Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help to remove abcsearch4u [CLOSED]

Started by misa , Jun 24 2005 11:26 PM

  • This topic is locked This topic is locked

#1
misa
Posted 24 June 2005 - 11:26 PM

misa

    New Member

  • Member
  • Pip
  • 1 posts
Please help me to remove this malware from my computer.

This is my HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:27:47 PM, on 25/06/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Bkav2002\Bkav2002.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\winnt\kqnfhtx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\802.11 Wireless LAN\802.11b Wireless USB Adapter HW.00 V1.11\Wireless Configuration Utility HW.00.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BkavFw] C:\Program Files\Bkav2002\Bkav2002.exe TASKBAR
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [afmlbdj] c:\winnt\kqnfhtx.exe
O4 - HKCU\..\Run: [Odbe] C:\Program Files\epdh\rtcc.exe
O4 - HKCU\..\Run: [Qnklycwx] C:\WINNT\System32\r?gsvr32.exe
O4 - HKCU\..\Run: [uwlpmas] c:\winnt\aoffvmr.exe
O4 - HKCU\..\Run: [qhfwtga] c:\winnt\aoffvmr.exe
O4 - HKCU\..\Run: [muvqrqr] c:\winnt\rkvtvcx.exe
O4 - HKCU\..\Run: [gedkrae] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [hmlanxv] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [cgcaigd] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [cqnltia] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [xunodus] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [qupscvn] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [gtppqyh] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [ydierrt] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [ekyqpcm] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [gkikvkf] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [otysvxx] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [yvyduaw] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [ediyfya] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [lewvwlg] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [mpuebjm] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [fhowecm] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [fvtgmub] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [ybddvhr] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [ujogdni] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [uuaffmc] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [oagrtfj] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [tgvdrjn] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [kymbfws] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [hwxstkg] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [iksjqxi] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [ialgwfu] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [iyakcex] c:\winnt\nxkmdre.exe
O4 - HKCU\..\Run: [nnhruyd] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [cdieoup] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [hihbfnb] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [mcnjpwf] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [ldahdxq] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [raptmlm] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [plcxcor] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [bxjvekl] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [sywyqbx] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [ykyuikg] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [uifuowp] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [hmclimr] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [kfxbeqy] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [dqoxcrp] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [jbawwce] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [lqxieqe] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [ngvphow] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [ngjwlda] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [dhdjega] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [sfomsod] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [ynfqadt] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [alppwpb] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [nsatpeq] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [trjaabb] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [bxhiprm] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [ikicsld] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [scyqwaa] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [keevoop] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [mxjnixm] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [kltxkgy] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [datqlqe] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [htrsssv] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [ypvvibx] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [qxhvowi] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [osauxjc] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [majuhlk] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [jqnvuxp] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [txwwkyt] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [aqtfrqm] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [htxywcs] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [pvvootb] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [axbmxmi] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [toayimp] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [dqhdxfk] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [qrhkqtt] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [aajklxm] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [iulleve] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [oejftmr] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [qpwfbpi] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [ifukcnb] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [whbwgql] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [xadactq] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [gbqaetr] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [ijhreye] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [adyirsi] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [suhxdxb] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [midnujq] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [vbahvhh] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [lijrrlh] c:\winnt\miaxabp.exe
O4 - HKCU\..\Run: [yfbplsj] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [tvkdjsv] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [pcjknqu] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [giabmub] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [dvugxwp] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [akbcuhh] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [vmhbqod] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [xepsjhj] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [rsakrmv] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [cbiqapo] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [srirwid] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ccilxol] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ooevjgq] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [amgqvrt] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [wdeshqk] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [sravrvf] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [eeuvyil] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [jpgobjn] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [omnyyia] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [fufjjbr] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [jojkbse] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [myrninq] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [esmkkts] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [nounlwn] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [gwcjctq] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [majxxaj] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [iyigpng] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ojlhnob] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [xqskmwa] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [flvlifs] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [buiquua] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [eclnouo] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [qntmhes] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [wtoskvi] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [khouold] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ynchyae] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [kawxydn] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ptlquqj] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [iibbylv] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [bmhmedj] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [phyvvlc] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [sfedrky] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [xtcwhxv] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [mggkmxt] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [hvanfxr] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [yiyksux] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [yciivwp] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [latilif] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [npqwtij] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [gprcplr] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [qjpylhi] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [oirfdlf] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [dqxcbii] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [qpilkxo] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ugojrxt] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ossodcp] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [tlkbpss] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [tvmsvwn] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [kbdkvuu] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [gjndldm] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [grjbdkl] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [horljgx] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [grvujva] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [uqgwjxr] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [hstoblv] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [yrktbox] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [bfyoxks] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [iybxrxl] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [klbynpc] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [wcbfydv] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [xojkmkj] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [wnjnhgf] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [jvnknji] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [bknxclg] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ahdpltb] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [nhfeyha] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ncasnkv] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [djyngty] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [loipupn] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [cvstujy] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ebtidyt] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [wwumhlp] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [wxgqhxl] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [sijqmti] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [htriilv] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [mnggell] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [xnlsaxw] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [lreedho] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [owcqatx] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [jpuokgl] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [hsakctj] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [eqdsoix] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [xgfaqfc] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ksovyes] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [wsxsixv] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [wvoirtg] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [vpuhiuy] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [jihqdli] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [njdiygl] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [niwwebc] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ugjvjjm] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [obgaetd] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [tmqihma] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [mombofi] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ftestaq] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [djccyim] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [dfuocem] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [fblgsbr] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [gvcckfd] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [akasxsp] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [skltmlf] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [notwkmc] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [qjmuiqm] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [giohpxr] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [uvptlgt] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ouwrmpv] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [calvhdm] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [imkdbhh] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [gyhvbxx] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [vyjqydl] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [opiwwty] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [bbnnbvu] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ugwcpte] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [xdequwo] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [myubtap] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [tvtoggl] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [xwluotg] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [ygxrvcl] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [mduncsp] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [rorcvhm] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [wluchbj] c:\winnt\dgipvum.exe
O4 - HKCU\..\Run: [geoqval] c:\winnt\igtvdeu.exe
O4 - HKCU\..\Run: [mutmlrs] c:\winnt\igtvdeu.exe
O4 - HKCU\..\Run: [hqxvwfx] c:\winnt\igtvdeu.exe
O4 - HKCU\..\Run: [vflrxkj] c:\winnt\igtvdeu.exe
O4 - HKCU\..\Run: [lvmekhx] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [qoumivn] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ibyfxaw] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [julwsgt] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ghociqd] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [eobpsgr] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [inqcpne] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [uwlbcpy] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [xglvejl] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [stlbvnl] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [phunqgp] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [mhbyxti] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rajitmv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [cfkkutf] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [frgcbyf] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [iiokepd] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [vvfhxfg] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [yklcjag] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [qhyjfsa] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [cqboqhv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [arllivh] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [llnfwkn] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [lekjsvu] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ulrdtes] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [mferbfh] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [hrxmiow] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [gavhdio] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [lqiilhh] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [hmeupyx] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ekitpla] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [cctjyug] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ogbtcxy] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rrhhqyk] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [gewsqjs] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [vrihjoo] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [cqyyorw] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [pdlpfhi] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ngqsrle] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [vvxwiwq] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [wtutesk] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [atdwgux] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [qllgsgc] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [aprcoxd] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [wgunvlj] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [oxqogcd] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [feqovwf] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [udhetpv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [sumjlkn] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ggqtapv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [suhpogr] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rrniqca] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [vfrqsmt] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [vdpoyge] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [esneqtk] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [uhemfgf] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [pklyanb] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ykhdifr] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [yafolix] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ulssdyo] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [fxdneem] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ndnktwb] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [raoopmn] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [simpabw] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [vriijyl] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [veuxhoj] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [dwnkyem] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [sfietcu] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [eelklyx] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [kmyjcbn] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [etvmalh] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [dfxvggk] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [folpmol] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [cieovvf] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [bylbbtu] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [mjpfrpe] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [bunljkw] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [tgqbnjc] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [fopkvpt] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [obsmknv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [yjfppyi] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [xtqnrtw] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rknhudg] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [lnuueqo] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [boaeyja] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [mcnamwy] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [jgprukx] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [yfsomxq] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [tkqbigk] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [dmrcfpi] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ckevlyv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rrgbthf] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [imwonfg] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [pnskklh] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [hpsueix] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [iqfntfq] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rbvrkmp] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [fbsxior] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ecytjjo] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [hleqyys] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [vuwfobe] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [wcktjwt] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [nffotnp] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [wwwybyy] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [bvfmtqp] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [bnjarvg] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [wchmvnu] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [yftxnox] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [hrumssq] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ymqmncq] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [mwgiypa] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [pkugdwv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [lvcwmcp] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [jtcbfwi] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [wfnyelu] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [lgbhvnv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [drdvpjx] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [cuqvlhv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [mrkamhs] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ttkfhuu] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [qrfvoko] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [yrgilki] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rgqapnc] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [vcryqeq] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [jqjxyen] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ktgioet] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [mhynlei] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [fqhypck] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [nraecyq] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [jiejewo] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [onricix] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [enftewn] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rgmrkxf] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [iuiorcd] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [fwluhgw] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [yifjpof] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [xlcqass] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [dcvoqnh] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [jtaulhs] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rarprer] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [gulujvs] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [cijylkc] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [wtayorg] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [lobwmat] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ujsfbwu] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [hwbabkm] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [onwtegn] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [lnujxyh] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [qwknggg] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [gvojpjc] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [lbwqeos] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ebugqcq] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [aohfulk] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [vlfwewb] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [edxwikk] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rcsnpsj] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [xalgbdn] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [xgvsppv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [gjvcanh] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [yijbdqb] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [dlokpdc] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ghhomok] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [qekrrtv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [gtdusst] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [kjvknas] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [jvntadd] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [dmqhcke] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [nhoncwe] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rjkmjvu] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rewxwru] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [xixomxk] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [axbvdfc] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [skmrcmn] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [juouunx] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [hdlhhad] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ubegept] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [xiyvopl] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [pbyiabx] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [famyjuu] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [jivywmo] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [prmlqyt] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [syhhbgh] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [fodiorc] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [mkrswfi] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [sugekyc] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [gkyapnb] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [byjqjer] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [rndwqge] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [clipqkt] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [omlodtd] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [qiaypen] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [kvheffx] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [nhnihvr] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [wkrccyv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ceewynv] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [psuggri] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [dhqcxxu] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ypbojrk] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [oubjads] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [ysydxaf] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [kxrrhgf] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [jacywmm] c:\winnt\jetihih.exe
O4 - HKCU\..\Run: [xvownyt] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [pywiqfi] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [lqflbhg] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [giyxtbu] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [xhghehy] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [dakrkrl] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [lpeesxd] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [lxxbgmx] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [ktjxrbb] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [uoowkdc] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [aexbefd] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [yeagesd] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [lebuytl] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [wypculf] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [vhrbnon] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [tjmkehe] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [dhhdvnp] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [neribgj] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [scmpamo] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [tdsgiew] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [rvvepao] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [jmtuupd] c:\winnt\trpqehc.exe
O4 - HKCU\..\Run: [ubsbttr] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [pquegbt] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [upiepyo] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [aghatft] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [lmtntmc] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [rywnmys] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [qkqivwp] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [cdprfyk] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [ydtbnas] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [cujqila] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [qqhjdov] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [dhyerpw] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [npvxymo] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [gntyleu] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [maqkmux] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [xnpsdnj] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [idovxmn] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [rweqwym] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [efpxorh] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [dgkcain] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [tqxvstk] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [fcamvop] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [vbsopiy] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [lblupfu] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [tppclud] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [jvtunfm] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [wofynyp] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [ykfkdye] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [nfswdye] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [mveqnkc] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [jpqysbf] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [flrronv] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [vdtswxt] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [usptkvb] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [pxwnrmo] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [xvjgtea] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [ceumkap] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [bucasge] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [lucymrp] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [xprxpav] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [gydluxt] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [gedidgd] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [klhdyyq] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [jcsguha] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [rterxyd] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [ukjhymp] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [mpfoyxe] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [galcthn] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [rfodnax] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [exagest] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [afiewqt] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [kjwiwoi] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [vkxgmxq] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [gtgamup] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [awkaukp] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [laangxh] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [hqmeknl] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [wdgeudj] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [vabkqbx] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [pensgug] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [orfjncj] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [agctdno] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [yfyynrd] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [cmmhcll] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [qrlbarn] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [kxlspcv] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [ilfkefy] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [qpoveom] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [kjoyhpd] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [sthvycp] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [uxvdnee] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [pfkgwff] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [dibtfub] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [wsahgss] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [bxaxqjg] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [bwklvuj] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [sfwexnm] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [pksmxlp] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [sberiyv] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [geuujjb] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [xdifpxg] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [mvfaful] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [vguijbf] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [trbfcgb] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [yywrwsd] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [essmpri] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [udepwxx] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [mekcfru] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [laqpkyn] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [aqnrhjo] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [dytcewg] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [csgxvto] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [siykuwr] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [xfjkwdt] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [ghqfpni] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [xdxnrwx] c:\winnt\iyiixko.exe
O4 - HKCU\..\Run: [seykmtm] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [ntdyxum] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [waneelq] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [hubtgnl] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [kxkeuwd] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [intxjdi] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [iwicpep] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [bhmkbfr] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [mycvywe] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [pkwknob] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [tqtchys] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [gmwsrir] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [aytwcmn] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [xunaiuy] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [dytinvo] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [aoaawlc] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [jfxybdl] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [cpsgepi] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [jqdqndy] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [ntdwppb] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [nkhxvlx] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [dicywtw] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [oamfxle] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [khitjyb] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [dldhiul] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [tvulmpu] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [cklwflj] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [avrwydk] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [itmejpd] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [vtyrqbw] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [dumccgd] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [lvdrhbq] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [pyfebbb] c:\winnt\qhflpqh.exe
O4 - HKCU\..\Run: [qgktlro] c:\winnt\fnmfwpt.exe
O4 - HKCU\..\Run: [ryyhhsk] c:\winnt\fnmfwpt.exe
O4 - HKCU\..\Run: [jodxmdu] c:\winnt\clynqdy.exe
O4 - HKCU\..\Run: [krjoqbs] c:\winnt\clynqdy.exe
O4 - HKCU\..\Run: [xlxjbwk] c:\winnt\clynqdy.exe
O4 - HKCU\..\Run: [trfajtk] c:\winnt\clynqdy.exe
O4 - HKCU\..\Run: [loebvhj] c:\winnt\krdtesd.exe
O4 - HKCU\..\Run: [cvvcejf] c:\winnt\krdtesd.exe
O4 - HKCU\..\Run: [yxqvorr] c:\winnt\krdtesd.exe
O4 - HKCU\..\Run: [xevcatk] c:\winnt\krdtesd.exe
O4 - HKCU\..\Run: [vfagmmi] c:\winnt\krdtesd.exe
O4 - HKCU\..\Run: [vchexfx] c:\winnt\krdtesd.exe
O4 - HKCU\..\Run: [kweoeia] c:\winnt\krdtesd.exe
O4 - HKCU\..\Run: [dmcqfua] c:\winnt\krdtesd.exe
O4 - HKCU\..\Run: [iqrqlgy] c:\winnt\krdtesd.exe
O4 - HKCU\..\Run: [svbkgde] c:\winnt\krdtesd.exe
O4 - HKCU\..\Run: [uogjeec] c:\winnt\bqsqqby.exe
O4 - HKCU\..\Run: [iknhewr] c:\winnt\bqsqqby.exe
O4 - HKCU\..\Run: [vomronx] c:\winnt\bqsqqby.exe
O4 - HKCU\..\Run: [yrpschd] c:\winnt\bqsqqby.exe
O4 - HKCU\..\Run: [tbseont] c:\winnt\bqsqqby.exe
O4 - HKCU\..\Run: [dtsyiox] c:\winnt\bqsqqby.exe
O4 - HKCU\..\Run: [ipljgvl] c:\winnt\bqsqqby.exe
O4 - HKCU\..\Run: [xwuoqhs] c:\winnt\bqsqqby.exe
O4 - HKCU\..\Run: [cwmcfxx] c:\winnt\qrhnhhl.exe
O4 - HKCU\..\Run: [crjvbuh] c:\winnt\qrhnhhl.exe
O4 - HKCU\..\Run: [utpsgkd] c:\winnt\qrhnhhl.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Configuration Utility HW.00.lnk = C:\Program Files\802.11 Wireless LAN\802.11b Wireless USB Adapter HW.00 V1.11\Wireless Configuration Utility HW.00.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
  • 0

Advertisements

#2
miekiemoes
Posted 25 June 2005 - 02:21 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Download and install CCleaner
Do not use it yet.


* Please set your system to show all files; please see here if you're unsure how to do this.


open notepad and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="ctfmon.exe"

Save this as fix.reg Choose to save as *all files and place it on your desktop.

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.


Doubleclick on fix.reg you made before and when it asks you if you want to merge the contents to the registry, click yes/ok.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab

* Click on Fix Checked when finished and exit HijackThis.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\winstall.exe
c:\winnt\kqnfhtx.exe
C:\Program Files\epdh <== folder
c:\winnt\qrhnhhl.exe
c:\winnt\bqsqqby.exe
c:\winnt\krdtesd.exe
c:\winnt\clynqdy.exe
c:\winnt\fnmfwpt.exe
c:\winnt\qhflpqh.exe
c:\winnt\iyiixko.exe
c:\winnt\trpqehc.exe
c:\winnt\jetihih.exe
c:\winnt\igtvdeu.exe
c:\winnt\dgipvum.exe
c:\winnt\miaxabp.exe
c:\winnt\nxkmdre.exe
c:\winnt\rkvtvcx.exe
c:\winnt\aoffvmr.exe
C:\Program Files\Spysheriff <== folder (if present)

* Still in safe mode Run Ccleaner and click Run Cleaner (bottom right)

* Reboot your system back to normal mode.

* Download: Hoster
Unzip hoster to an own folder, eg C:\Hoster
Start Hoster.exe, click 'Restore Original Hosts' and click OK.

* Perform an onlinescan with Bitdefender and/or Housecall (check here autodelete) and let it delete everything it is finding.

Post back a fresh HijackThis log and I'll take another look.
How is your desktop looking? Any problems with that?
  • 0

#3
miekiemoes
Posted 17 July 2005 - 06:22 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP