\Run: [ssrmitvd] C:\WINDOWS\system32\uifnn.exe
O4 - HKLM\..\Run: [uvbk] C:\WINDOWS\system32\dkyayex.exe
O4 - HKLM\..\Run: [gqia] C:\WINDOWS\system32\upjnxgx.exe
O4 - HKLM\..\Run: [eugytt] C:\WINDOWS\system32\ecauauzd.exe
O4 - HKLM\..\Run: [vshmdf] C:\WINDOWS\system32\udpsxy.exe
O4 - HKLM\..\Run: [uetsfz] C:\WINDOWS\system32\dugos.exe
O4 - HKLM\..\Run: [jbbul] C:\WINDOWS\system32\sqqw.exe
O4 - HKLM\..\Run: [wwrkd] C:\WINDOWS\system32\uccbyy.exe
O4 - HKLM\..\Run: [dfyf] C:\WINDOWS\system32\btcrvj.exe
O4 - HKLM\..\Run: [tmex] C:\WINDOWS\system32\psyxis.exe
O4 - HKLM\..\Run: [ndvlhvca] C:\WINDOWS\system32\japv.exe
O4 - HKLM\..\Run: [aehym] C:\WINDOWS\system32\ywymisjs.exe
O4 - HKLM\..\Run: [klyckr] C:\WINDOWS\system32\sqoijnr.exe
O4 - HKLM\..\Run: [fovxptx] C:\WINDOWS\system32\wqhid.exe
O4 - HKLM\..\Run: [sfwgswj] C:\WINDOWS\system32\ovbv.exe
O4 - HKLM\..\Run: [rzdlbu] C:\WINDOWS\system32\nura.exe
O4 - HKLM\..\Run: [icuw] C:\WINDOWS\system32\mthbvhq.exe
O4 - HKLM\..\Run: [bdiftr] C:\WINDOWS\system32\gaghu.exe
O4 - HKLM\..\Run: [ndmxwsr] C:\WINDOWS\system32\inpzj.exe
O4 - HKLM\..\Run: [vsnfrlz] C:\WINDOWS\system32\peppg.exe
O4 - HKLM\..\Run: [scho] C:\WINDOWS\system32\eizy.exe
O4 - HKLM\..\Run: [spxxl] C:\WINDOWS\system32\wfibrwg.exe
O4 - HKLM\..\Run: [gohsubq] C:\WINDOWS\system32\scmbfpwh.exe
O4 - HKLM\..\Run: [qgedrmkp] C:\WINDOWS\system32\cuhvzfyz.exe
O4 - HKLM\..\Run: [pjjam] C:\WINDOWS\system32\vzeurvc.exe
O4 - HKLM\..\Run: [hkhzmki] C:\WINDOWS\system32\lugy.exe
O4 - HKLM\..\Run: [ftvtk] C:\WINDOWS\system32\aqphhmre.exe
O4 - HKLM\..\Run: [lkji] C:\WINDOWS\system32\evlr.exe
O4 - HKLM\..\Run: [svec] C:\WINDOWS\system32\brqrj.exe
O4 - HKLM\..\Run: [gecebxds] C:\WINDOWS\system32\rmrofpab.exe
O4 - HKLM\..\Run: [yhyrm] C:\WINDOWS\system32\xzfamp.exe
O4 - HKLM\..\Run: [zkkkil] C:\WINDOWS\system32\jzzag.exe
O4 - HKLM\..\Run: [zuvxhmeb] C:\WINDOWS\system32\egur.exe
O4 - HKLM\..\Run: [makfdqr] C:\WINDOWS\system32\dlngu.exe
O4 - HKLM\..\Run: [zlvvbww] C:\WINDOWS\system32\ypxvf.exe
O4 - HKLM\..\Run: [vridfowy] C:\WINDOWS\system32\ptyjfjj.exe
O4 - HKLM\..\Run: [ednrxuan] C:\WINDOWS\system32\exvsnqd.exe
O4 - HKLM\..\Run: [nmslfe] C:\WINDOWS\system32\pzbdn.exe
O4 - HKLM\..\Run: [wsarkjvf] C:\WINDOWS\system32\zmjkjx.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [kysqj] C:\WINDOWS\system32\colorh.exe
O4 - HKLM\..\Run: [mzvnqeq] C:\WINDOWS\system32\qrkylkny.exe
O4 - HKLM\..\Run: [dmvv] C:\WINDOWS\system32\oyzpbu.exe
O4 - HKLM\..\Run: [hzksc] C:\WINDOWS\system32\vmnbv.exe
O4 - HKLM\..\Run: [vainu] C:\WINDOWS\system32\pmmyuztb.exe
O4 - HKLM\..\Run: [uqhyw] C:\WINDOWS\system32\gsyutbl.exe
O4 - HKLM\..\Run: [gqmoq] C:\WINDOWS\system32\vvier.exe
O4 - HKLM\..\Run: [xmuwf] C:\WINDOWS\system32\blxohaov.exe
O4 - HKLM\..\Run: [ekifphc] C:\WINDOWS\system32\cbpjdo.exe
O4 - HKLM\..\Run: [tjqyym] C:\WINDOWS\system32\ubcwewfj.exe
O4 - HKLM\..\Run: [dfwn] C:\WINDOWS\system32\ivbgy.exe
O4 - HKLM\..\Run: [dent] C:\WINDOWS\system32\soho.exe
O4 - HKLM\..\Run: [cxyl] C:\WINDOWS\system32\otkl.exe
O4 - HKLM\..\Run: [askys] C:\WINDOWS\system32\jixd.exe
O4 - HKLM\..\Run: [uavwnvnm] C:\WINDOWS\system32\lkdnktc.exe
O4 - HKLM\..\Run: [ruhxxwsk] C:\WINDOWS\system32\fdimlkn.exe
O4 - HKLM\..\Run: [piills] C:\WINDOWS\system32\jwqczoei.exe
O4 - HKLM\..\Run: [mmcxm] C:\WINDOWS\system32\dleudvzu.exe
O4 - HKLM\..\Run: [obydbs] C:\WINDOWS\system32\hlgtxy.exe
O4 - HKLM\..\Run: [bjhpee] C:\WINDOWS\system32\lmfx.exe
O4 - HKLM\..\Run: [qiaui] C:\WINDOWS\system32\qvgzasg.exe
O4 - HKLM\..\Run: [ykmvh] C:\WINDOWS\system32\csrktdbh.exe
O4 - HKLM\..\Run: [xqga] C:\WINDOWS\system32\nulnaxqa.exe
O4 - HKLM\..\Run: [kmdvi] C:\WINDOWS\system32\awpd.exe
O4 - HKLM\..\Run: [ripkcki] C:\WINDOWS\system32\olkavd.exe
O4 - HKLM\..\Run: [ikytfyzc] C:\WINDOWS\system32\upraf.exe
O4 - HKLM\..\Run: [wdtkjsq] C:\WINDOWS\system32\opqgehtm.exe
O4 - HKLM\..\Run: [yadwgh] C:\WINDOWS\system32\ledda.exe
O4 - HKLM\..\Run: [qprsitgh] C:\WINDOWS\system32\aneisefa.exe
O4 - HKLM\..\Run: [hdok] C:\WINDOWS\system32\ohct.exe
O4 - HKLM\..\Run: [mklmehho] C:\WINDOWS\system32\dlub.exe
O4 - HKLM\..\Run: [yzuvu] C:\WINDOWS\system32\ceuhqn.exe
O4 - HKLM\..\Run: [eylpbk] C:\WINDOWS\system32\ujouo.exe
O4 - HKLM\..\Run: [pzztaw] C:\WINDOWS\system32\npcch.exe
O4 - HKLM\..\Run: [xouj] C:\WINDOWS\system32\cjvlor.exe
O4 - HKLM\..\Run: [vjigtag] C:\WINDOWS\system32\bhkmhpwn.exe
O4 - HKLM\..\Run: [tlfdtyan] C:\WINDOWS\system32\yfiikkck.exe
O4 - HKLM\..\Run: [mhcef] C:\WINDOWS\system32\cetmhuca.exe
O4 - HKLM\..\Run: [bkjybf] C:\WINDOWS\system32\zujhjxj.exe
O4 - HKLM\..\Run: [imjdbtqo] C:\WINDOWS\system32\uqcs.exe
O4 - HKLM\..\Run: [maoypnx] C:\WINDOWS\system32\ityz.exe
O4 - HKLM\..\Run: [eadr] C:\WINDOWS\system32\reezgybx.exe
O4 - HKLM\..\Run: [zslzj] C:\WINDOWS\system32\fylka.exe
O4 - HKLM\..\Run: [vpuipdh] C:\WINDOWS\system32\nkzuq.exe
O4 - HKLM\..\Run: [tizsoghd] C:\WINDOWS\system32\wbzhmeoy.exe
O4 - HKLM\..\Run: [whoc] C:\WINDOWS\system32\oocgdg.exe
O4 - HKLM\..\Run: [amgljea] C:\WINDOWS\system32\vloflu.exe
O4 - HKLM\..\Run: [ayclljfp] C:\WINDOWS\system32\zplfznk.exe
O4 - HKLM\..\Run: [zlzji] C:\WINDOWS\system32\vwjrpch.exe
O4 - HKLM\..\Run: [mhbcot] C:\WINDOWS\system32\mbwzvyl.exe
O4 - HKLM\..\Run: [srcjpowt] C:\WINDOWS\system32\qdaqvlzq.exe
O4 - HKLM\..\Run: [hlzmdjw] C:\WINDOWS\system32\yoeeqh.exe
O4 - HKLM\..\Run: [fnrye] C:\WINDOWS\system32\akxgr.exe
O4 - HKLM\..\Run: [mthd] C:\WINDOWS\system32\hubcihnt.exe
O4 - HKLM\..\Run: [qaijj] C:\WINDOWS\system32\nweyipu.exe
O4 - HKLM\..\Run: [ypnzpovf] C:\WINDOWS\system32\efrzp.exe
O4 - HKLM\..\Run: [wcmeztbi] C:\WINDOWS\system32\uixbni.exe
O4 - HKLM\..\Run: [gbcuxtzo] C:\WINDOWS\system32\iwonvm.exe
O4 - HKLM\..\Run: [fnapl] C:\WINDOWS\system32\sqcg.exe
O4 - HKLM\..\Run: [hmxbn] C:\WINDOWS\system32\zbijmo.exe
O4 - HKLM\..\Run: [cldjetk] C:\WINDOWS\system32\xyddscg.exe
O4 - HKLM\..\Run: [erkgcr] C:\WINDOWS\system32\ghyf.exe
O4 - HKLM\..\Run: [gmkchid] C:\WINDOWS\system32\hxxsfss.exe
O4 - HKLM\..\Run: [voslrvkh] C:\WINDOWS\system32\xbkq.exe
O4 - HKLM\..\Run: [qcpapxgw] C:\WINDOWS\system32\uaim.exe
O4 - HKLM\..\Run: [nzdtapkg] C:\WINDOWS\system32\rqgikuje.exe
O4 - HKLM\..\Run: [xtqd] C:\WINDOWS\system32\bydhjdlf.exe
O4 - HKLM\..\Run: [qcdbtahv] C:\WINDOWS\system32\qunqkjsd.exe
O4 - HKLM\..\Run: [yndo] C:\WINDOWS\system32\ojjlme.exe
O4 - HKLM\..\Run: [kbasjpcm] C:\WINDOWS\system32\jyfkjk.exe
O4 - HKLM\..\Run: [dqcsbwwl] C:\WINDOWS\system32\wvqnkng.exe
O4 - HKLM\..\Run: [zytyim] C:\WINDOWS\system32\gneeo.exe
O4 - HKLM\..\Run: [sgvrxk] C:\WINDOWS\system32\dlua.exe
O4 - HKLM\..\Run: [vukgvm] C:\WINDOWS\system32\acsw.exe
O4 - HKLM\..\Run: [frjsj] C:\WINDOWS\system32\mumfrwlr.exe
O4 - HKLM\..\Run: [efkopp] C:\WINDOWS\system32\qdopon.exe
O4 - HKLM\..\Run: [ujmpyxgy] C:\WINDOWS\system32\hzakjj.exe
O4 - HKLM\..\Run: [bhpfgx] C:\WINDOWS\system32\toujuy.exe
O4 - HKLM\..\Run: [fbtrwhs] C:\WINDOWS\system32\isamsiv.exe
O4 - HKLM\..\Run: [fgvcdubt] C:\WINDOWS\system32\xwkvtn.exe
O4 - HKLM\..\Run: [nquyh] C:\WINDOWS\system32\ieztquv.exe
O4 - HKLM\..\Run: [rhuqoyi] C:\WINDOWS\system32\cjkm.exe
O4 - HKLM\..\Run: [hdnbwqmn] C:\WINDOWS\system32\zgfjks.exe
O4 - HKLM\..\Run: [rpwa] C:\WINDOWS\system32\lxrihl.exe
O4 - HKLM\..\Run: [hbzb] C:\WINDOWS\system32\buvkcy.exe
O4 - HKLM\..\Run: [usay] C:\WINDOWS\system32\vodpx.exe
O4 - HKLM\..\Run: [qwotg] C:\WINDOWS\system32\oarm.exe
O4 - HKLM\..\Run: [tcdqfg] C:\WINDOWS\system32\mzpi.exe
O4 - HKLM\..\Run: [bkwxnct] C:\WINDOWS\system32\golhpaxo.exe
O4 - HKLM\..\RunServices: [McAfee Antivirus] McAfeeAV.exe
O4 - HKCU\..\Run: [somepaxg] C:\WINDOWS\System32\tneqp.exe k:somepaxg:
O4 - HKCU\..\Run: [fprxw] C:\WINDOWS\System32\tmtrqprf.exe k:fprxw:
O4 - HKCU\..\Run: [fhxm] C:\WINDOWS\System32\orhej.exe k:fhxm:
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\dngmhta.exe
O4 - HKCU\..\Run: [JwupROK4h] appmrt16.exe
O4 - HKCU\..\Run: [Aaou] C:\Documents and Settings\New\Application Data\othb.exe
O4 - HKCU\..\Run: [Eofp] C:\WINDOWS\system32\r?ndll.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1059.dll,InstantAccess
O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {22AB09A5-AB12-4A4C-BEAA-CC38595B6CA8} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O15 - Trusted Zone: www.seventeen.com
O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - http://akamai.downlo...ESS_1059_XP.cab
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downlo...ESS_1057_XP.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....ro64_loader.dll
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downlo...net32_EN_XP.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downlo..._1041_EN_XP.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downlo...ESS_1058_XP.cab
O16 - DPF: {C4AE95E6-4EE4-6B4F-A12B-EAAA3858187F} - http://art.towerreco...formerSetup.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb14.pogo...aploader_v6.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo...tpe32_EN_XP.cab
O20 - Winlogon Notify: cutil - C:\WINDOWS\inf\cutil.dll
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe





:tazz: Thank you very much!

Edited by selftitled10, 11 June 2005 - 07:04 AM.

  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Click here to download pskill.zip
http://www.sysintern...iles/pskill.zip

Extract pskill.exe to your system32 folder. It is a zip and the exe must be extracted to system32 for this to have any chance of working.

------------------------------
Download and Save Spywad Remove.zip to your C:\ Directory from this link:

http://spywarewarrio...ywad_Remove.zip


Open C:\ (Go to Start>Run and type C: Press enter) and extract the Spywad Folder from Spywad Remove.zip to C:\. This will create a folder --
C:\Spywad Remove. Open the folder. Double click on Remove Spywad.vbs If you have script blocking enabled you will get a warning about a malicious script. Please allow this script to run. It is not malicious.

It will open an Input box. Type the full path and file name of the Slimshield actively running process as directed by your Advisor on the forum. The running process must be killed for us to clean up properly.

C:\WINDOWS\system32\vodpx.exe


The script will kill that process, backup and then delete any matching files in System32 and your Windows Directory. It will create a log of all files deleted. This log file will be named Spywad.txt and be located inside the C:\Spywad Remove Folder. The backups will also be located in two subfolders there. One named Systems and the other named Window.

The script will search the Windows Directory and delete desktop.html and popup.html if they exist. It will add entries to the log if these files are found and deleted.

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.

It will restart Explorer.


** Script Does not remove the orphaned run entries.

Finally, it will Run hijackthis so that you can remove the orphaned run entries and anything else as instructed by your Advisor on the forums.

If hijackthis doesn't start, run it manually.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: (no name) - {00000000-167B-41bc-95FF-86A07B14712C} - C:\WINDOWS\System32\he3bbcff.dll (file missing)
O2 - BHO: (no name) - {000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} - (no file)
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\inf\cutil.dll

O2 - BHO: (no name) - {A05BE538-0DAC-7D57-8497-76A2A8816795} - C:\WINDOWS\system32\qklxlqvd.dll

O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\orulqva.exe

O4 - HKLM\..\Run: [icddefff] rundll32.exe C:\WINDOWS\System32\icddefff.dll,EnableRunDLL32
O4 - HKLM\..\Run: [ielcaabe] rundll32.exe C:\WINDOWS\System32\ielcaabe.dll,EnableRunDLL32

O4 - HKLM\..\Run: [6Wj0.exe] C:\documents and settings\new\local settings\temp\6Wj0.exe

O4 - HKLM\..\Run: [s.exe] C:\documents and settings\new\local settings\temp\s.exe
O4 - HKLM\..\Run: [X3XRfK.exe] C:\documents and settings\new\local settings\temp\X3XRfK.exe
O4 - HKLM\..\Run: [VkmKYj.exe] C:\documents and settings\new\local settings\temp\VkmKYj.exe
O4 - HKLM\..\Run: [wyrdpk] C:\WINDOWS\system32\cosny.exe
O4 - HKLM\..\Run: [eltdr] C:\WINDOWS\system32\ibqgj.exe
O4 - HKLM\..\Run: [llijctrf] C:\WINDOWS\system32\groc.exe
O4 - HKLM\..\Run: [xeryiftt] C:\WINDOWS\system32\pnfrdes.exe
O4 - HKLM\..\Run: [fzmzb] C:\WINDOWS\system32\azsfo.exe
O4 - HKLM\..\Run: [rmon] C:\WINDOWS\system32\kmbesv.exe
O4 - HKLM\..\Run: [gjmpvzcr] C:\WINDOWS\system32\hlzzmy.exe
O4 - HKLM\..\Run: [bdlfyaxe] C:\WINDOWS\system32\whjin.exe
O4 - HKLM\..\Run: [ngfsoue] C:\WINDOWS\system32\bdvqg.exe
O4 - HKLM\..\Run: [wbyv] C:\WINDOWS\system32\hvgacu.exe
O4 - HKLM\..\Run: [dqpgnepi] C:\WINDOWS\system32\jpmsd.exe
O4 - HKLM\..\Run: [lzwxwcv] C:\WINDOWS\system32\emevwy.exe
O4 - HKLM\..\Run: [xyvi] C:\WINDOWS\system32\bghd.exe
O4 - HKLM\..\Run: [eoqkwci] C:\WINDOWS\system32\cmzscf.exe
O4 - HKLM\..\Run: [qbnoqo] C:\WINDOWS\system32\xbvjhl.exe
O4 - HKLM\..\Run: [icaezzb] C:\WINDOWS\system32\jwdoc.exe
O4 - HKLM\..\Run: [uhtrwlzg] C:\WINDOWS\system32\knnnw.exe
O4 - HKLM\..\Run: [cvhgdma] C:\WINDOWS\system32\xjgqya.exe
O4 - HKLM\..\Run: [rtfiabac] C:\WINDOWS\system32\uzwmsv.exe
O4 - HKLM\..\Run: [axydim] C:\WINDOWS\system32\kzxctri.exe
O4 - HKLM\..\Run: [qvazxfme] C:\WINDOWS\system32\hxnyvmw.exe
O4 - HKLM\..\Run: [jjrmhf] C:\WINDOWS\system32\djlupja.exe
O4 - HKLM\..\Run: [oktwga] C:\WINDOWS\system32\ljawbx.exe
O4 - HKLM\..\Run: [lheozr] C:\WINDOWS\system32\kbdk.exe
O4 - HKLM\..\Run: [wnnd] C:\WINDOWS\system32\dotjaz.exe
O4 - HKLM\..\Run: [pkznkj] C:\WINDOWS\system32\mjxxs.exe
O4 - HKLM\..\Run: [ibfjlxkc] C:\WINDOWS\system32\htgjz.exe
O4 - HKLM\..\Run: [LzioMediaUpdater] C:\WINDOWS\system32\LzioMediaUpdater.exe
O4 - HKLM\..\Run: [amnfmvlt] C:\WINDOWS\system32\kiwuvss.exe
O4 - HKLM\..\Run: [ytcrkd] C:\WINDOWS\system32\prpes.exe
O4 - HKLM\..\Run: [qkepnox] C:\WINDOWS\system32\kglv.exe
O4 - HKLM\..\Run: [gidyfwi] C:\WINDOWS\system32\oiqup.exe
O4 - HKLM\..\Run: [oger] C:\WINDOWS\system32\rvin.exe
O4 - HKLM\..\Run: [nbqewue] C:\WINDOWS\system32\lkef.exe
O4 - HKLM\..\Run: [qhfcvwa] C:\WINDOWS\system32\ibca.exe
O4 - HKLM\..\Run: [wwkvjh] C:\WINDOWS\system32\uklurpz.exe
O4 - HKLM\..\Run: [nuvm] C:\WINDOWS\system32\rbjqus.exe
O4 - HKLM\..\Run: [yirrlkiz] C:\WINDOWS\system32\lqxhqr.exe
O4 - HKLM\..\Run: [ehtmpl] C:\WINDOWS\system32\unfbhff.exe
O4 - HKLM\..\Run: [ufvjmmj] C:\WINDOWS\system32\rddxjat.exe
O4 - HKLM\..\Run: [ceptitl] C:\WINDOWS\system32\llud.exe
O4 - HKLM\..\Run: [ppymar] C:\WINDOWS\system32\dmyxkrd.exe
O4 - HKLM\..\Run: [fnnai] C:\WINDOWS\system32\adwtmm.exe
O4 - HKLM\..\Run: [wajmqqq] C:\WINDOWS\system32\ijdrvbb.exe
O4 - HKLM\..\Run: [nmfql] C:\WINDOWS\system32\rlbhoq.exe
O4 - HKLM\..\Run: [lwivd] C:\WINDOWS\system32\awhhd.exe
O4 - HKLM\..\Run: [jttf] C:\WINDOWS\system32\whbnacx.exe
O4 - HKLM\..\Run: [havm] C:\WINDOWS\system32\qmmg.exe
O4 - HKLM\..\Run: [xluxkipz] C:\WINDOWS\system32\sulmpb.exe
O4 - HKLM\..\Run: [zxkjolq] C:\WINDOWS\system32\kmvauni.exe
O4 - HKLM\..\Run: [ymein] C:\WINDOWS\system32\xind.exe
O4 - HKLM\..\Run: [wyqwjyum] C:\WINDOWS\system32\sxbu.exe
O4 - HKLM\..\Run: [iqswmnri] C:\WINDOWS\system32\zqejvsx.exe
O4 - HKLM\..\Run: [bcymbht] C:\WINDOWS\system32\uknnef.exe
O4 - HKLM\..\Run: [tfhfgrir] C:\WINDOWS\system32\wkhhyv.exe
O4 - HKLM\..\Run: [wfeyqp] C:\WINDOWS\system32\ifpmt.exe
O4 - HKLM\..\Run: [nwigdu] C:\WINDOWS\system32\sktnvry.exe
O4 - HKLM\..\Run: [ukuqe] C:\WINDOWS\system32\imrdpo.exe
O4 - HKLM\..\Run: [xngmi] C:\WINDOWS\system32\novtpbd.exe
O4 - HKLM\..\Run: [vonohdjq] C:\WINDOWS\system32\mmkvi.exe
O4 - HKLM\..\Run: [rueimyh] C:\WINDOWS\system32\hnnovo.exe
O4 - HKLM\..\Run: [vudnxehv] C:\WINDOWS\system32\gendrig.exe
O4 - HKLM\..\Run: [hgojdgf] C:\WINDOWS\system32\xkzqqk.exe
O4 - HKLM\..\Run: [stlo] C:\WINDOWS\system32\szviui.exe
O4 - HKLM\..\Run: [sawzp] C:\WINDOWS\system32\fpjekf.exe
O4 - HKLM\..\Run: [ttiecty] C:\WINDOWS\system32\fimt.exe
O4 - HKLM\..\Run: [dlfoc] C:\WINDOWS\system32\dumfesm.exe
O4 - HKLM\..\Run: [jdmqburd] C:\WINDOWS\system32\hdnhb.exe
O4 - HKLM\..\Run: [nmfob] C:\WINDOWS\system32\rqwofy.exe
O4 - HKLM\..\Run: [xxlfr] C:\WINDOWS\system32\wxrzgx.exe
O4 - HKLM\..\Run: [ygaglz] C:\WINDOWS\system32\occnf.exe
O4 - HKLM\..\Run: [krwcqswj] C:\WINDOWS\system32\iryeb.exe
O4 - HKLM\..\Run: [rdydfaxz] C:\WINDOWS\system32\zreha.exe
O4 - HKLM\..\Run: [dljgu] C:\WINDOWS\system32\cwkg.exe
O4 - HKLM\..\Run: [wwplzop] C:\WINDOWS\system32\qyrqkz.exe
O4 - HKLM\..\Run: [mbmuqxuj] C:\WINDOWS\system32\psnyp.exe
O4 - HKLM\..\Run: [syctt] C:\WINDOWS\system32\mjlcr.exe
O4 - HKLM\..\Run: [rmmebxwd] C:\WINDOWS\system32\ofif.exe
O4 - HKLM\..\Run: [nbcul] C:\WINDOWS\system32\nlpkm.exe
O4 - HKLM\..\Run: [hydqcepy] C:\WINDOWS\system32\xfcu.exe
O4 - HKLM\..\Run: [vhsno] C:\WINDOWS\system32\yuyhwn.exe
O4 - HKLM\..\Run: [kxqqkdyr] C:\WINDOWS\system32\vtwcqr.exe
O4 - HKLM\..\Run: [hjou] C:\WINDOWS\system32\bzkfjsd.exe
O4 - HKLM\..\Run: [teuk] C:\WINDOWS\system32\sfeshue.exe
O4 - HKLM\..\Run: [nbng] C:\WINDOWS\system32\hcrp.exe
O4 - HKLM\..\Run: [rsrii] C:\WINDOWS\system32\omvwyjs.exe
O4 - HKLM\..\Run: [iovjqogy] C:\WINDOWS\system32\hvbcr.exe
O4 - HKLM\..\Run: [olthsl] C:\WINDOWS\system32\elzyu.exe
O4 - HKLM\..\Run: [ybxhdwe] C:\WINDOWS\system32\zanq.exe
O4 - HKLM\..\Run: [ffiyjazf] C:\WINDOWS\system32\cmnzikdj.exe
O4 - HKLM\..\Run: [yedvp] C:\WINDOWS\system32\piflj.exe
O4 - HKLM\..\Run: [qgvq] C:\WINDOWS\system32\ilvvbvv.exe
O4 - HKLM\..\Run: [uccmps] C:\WINDOWS\system32\qdybe.exe
O4 - HKLM\..\Run: [edzjw] C:\WINDOWS\system32\darmycp.exe
O4 - HKLM\..\Run: [bjbg] C:\WINDOWS\system32\aqhiayv.exe
O4 - HKLM\..\Run: [cdwbw] C:\WINDOWS\system32\pwghhsnp.exe
O4 - HKLM\..\Run: [dzhqnx] C:\WINDOWS\system32\jluydqi.exe
O4 - HKLM\..\Run: [yxzprpld] C:\WINDOWS\system32\zrpg.exe
O4 - HKLM\..\Run: [scstumg] C:\WINDOWS\system32\fwmxo.exe
O4 - HKLM\..\Run: [cjeet] C:\WINDOWS\system32\sseapxv.exe
O4 - HKLM\..\Run: [gzqr] C:\WINDOWS\system32\cmktq.exe
O4 - HKLM\..\Run: [rvoasdau] C:\WINDOWS\system32\zzusaf.exe
O4 - HKLM\..\Run: [glmcos] C:\WINDOWS\system32\wysoui.exe
O4 - HKLM\..\Run: [bihhuu] C:\WINDOWS\system32\hsyg.exe
O4 - HKLM\..\Run: [nbbddrm] C:\WINDOWS\system32\pjomc.exe
O4 - HKLM\..\Run: [jycxlvwx] C:\WINDOWS\system32\adtf.exe
O4 - HKLM\..\Run: [lunbz] C:\WINDOWS\system32\cggpeti.exe
O4 - HKLM\..\Run: [bsqyosn] C:\WINDOWS\system32\zwwtyxp.exe
O4 - HKLM\..\Run: [qand] C:\WINDOWS\system32\mcnu.exe
O4 - HKLM\..\Run: [vjfvjph] C:\WINDOWS\system32\zzffa.exe
O4 - HKLM\..\Run: [pmtzt] C:\WINDOWS\system32\uvqjbmr.exe
O4 - HKLM\..\Run: [abjnju] C:\WINDOWS\system32\rcxji.exe
O4 - HKLM\..\Run: [wvvh] C:\WINDOWS\system32\dwfo.exe
O4 - HKLM\..\Run: [sbjxd] C:\WINDOWS\system32\andk.exe
O4 - HKLM\..\Run: [vqzzrthw] C:\WINDOWS\system32\cqka.exe
O4 - HKLM\..\Run: [tuzroqn] C:\WINDOWS\system32\qkcjfava.exe
O4 - HKLM\..\Run: [eucl] C:\WINDOWS\system32\fgmsyfb.exe
O4 - HKLM\..\Run: [mrscu] C:\WINDOWS\system32\qizlz.exe
O4 - HKLM\..\Run: [qfsgk] C:\WINDOWS\system32\acfv.exe
O4 - HKLM\..\Run: [xcgjbr] C:\WINDOWS\system32\oszdgtdb.exe
O4 - HKLM\..\Run: [ithsvcv] C:\WINDOWS\system32\ihvuksq.exe
O4 - HKLM\..\Run: [wqllhdsh] C:\WINDOWS\system32\dwjlhzk.exe
O4 - HKLM\..\Run: [vrky] C:\WINDOWS\system32\nroeh.exe
O4 - HKLM\..\Run: [bwoaja] C:\WINDOWS\system32\brtzkczm.exe
O4 - HKLM\..\Run: [akfsuoqb] C:\WINDOWS\system32\fiujhb.exe
O4 - HKLM\..\Run: [iabyua] C:\WINDOWS\system32\ucbubwd.exe
O4 - HKLM\..\Run: [yydujbfo] C:\WINDOWS\system32\rtrpdaj.exe
O4 - HKLM\..\Run: [oatwd] C:\WINDOWS\system32\wfqz.exe
O4 - HKLM\..\Run: [ywdk] C:\WINDOWS\system32\otcmdrsb.exe
O4 - HKLM\..\Run: [fclh] C:\WINDOWS\system32\yglt.exe
O4 - HKLM\..\Run: [vbww] C:\WINDOWS\system32\iayezxnn.exe
O4 - HKLM\..\Run: [lecatnj] C:\WINDOWS\system32\cywtj.exe
O4 - HKLM\..\Run: [obofc] C:\WINDOWS\system32\ulnsnb.exe
O4 - HKLM\..\Run: [jlywt] C:\WINDOWS\system32\cvyxdsh.exe
O4 - HKLM\..\Run: [fzvss] C:\WINDOWS\system32\cnblg.exe
O4 - HKLM\..\Run: [uwicpf] C:\WINDOWS\system32\xkmoiq.exe
O4 - HKLM\..\Run: [mnkquupy] C:\WINDOWS\system32\zmrhj.exe
O4 - HKLM\..\Run: [wqvd] C:\WINDOWS\system32\wijd.exe
O4 - HKLM\..\Run: [qfbfkd] C:\WINDOWS\system32\jetgsh.exe
O4 - HKLM\..\Run: [yrvhfbq] C:\WINDOWS\system32\ovuq.exe
O4 - HKLM\..\Run: [etpvmv] C:\WINDOWS\system32\jtsfy.exe
O4 - HKLM\..\Run: [rlwnq] C:\WINDOWS\system32\wpdqssh.exe
O4 - HKLM\..\Run: [sifto] C:\WINDOWS\system32\gjqas.exe
O4 - HKLM\..\Run: [yedrqop] C:\WINDOWS\system32\daowv.exe
O4 - HKLM\..\Run: [irszxcv] C:\WINDOWS\system32\loma.exe
O4 - HKLM\..\Run: [xnwpczkt] C:\WINDOWS\system32\pwkd.exe
O4 - HKLM\..\Run: [ujtnt] C:\WINDOWS\system32\bqsqefii.exe
O4 - HKLM\..\Run: [zlvk] C:\WINDOWS\system32\bghjfd.exe
O4 - HKLM\..\Run: [razi] C:\WINDOWS\system32\tzaiqlyj.exe
O4 - HKLM\..\Run: [tenhlruc] C:\WINDOWS\system32\fvkls.exe
O4 - HKLM\..\Run: [zxxvihx] C:\WINDOWS\system32\asdwlh.exe
O4 - HKLM\..\Run: [coiv] C:\WINDOWS\system32\rnhj.exe
O4 - HKLM\..\Run: [kyexlfbl] C:\WINDOWS\system32\lascsg.exe
O4 - HKLM\..\Run: [mexviua] C:\WINDOWS\system32\xvagn.exe
O4 - HKLM\..\Run: [kuiwxzy] C:\WINDOWS\system32\eygjlr.exe
O4 - HKLM\..\Run: [yfdo] C:\WINDOWS\system32\wmwmapu.exe
O4 - HKLM\..\Run: [lchis] C:\WINDOWS\system32\qcsdwog.exe
O4 - HKLM\..\Run: [srzf] C:\WINDOWS\system32\dykgxycs.exe
O4 - HKLM\..\Run: [jajepwmu] C:\WINDOWS\system32\nsqzyru.exe
O4 - HKLM\..\Run: [eypbn] C:\WINDOWS\system32\lhbi.exe
O4 - HKLM\..\Run: [aqzngu] C:\WINDOWS\system32\nptniyj.exe
O4 - HKLM\..\Run: [sgfnqc] C:\WINDOWS\system32\beok.exe
O4 - HKLM\..\Run: [ybqaugup] C:\WINDOWS\system32\wtcc.exe
O4 - HKLM\..\Run: [yumbbh] C:\WINDOWS\system32\ahfbzcg.exe
O4 - HKLM\..\Run: [knkzhl] C:\WINDOWS\system32\ksdbwg.exe
O4 - HKLM\..\Run: [cenk] C:\WINDOWS\system32\zdjetqx.exe
O4 - HKLM\..\Run: [oholhu] C:\WINDOWS\system32\gwuko.exe
O4 - HKLM\..\Run: [rdnx] C:\WINDOWS\system32\eabzpvjf.exe
O4 - HKLM\..\Run: [qfkuv] C:\WINDOWS\system32\czzurzpu.exe
O4 - HKLM\..\Run: [aehzzk] C:\WINDOWS\system32\vroexxlc.exe
O4 - HKLM\..\Run: [irckz] C:\WINDOWS\system32\bmlt.exe
O4 - HKLM\..\Run: [ckztldt] C:\WINDOWS\system32\cbsqm.exe
O4 - HKLM\..\Run: [dezeuel] C:\WINDOWS\system32\lsreitet.exe
O4 - HKLM\..\Run: [kwfeqe] C:\WINDOWS\system32\cqgfbq.exe
O4 - HKLM\..\Run: [acdfiesv] C:\WINDOWS\system32\fkphld.exe
O4 - HKLM\..\Run: [dtpsr] C:\WINDOWS\system32\sgakmfc.exe
O4 - HKLM\..\Run: [orbhf] C:\WINDOWS\system32\candfy.exe
O4 - HKLM\..\Run: [augzmjcq] C:\WINDOWS\system32\omxycb.exe
O4 - HKLM\..\Run: [likdg] C:\WINDOWS\system32\ibtqya.exe
O4 - HKLM\..\Run: [anrp] C:\WINDOWS\system32\vqhvt.exe
O4 - HKLM\..\Run: [ebvof] C:\WINDOWS\system32\ebne.exe
O4 - HKLM\..\Run: [alknfsma] C:\WINDOWS\system32\whzrpgcd.exe
O4 - HKLM\..\Run: [wcweivej] C:\WINDOWS\system32\zopbpvrz.exe
O4 - HKLM\..\Run: [mhfhjqhc] C:\WINDOWS\system32\hsvw.exe
O4 - HKLM\..\Run: [incxh] C:\WINDOWS\system32\eqts.exe
O4 - HKLM\..\Run: [tplic] C:\WINDOWS\system32\okzkiay.exe
O4 - HKLM\..\Run: [mlvui] C:\WINDOWS\system32\drmwjla.exe
O4 - HKLM\..\Run: [wmcvzins] C:\WINDOWS\system32\qtqvjywg.exe
O4 - HKLM\..\Run: [uozsah] C:\WINDOWS\system32\nkoqdtku.exe
O4 - HKLM\..\Run: [xafwveth] C:\WINDOWS\system32\fbthyu.exe
O4 - HKLM\..\Run: [lhkb] C:\WINDOWS\system32\bkur.exe
O4 - HKLM\..\Run: [xslyc] C:\WINDOWS\system32\mmacwes.exe
O4 - HKLM\..\Run: [pkhyczs] C:\WINDOWS\system32\qflev.exe
O4 - HKLM\..\Run: [zbbcd] C:\WINDOWS\system32\sfkkmib.exe
O4 - HKLM\..\Run: [opfcxk] C:\WINDOWS\system32\arqnksqs.exe
O4 - HKLM\..\Run: [lxmtp] C:\WINDOWS\system32\qtodeqaq.exe
O4 - HKLM\..\Run: [srnzk] C:\WINDOWS\system32\gtqodm.exe
O4 - HKLM\..\Run: [bebzqj] C:\WINDOWS\system32\kusge.exe
O4 - HKLM\..\Run: [foyaqbs] C:\WINDOWS\system32\woas.exe
O4 - HKLM\..\Run: [eepdpvc] C:\WINDOWS\system32\ergnx.exe
O4 - HKLM\..\Run: [hepmajzg] C:\WINDOWS\system32\duscl.exe
O4 - HKLM\..\Run: [huygdl] C:\WINDOWS\system32\xpap.exe
O4 - HKLM\..\Run: [xozs] C:\WINDOWS\system32\gtjegh.exe
O4 - HKLM\..\Run: [mexuo] C:\WINDOWS\system32\djzzic.exe
O4 - HKLM\..\Run: [dqij] C:\WINDOWS\system32\zqxkil.exe
O4 - HKLM\..\Run: [jjufk] C:\WINDOWS\system32\roul.exe
O4 - HKLM\..\Run: [eqwek] C:\WINDOWS\system32\iufyilbc.exe
O4 - HKLM\..\Run: [hyswjq] C:\WINDOWS\system32\tiwg.exe
O4 - HKLM\..\Run: [kqnbhr] C:\WINDOWS\system32\poktgum.exe
O4 - HKLM\..\Run: [iwekeap] C:\WINDOWS\system32\hjss.exe
O4 - HKLM\..\Run: [klujzg] C:\WINDOWS\system32\dwuiz.exe
O4 - HKLM\..\Run: [kzxqlff] C:\WINDOWS\system32\cusktgbc.exe
O4 - HKLM\..\Run: [hhhe] C:\WINDOWS\system32\kwqamek.exe
O4 - HKLM\..\Run: [kklyuhk] C:\WINDOWS\system32\tklydhdo.exe
O4 - HKLM\..\Run: [ocsh] C:\WINDOWS\system32\rypi.exe
O4 - HKLM\..\Run: [jevgmppz] C:\WINDOWS\system32\qwmkoe.exe
O4 - HKLM\..\Run: [rloiy] C:\WINDOWS\system32\ghlz.exe
O4 - HKLM\..\Run: [tlghr] C:\WINDOWS\system32\jheqoby.exe
O4 - HKLM\..\Run: [xusqx] C:\WINDOWS\system32\rkltllop.exe
O4 - HKLM\..\Run: [dcqfdilv] C:\WINDOWS\system32\jfhse.exe
O4 - HKLM\..\Run: [emaoi] C:\WINDOWS\system32\flmfwgr.exe
O4 - HKLM\..\Run: [ivbn] C:\WINDOWS\system32\ejjhp.exe
O4 - HKLM\..\Run: [avrhg] C:\WINDOWS\system32\xtncf.exe
O4 - HKLM\..\Run: [sawwems] C:\WINDOWS\system32\dbgzxv.exe
O4 - HKLM\..\Run: [ldot] C:\WINDOWS\system32\yiczc.exe
O4 - HKLM\..\Run: [afowxsqh] C:\WINDOWS\system32\dnpz.exe
O4 - HKLM\..\Run: [pluzhwhs] C:\WINDOWS\system32\ckwea.exe
O4 - HKLM\..\Run: [vvivsqjx] C:\WINDOWS\system32\rpgn.exe
O4 - HKLM\..\Run: [tmoo] C:\WINDOWS\system32\bylo.exe
O4 - HKLM\..\Run: [pqhfhhth] C:\WINDOWS\system32\ghmyykj.exe
O4 - HKLM\..\Run: [dibs] C:\WINDOWS\system32\ivkj.exe
O4 - HKLM\..\Run: [aqucfkd] C:\WINDOWS\system32\xruslipy.exe
O4 - HKLM\..\Run: [oegl] C:\WINDOWS\system32\fjxhow.exe
O4 - HKLM\..\Run: [czoro] C:\WINDOWS\system32\hxhy.exe
O4 - HKLM\..\Run: [ttudvg] C:\WINDOWS\system32\mgiibte.exe
O4 - HKLM\..\Run: [jfvha] C:\WINDOWS\system32\ydtldeao.exe
O4 - HKLM\..\Run: [twwn] C:\WINDOWS\system32\dhwh.exe
O4 - HKLM\..\Run: [lamx] C:\WINDOWS\system32\lhjzpg.exe
O4 - HKLM\..\Run: [vzap] C:\WINDOWS\system32\ofzscp.exe
O4 - HKLM\..\Run: [tfoten] C:\WINDOWS\system32\qkybhg.exe
O4 - HKLM\..\Run: [nlkny] C:\WINDOWS\system32\rbpx.exe
O4 - HKLM\..\Run: [vcqi] C:\WINDOWS\system32\bbsjx.exe
O4 - HKLM\..\Run: [yaryjoxz] C:\WINDOWS\system32\jhnos.exe
O4 - HKLM\..\Run: [dfjzo] C:\WINDOWS\system32\wjrmkv.exe
O4 - HKLM\..\Run: [disrf] C:\WINDOWS\system32\cdqxeqar.exe
O4 - HKLM\..\Run: [yksxj] C:\WINDOWS\system32\uxzeslkl.exe
O4 - HKLM\..\Run: [ymdgy] C:\WINDOWS\system32\rgbgpc.exe
O4 - HKLM\..\Run: [bbaakry] C:\WINDOWS\system32\mvpyu.exe
O4 - HKLM\..\Run: [kbwbogas] C:\WINDOWS\system32\borl.exe
O4 - HKLM\..\Run: [jvzbudq] C:\WINDOWS\system32\jrfoy.exe
O4 - HKLM\..\Run: [clsiiaf] C:\WINDOWS\system32\rbappw.exe
O4 - HKLM\..\Run: [rtlwcyu] C:\WINDOWS\system32\pamudlh.exe
O4 - HKLM\..\Run: [moty] C:\WINDOWS\system32\mjnea.exe
O4 - HKLM\..\Run: [itlcrqh] C:\WINDOWS\system32\anxn.exe
O4 - HKLM\..\Run: [trlhusoy] C:\WINDOWS\system32\qrtvi.exe
O4 - HKLM\..\Run: [oaouacfm] C:\WINDOWS\system32\nnde.exe
O4 - HKLM\..\Run: [sodky] C:\WINDOWS\system32\klbi.exe
O4 - HKLM\..\Run: [vxamolfu] C:\WINDOWS\system32\qlgk.exe
O4 - HKLM\..\Run: [jkahwf] C:\WINDOWS\system32\bwlqm.exe
O4 - HKLM\..\Run: [dlqpja] C:\WINDOWS\system32\lxnkok.exe
O4 - HKLM\..\Run: [jeidkm] C:\WINDOWS\system32\xdsariat.exe
O4 - HKLM\..\Run: [ueky] C:\WINDOWS\system32\pjenqka.exe
O4 - HKLM\..\Run: [rkykez] C:\WINDOWS\system32\obhct.exe
O4 - HKLM\..\Run: [mtfpqpev] C:\WINDOWS\system32\knhdgvr.exe
O4 - HKLM\..\Run: [owwycvmw] C:\WINDOWS\system32\pxind.exe
O4 - HKLM\..\Run: [gxfubur] C:\WINDOWS\system32\nmxxtewc.exe
O4 - HKLM\..\Run: [oykgorrx] C:\WINDOWS\system32\zzsy.exe
O4 - HKLM\..\Run: [dvneuo] C:\WINDOWS\system32\dgjj.exe
O4 - HKLM\..\Run: [qaiqs] C:\WINDOWS\system32\drmxezm.exe
O4 - HKLM\..\Run: [bbsojv] C:\WINDOWS\system32\fjynbmgj.exe
O4 - HKLM\..\Run: [sibc] C:\WINDOWS\system32\pwgm.exe
O4 - HKLM\..\Run: [yhrccswr] C:\WINDOWS\system32\fznod.exe
O4 - HKLM\..\Run: [qblmutvi] C:\WINDOWS\system32\dewyupat.exe
O4 - HKLM\..\Run: [fgnrwwh] C:\WINDOWS\system32\mpczstb.exe
O4 - HKLM\..\Run: [ssrmitvd] C:\WINDOWS\system32\uifnn.exe
O4 - HKLM\..\Run: [uvbk] C:\WINDOWS\system32\dkyayex.exe
O4 - HKLM\..\Run: [gqia] C:\WINDOWS\system32\upjnxgx.exe
O4 - HKLM\..\Run: [eugytt] C:\WINDOWS\system32\ecauauzd.exe
O4 - HKLM\..\Run: [vshmdf] C:\WINDOWS\system32\udpsxy.exe
O4 - HKLM\..\Run: [uetsfz] C:\WINDOWS\system32\dugos.exe
O4 - HKLM\..\Run: [jbbul] C:\WINDOWS\system32\sqqw.exe
O4 - HKLM\..\Run: [wwrkd] C:\WINDOWS\system32\uccbyy.exe
O4 - HKLM\..\Run: [dfyf] C:\WINDOWS\system32\btcrvj.exe
O4 - HKLM\..\Run: [tmex] C:\WINDOWS\system32\psyxis.exe
O4 - HKLM\..\Run: [ndvlhvca] C:\WINDOWS\system32\japv.exe
O4 - HKLM\..\Run: [aehym] C:\WINDOWS\system32\ywymisjs.exe
O4 - HKLM\..\Run: [klyckr] C:\WINDOWS\system32\sqoijnr.exe
O4 - HKLM\..\Run: [fovxptx] C:\WINDOWS\system32\wqhid.exe
O4 - HKLM\..\Run: [sfwgswj] C:\WINDOWS\system32\ovbv.exe
O4 - HKLM\..\Run: [rzdlbu] C:\WINDOWS\system32\nura.exe
O4 - HKLM\..\Run: [icuw] C:\WINDOWS\system32\mthbvhq.exe
O4 - HKLM\..\Run: [bdiftr] C:\WINDOWS\system32\gaghu.exe
O4 - HKLM\..\Run: [ndmxwsr] C:\WINDOWS\system32\inpzj.exe
O4 - HKLM\..\Run: [vsnfrlz] C:\WINDOWS\system32\peppg.exe
O4 - HKLM\..\Run: [scho] C:\WINDOWS\system32\eizy.exe
O4 - HKLM\..\Run: [spxxl] C:\WINDOWS\system32\wfibrwg.exe
O4 - HKLM\..\Run: [gohsubq] C:\WINDOWS\system32\scmbfpwh.exe
O4 - HKLM\..\Run: [qgedrmkp] C:\WINDOWS\system32\cuhvzfyz.exe
O4 - HKLM\..\Run: [pjjam] C:\WINDOWS\system32\vzeurvc.exe
O4 - HKLM\..\Run: [hkhzmki] C:\WINDOWS\system32\lugy.exe
O4 - HKLM\..\Run: [ftvtk] C:\WINDOWS\system32\aqphhmre.exe
O4 - HKLM\..\Run: [lkji] C:\WINDOWS\system32\evlr.exe
O4 - HKLM\..\Run: [svec] C:\WINDOWS\system32\brqrj.exe
O4 - HKLM\..\Run: [gecebxds] C:\WINDOWS\system32\rmrofpab.exe
O4 - HKLM\..\Run: [yhyrm] C:\WINDOWS\system32\xzfamp.exe
O4 - HKLM\..\Run: [zkkkil] C:\WINDOWS\system32\jzzag.exe
O4 - HKLM\..\Run: [zuvxhmeb] C:\WINDOWS\system32\egur.exe
O4 - HKLM\..\Run: [makfdqr] C:\WINDOWS\system32\dlngu.exe
O4 - HKLM\..\Run: [zlvvbww] C:\WINDOWS\system32\ypxvf.exe
O4 - HKLM\..\Run: [vridfowy] C:\WINDOWS\system32\ptyjfjj.exe
O4 - HKLM\..\Run: [ednrxuan] C:\WINDOWS\system32\exvsnqd.exe
O4 - HKLM\..\Run: [nmslfe] C:\WINDOWS\system32\pzbdn.exe
O4 - HKLM\..\Run: [wsarkjvf] C:\WINDOWS\system32\zmjkjx.exe

O4 - HKLM\..\Run: [kysqj] C:\WINDOWS\system32\colorh.exe
O4 - HKLM\..\Run: [mzvnqeq] C:\WINDOWS\system32\qrkylkny.exe
O4 - HKLM\..\Run: [dmvv] C:\WINDOWS\system32\oyzpbu.exe
O4 - HKLM\..\Run: [hzksc] C:\WINDOWS\system32\vmnbv.exe
O4 - HKLM\..\Run: [vainu] C:\WINDOWS\system32\pmmyuztb.exe
O4 - HKLM\..\Run: [uqhyw] C:\WINDOWS\system32\gsyutbl.exe
O4 - HKLM\..\Run: [gqmoq] C:\WINDOWS\system32\vvier.exe
O4 - HKLM\..\Run: [xmuwf] C:\WINDOWS\system32\blxohaov.exe
O4 - HKLM\..\Run: [ekifphc] C:\WINDOWS\system32\cbpjdo.exe
O4 - HKLM\..\Run: [tjqyym] C:\WINDOWS\system32\ubcwewfj.exe
O4 - HKLM\..\Run: [dfwn] C:\WINDOWS\system32\ivbgy.exe
O4 - HKLM\..\Run: [dent] C:\WINDOWS\system32\soho.exe
O4 - HKLM\..\Run: [cxyl] C:\WINDOWS\system32\otkl.exe
O4 - HKLM\..\Run: [askys] C:\WINDOWS\system32\jixd.exe
O4 - HKLM\..\Run: [uavwnvnm] C:\WINDOWS\system32\lkdnktc.exe
O4 - HKLM\..\Run: [ruhxxwsk] C:\WINDOWS\system32\fdimlkn.exe
O4 - HKLM\..\Run: [piills] C:\WINDOWS\system32\jwqczoei.exe
O4 - HKLM\..\Run: [mmcxm] C:\WINDOWS\system32\dleudvzu.exe
O4 - HKLM\..\Run: [obydbs] C:\WINDOWS\system32\hlgtxy.exe
O4 - HKLM\..\Run: [bjhpee] C:\WINDOWS\system32\lmfx.exe
O4 - HKLM\..\Run: [qiaui] C:\WINDOWS\system32\qvgzasg.exe
O4 - HKLM\..\Run: [ykmvh] C:\WINDOWS\system32\csrktdbh.exe
O4 - HKLM\..\Run: [xqga] C:\WINDOWS\system32\nulnaxqa.exe
O4 - HKLM\..\Run: [kmdvi] C:\WINDOWS\system32\awpd.exe
O4 - HKLM\..\Run: [ripkcki] C:\WINDOWS\system32\olkavd.exe
O4 - HKLM\..\Run: [ikytfyzc] C:\WINDOWS\system32\upraf.exe
O4 - HKLM\..\Run: [wdtkjsq] C:\WINDOWS\system32\opqgehtm.exe
O4 - HKLM\..\Run: [yadwgh] C:\WINDOWS\system32\ledda.exe
O4 - HKLM\..\Run: [qprsitgh] C:\WINDOWS\system32\aneisefa.exe
O4 - HKLM\..\Run: [hdok] C:\WINDOWS\system32\ohct.exe
O4 - HKLM\..\Run: [mklmehho] C:\WINDOWS\system32\dlub.exe
O4 - HKLM\..\Run: [yzuvu] C:\WINDOWS\system32\ceuhqn.exe
O4 - HKLM\..\Run: [eylpbk] C:\WINDOWS\system32\ujouo.exe
O4 - HKLM\..\Run: [pzztaw] C:\WINDOWS\system32\npcch.exe
O4 - HKLM\..\Run: [xouj] C:\WINDOWS\system32\cjvlor.exe
O4 - HKLM\..\Run: [vjigtag] C:\WINDOWS\system32\bhkmhpwn.exe
O4 - HKLM\..\Run: [tlfdtyan] C:\WINDOWS\system32\yfiikkck.exe
O4 - HKLM\..\Run: [mhcef] C:\WINDOWS\system32\cetmhuca.exe
O4 - HKLM\..\Run: [bkjybf] C:\WINDOWS\system32\zujhjxj.exe
O4 - HKLM\..\Run: [imjdbtqo] C:\WINDOWS\system32\uqcs.exe
O4 - HKLM\..\Run: [maoypnx] C:\WINDOWS\system32\ityz.exe
O4 - HKLM\..\Run: [eadr] C:\WINDOWS\system32\reezgybx.exe
O4 - HKLM\..\Run: [zslzj] C:\WINDOWS\system32\fylka.exe
O4 - HKLM\..\Run: [vpuipdh] C:\WINDOWS\system32\nkzuq.exe
O4 - HKLM\..\Run: [tizsoghd] C:\WINDOWS\system32\wbzhmeoy.exe
O4 - HKLM\..\Run: [whoc] C:\WINDOWS\system32\oocgdg.exe
O4 - HKLM\..\Run: [amgljea] C:\WINDOWS\system32\vloflu.exe
O4 - HKLM\..\Run: [ayclljfp] C:\WINDOWS\system32\zplfznk.exe
O4 - HKLM\..\Run: [zlzji] C:\WINDOWS\system32\vwjrpch.exe
O4 - HKLM\..\Run: [mhbcot] C:\WINDOWS\system32\mbwzvyl.exe
O4 - HKLM\..\Run: [srcjpowt] C:\WINDOWS\system32\qdaqvlzq.exe
O4 - HKLM\..\Run: [hlzmdjw] C:\WINDOWS\system32\yoeeqh.exe
O4 - HKLM\..\Run: [fnrye] C:\WINDOWS\system32\akxgr.exe
O4 - HKLM\..\Run: [mthd] C:\WINDOWS\system32\hubcihnt.exe
O4 - HKLM\..\Run: [qaijj] C:\WINDOWS\system32\nweyipu.exe
O4 - HKLM\..\Run: [ypnzpovf] C:\WINDOWS\system32\efrzp.exe
O4 - HKLM\..\Run: [wcmeztbi] C:\WINDOWS\system32\uixbni.exe
O4 - HKLM\..\Run: [gbcuxtzo] C:\WINDOWS\system32\iwonvm.exe
O4 - HKLM\..\Run: [fnapl] C:\WINDOWS\system32\sqcg.exe
O4 - HKLM\..\Run: [hmxbn] C:\WINDOWS\system32\zbijmo.exe
O4 - HKLM\..\Run: [cldjetk] C:\WINDOWS\system32\xyddscg.exe
O4 - HKLM\..\Run: [erkgcr] C:\WINDOWS\system32\ghyf.exe
O4 - HKLM\..\Run: [gmkchid] C:\WINDOWS\system32\hxxsfss.exe
O4 - HKLM\..\Run: [voslrvkh] C:\WINDOWS\system32\xbkq.exe
O4 - HKLM\..\Run: [qcpapxgw] C:\WINDOWS\system32\uaim.exe
O4 - HKLM\..\Run: [nzdtapkg] C:\WINDOWS\system32\rqgikuje.exe
O4 - HKLM\..\Run: [xtqd] C:\WINDOWS\system32\bydhjdlf.exe
O4 - HKLM\..\Run: [qcdbtahv] C:\WINDOWS\system32\qunqkjsd.exe
O4 - HKLM\..\Run: [yndo] C:\WINDOWS\system32\ojjlme.exe
O4 - HKLM\..\Run: [kbasjpcm] C:\WINDOWS\system32\jyfkjk.exe
O4 - HKLM\..\Run: [dqcsbwwl] C:\WINDOWS\system32\wvqnkng.exe
O4 - HKLM\..\Run: [zytyim] C:\WINDOWS\system32\gneeo.exe
O4 - HKLM\..\Run: [sgvrxk] C:\WINDOWS\system32\dlua.exe
O4 - HKLM\..\Run: [vukgvm] C:\WINDOWS\system32\acsw.exe
O4 - HKLM\..\Run: [frjsj] C:\WINDOWS\system32\mumfrwlr.exe
O4 - HKLM\..\Run: [efkopp] C:\WINDOWS\system32\qdopon.exe
O4 - HKLM\..\Run: [ujmpyxgy] C:\WINDOWS\system32\hzakjj.exe
O4 - HKLM\..\Run: [bhpfgx] C:\WINDOWS\system32\toujuy.exe
O4 - HKLM\..\Run: [fbtrwhs] C:\WINDOWS\system32\isamsiv.exe
O4 - HKLM\..\Run: [fgvcdubt] C:\WINDOWS\system32\xwkvtn.exe
O4 - HKLM\..\Run: [nquyh] C:\WINDOWS\system32\ieztquv.exe
O4 - HKLM\..\Run: [rhuqoyi] C:\WINDOWS\system32\cjkm.exe
O4 - HKLM\..\Run: [hdnbwqmn] C:\WINDOWS\system32\zgfjks.exe
O4 - HKLM\..\Run: [rpwa] C:\WINDOWS\system32\lxrihl.exe
O4 - HKLM\..\Run: [hbzb] C:\WINDOWS\system32\buvkcy.exe
O4 - HKLM\..\Run: [usay] C:\WINDOWS\system32\vodpx.exe
O4 - HKLM\..\Run: [qwotg] C:\WINDOWS\system32\oarm.exe
O4 - HKLM\..\Run: [tcdqfg] C:\WINDOWS\system32\mzpi.exe
O4 - HKLM\..\Run: [bkwxnct] C:\WINDOWS\system32\golhpaxo.exe
O4 - HKLM\..\RunServices: [McAfee Antivirus] McAfeeAV.exe
O4 - HKCU\..\Run: [somepaxg] C:\WINDOWS\System32\tneqp.exe k:somepaxg:
O4 - HKCU\..\Run: [fprxw] C:\WINDOWS\System32\tmtrqprf.exe k:fprxw:
O4 - HKCU\..\Run: [fhxm] C:\WINDOWS\System32\orhej.exe k:fhxm:
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\dngmhta.exe
O4 - HKCU\..\Run: [JwupROK4h] appmrt16.exe
O4 - HKCU\..\Run: [Aaou] C:\Documents and Settings\New\Application Data\othb.exe
O4 - HKCU\..\Run: [Eofp] C:\WINDOWS\system32\r?ndll.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1059.dll,InstantAccess

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O15 - Trusted Zone: www.seventeen.com
O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - http://akamai.downlo...ESS_1059_XP.cab
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downlo...ESS_1057_XP.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....ro64_loader.dll
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downlo...net32_EN_XP.cab

O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downlo..._1041_EN_XP.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downlo...ESS_1058_XP.cab
O16 - DPF: {C4AE95E6-4EE4-6B4F-A12B-EAAA3858187F} - http://art.towerreco...formerSetup.cab

O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo...tpe32_EN_XP.cab
O20 - Winlogon Notify: cutil - C:\WINDOWS\inf\cutil.dll



--------------------------
When finished, post the contents of Spywad.txt and a new Hijackthis log.

If the files deleted are all found to be part of the infection and nothing important has been deleted, you will be instructed to delete the entire Spywad Remove Folder after you have cleaned up all other User Profiles on that system.


Once you have performed the big cleanup, each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.

I have included another vbs to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

Then run hijackthis and remove the entries as directed by your Forum Advisor.

---------------------------------------------------------


After everything has been fixed, and you want to reset your wallpaper, open Display Properties > Desktop Tab. Choose a Wallpaper and apply. Close Display Properties. To see the change, click on the desktop and press F5.

Regards,
  • 0

#3
selftitled10

selftitled10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
This is the hijack this log after following your steps. Right after fixing everything one pop up came up for "winfixer." This is one of the usual popups that I usually get but I haven't noticed any other malware evident yet.




Logfile of HijackThis v1.99.1
Scan saved at 11:09:52 AM, on 6/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\hgkav.exe
C:\WINDOWS\system32\wkci.exe
C:\WINDOWS\system32\yjtonur.exe
C:\WINDOWS\system32\r?ndll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\New\Desktop\hijack this\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\inf\cutil.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Antivirus] McAfeeAV.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Advisor - {22AB09A5-AB12-4A4C-BEAA-CC38595B6CA8} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb14.pogo...aploader_v6.cab
O20 - Winlogon Notify: cutil - C:\WINDOWS\inf\cutil.dll
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Note: I didn't have a "spywad.txt" I suppose that's because when I entered "C:\WINDOWS\system32\vodpx.exe" in the entry space it said that it couldn't find that file. I scaned on Hijackthis right after I tried the spyware warrior thing and it still showed up. I even went and looked for it in the system32 folder and did not find it. So, I selected "fix checked" for that file because you said it needed to be deleted to do the rest of the cleaning process.

There are still files for "cutil.dll" even though they were supposed to be deleted and we don't use netscape so I don't know why that file is there. Also, There are many extra AOL programs/processes that I'm not sure are necessary because some of their programs like their spyware protection probably conflicts with the ones we have now (spybot & adaware).
~ O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\inf\cutil.dll
~O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
~O20 - Winlogon Notify: cutil - C:\WINDOWS\inf\cutil.dll

Thank you soooooo much! :tazz:

  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Still a lot left, but looking much better. :tazz:

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Replace on Reboot option and put a checkmark in "Use Dummy"
*Select this file to be replaced:
C:\WINDOWS\inf\cutil.dll
*Let the computer reboot and run HijackThis

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\inf\cutil.dll

O20 - Winlogon Notify: cutil - C:\WINDOWS\inf\cutil.dll

Reboot once more.
Post back with a new HiackThis log.

Regards,
  • 0

#5
selftitled10

selftitled10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:32:42 PM, on 6/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\New\Desktop\hijack this\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\inf\cutil.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Antivirus] McAfeeAV.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Advisor - {22AB09A5-AB12-4A4C-BEAA-CC38595B6CA8} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb14.pogo...aploader_v6.cab
O20 - Winlogon Notify: cutil - C:\WINDOWS\inf\cutil.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Thanks again, my computer goes so much faster already!

Edited by selftitled10, 12 June 2005 - 03:34 PM.

  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Can you find the file C:\WINDOWS\inf\cutil.dll
rightclick it and let me know what it says under Properties

The inf folder is hidden by default. See HERE for how to show hidden files.

Regards,
  • 0

#7
selftitled10

selftitled10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Tab: General.
-Type of file: Application Extension
-Opens with: Unknown Application

-Location: C:\WINDOWS\inf
-Size: 457 KB (468,500 bytes)
-Size on disk: 460 KB (471,040 bytes)

-Created: Monday, April 25, 2005, 6:30:07 PM
-Modified: Monday, April 25, 2005, 6:30:07 PM
-Accessed: Today, June 13, 2005, 4:35:49 PM

Tab: Virus Property (Pc-Cillin)
-Virus Name: TROJ_VUNDO.H
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Please download Process explorer from http://www.sysintern...ssExplorer.html

Install and run the program.
Click Find DLL and make it search for cutil.dll

Let me know in which processes it is found.

Regards,
  • 0

#9
selftitled10

selftitled10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
It is in explorer and internet explorer.
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Excellent. :tazz:

Close all IE windows and start Kilbox.
Clsoe as many programs and windows as possible except Killbox.
Select Standard File Kill and put a checkmark in the End Explorer shell while Killing File.
Copy & paste this in the Ful Path to File To kill box:
C:\WINDOWS\inf\cutil.dll
Then click the Delete File button.

Your desktop and taskbar will dissappear for a brief moment, that is normal.

Now run Process explorer again and check if the file is gone from all te processes.

If so, check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\inf\cutil.dll

O20 - Winlogon Notify: cutil - C:\WINDOWS\inf\cutil.dll

Do another scan after you fixed those lines to see if they stayed away.

If they did reboot and post a new log.

Regards,
  • 0

Advertisements


#11
selftitled10

selftitled10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
It said it could not delete the file.

Edited by selftitled10, 14 June 2005 - 05:39 PM.

  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
:tazz:

Come again ?

What exactly happened?

Regards,
  • 0

#13
selftitled10

selftitled10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I started Killbox and I entered the address: C:\WINDOWS\inf\cutil.dll
Then I closed internet explorer, checked off the end explorer thing, and I clicked delete as it said in the directions. Then a window popped up saying "could not delete file."

Edited by selftitled10, 15 June 2005 - 12:53 PM.

  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,673 posts
Let me know if that gets rid of it.

Regards,
  • 0

#15
selftitled10

selftitled10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
It still is there I checked to see if it was in explorer and internet explorer and it was. I'm posting a hijack this log just incase anything changed...


Logfile of HijackThis v1.99.1
Scan saved at 6:19:51 PM, on 6/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\New\Desktop\hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\inf\cutil.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Antivirus] McAfeeAV.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [System Support] system32.exe
O4 - HKLM\..\RunServices: [System Support] system32.exe
O4 - HKCU\..\Run: [System Support] system32.exe
O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Advisor - {22AB09A5-AB12-4A4C-BEAA-CC38595B6CA8} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb14.pogo...aploader_v6.cab
O20 - Winlogon Notify: cutil - C:\WINDOWS\inf\cutil.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP