Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

browser homepage hijack [CLOSED]

Started by ruahogfan2 , Jul 10 2005 03:37 PM

  • This topic is locked This topic is locked

#1
ruahogfan2
Posted 10 July 2005 - 03:37 PM

ruahogfan2

    New Member

  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:36:10 PM, on 7/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\windows\xefwvma.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-searchengine.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie-searchengine.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-searchengine.com/index.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [hefloba] c:\windows\xefwvma.exe
O4 - HKCU\..\Run: [brqcitx] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [jknvbyg] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [pafdukk] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [nltpffh] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [rnjsica] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [mrvrsod] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [aehcdhb] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [drhtgpb] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [cfgurdj] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [onxtyjh] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [abaimst] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [ivdhuac] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [wxdnghp] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [kkbvqni] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [lhrnybo] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [lisvanl] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [hvgnouu] c:\windows\xspkwae.exe
O4 - HKCU\..\Run: [ugjcgno] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [helsaae] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [ajqhtnc] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [bwqfvth] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [lfeqcrq] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [bxmilsq] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [bjadksf] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [tvocpuq] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [vvtfwgh] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [sjudgsd] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [quouoyy] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [pnkccop] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [ufruayy] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [dljqueu] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [ypketwg] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [rodgfvp] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [exbpmjn] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [aoqgdyf] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [ekmuikr] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [bbpojww] c:\windows\qyrdrco.exe
O4 - HKCU\..\Run: [fgskxed] c:\windows\qyrdrco.exe
O4 - HKCU\..\Run: [xnyiohx] c:\windows\qyrdrco.exe
O4 - HKCU\..\Run: [ksnibmv] c:\windows\qyrdrco.exe
O4 - HKCU\..\Run: [uokcbqr] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [vhsimgm] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ccqerog] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [aorprjv] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [rdnkyvc] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [hkjcfyx] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [rcmyyyc] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [frmnpgl] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [jslxexa] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ihowfsh] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ivwsjgv] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [okipwdd] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [firytho] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ldschyy] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [hcxxpmr] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [xauccnk] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [xekpwqs] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [mllitns] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [sudennq] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [npvethv] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [rtjfwbt] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [yuwcrpd] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [winljaq] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [jtjqxtt] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [hxivpqy] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [fxtyusi] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ddyrvgw] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ltgbulw] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [inxrnwl] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [onxectw] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [juaemes] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [tiqimdd] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [lrkkyes] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [nfxxrqg] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [bcqxpgg] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [pmbettg] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ojcueyk] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [bpxacop] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [mpsgtkb] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [uvrmmll] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [vsgbpux] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [oefbork] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [nxheblg] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [xhvlvwv] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [dodtlgt] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [sowribw] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [hqxcbxc] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [saopjnt] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [ninbljp] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [xfqypku] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [lsimxbp] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [cdvkwox] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [vyufbps] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [ltxrwjw] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [tcumval] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [apdtcxp] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [nvhphus] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [mcdxonn] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [vdsfnap] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [subyara] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [wyrddsc] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [jwuuegw] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [sowyfka] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [asxdtrs] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [kiajuag] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [xolwbqv] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [udiyjob] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [drvxtjo] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [jghbsxj] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [vmbbmbq] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [jtnconf] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [lnbehah] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [xfgefyi] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [dkokxqb] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [goibjql] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [enywsmf] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [vptftoh] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [tidfrin] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [ymbngvx] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [gvgbqhv] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [wurumet] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [goahmnd] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [jqplcrd] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [vqndgsw] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [giwiojk] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [agowsqn] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [vigbmmq] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [ujosqdw] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [xeaqpiy] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [oajtbui] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [xqxvjee] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [csinjug] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [iibimfk] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [fqggfuq] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [bditjkt] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [sfmgjjs] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [iwcbawu] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [kpfhfxp] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [ipekfnb] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [cfvvcpr] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [gkusgud] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [qeajjir] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [xxflfwb] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [fsnlqre] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [tgrbtbt] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [umjotwp] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [lxkqgky] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [swxwiem] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [nlvnaqv] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [fcxhhhg] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [mhuweho] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [ilghhcu] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [obpcypu] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [ivishrr] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [ciljowl] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [pkhfucc] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [enbfali] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [uoycexr] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [agoihxw] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [smoyilb] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [tskjket] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [tuseakx] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [anppbvl] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [suspmwl] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [bqjwpow] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [dlhqvnw] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [axbrldk] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [btbnwib] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [bejstnc] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [mcboown] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [xxnlhqr] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [sckwbfg] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [dxtiqea] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [mxofnpu] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [luyvqmr] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [glnuvri] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [hruuoud] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [tlshhlo] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [xqahkpv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [pcmpmnv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ncgxnuv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ejjqlkx] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [phllpwi] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [wteegpn] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [rkdupkn] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [iossmve] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [vlduvwi] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [lwhgtxu] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [basxgmv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [esjyloc] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [rleqcpt] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [dtjxflg] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ufoxgef] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [kwqneuj] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [arrcynb] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [jnevigk] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [sabxkuy] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [mwsmxsr] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [bqrmijw] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [laruyyv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [kamlvng] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [amljsip] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [mhynisj] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [eeeolry] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [yxxtibx] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [gojywws] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [jcemiwr] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [edwldic] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [gofaxcr] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ojnciai] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [cemhwgj] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [hnfbqsi] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [kbukgmu] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ropcdun] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [crvvnky] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [eloypxm] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [jatkble] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [mpsrwgc] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [hwtdcle] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [owektfc] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [bvtbmpd] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [nfepamq] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [ttolims] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [oycujgg] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [mjguxmd] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [hcjijix] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [eijxrne] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [scxiprj] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [qhfshwy] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [jvxmfga] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [mrwsjcf] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [debeskm] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [alecjcp] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [yysqpir] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [wccofbo] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [qxbivig] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [cqpgira] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [sbddwlm] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [fmrorgs] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [mgsvlqa] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [uqsxxqq] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [tgqgxwf] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [tesikrh] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [bnpcjve] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [udapuae] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [dfssary] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [cqjtxdi] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [ofaanss] c:\windows\wxtpqwq.exe
O4 - HKCU\..\Run: [qbyrrmp] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [eofopnr] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [aimuluf] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [ebvghhq] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [jjhikka] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [orsredc] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [ifjctqr] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [jxrjall] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [lsidrld] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [xkrmujf] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [jphiwxo] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [ovpmeyh] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [umlxlga] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [bghtids] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [dejcxxu] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [fcaxgls] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [flsrpvv] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [lknokcr] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [gfxiwxu] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [jbismaj] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [muxggfw] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [pfuilta] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [rctbyyj] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [xwdixnh] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [trmhato] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [iddqpnh] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [irqywcl] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [fxtarpt] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [kktopcw] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [dtbdwwo] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [fukxexg] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [gbupogv] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [fofrrny] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [mvtsira] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [xnhmsqn] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [unjadbc] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [uavnatb] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [qasvoof] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [jmfbecs] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [hxaqkxt] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [pmomtie] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [daurxgs] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [woychij] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [ccvblyd] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [iycrflt] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [wtuchox] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [fexymgi] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [slfnweq] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [coeqgai] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [gcahucb] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [wducayc] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [phjarqo] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [qxlecls] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [cjeyslq] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [qveidfx] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [wkknngy] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [fqsfogq] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [wwcqbdx] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [bikcesl] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [jcukwad] c:\windows\olgtfov.exe
O4 - HKCU\..\Run: [uyicwfx] c:\windows\olgtfov.exe
O4 - HKCU\..\Run: [oqiavkr] c:\windows\olgtfov.exe
O4 - HKCU\..\Run: [oxhfywk] c:\windows\olgtfov.exe
O4 - HKCU\..\Run: [wweiipg] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [tdufksn] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [eiocieh] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [hutsqxn] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [wviomay] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [hddpkmb] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [xwmmnxa] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [blkbpja] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [kaluogh] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [luydwgb] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [lcnghhf] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [xcjwadg] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [muvufbp] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [njtsubw] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [owjmods] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [imuxbrv] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [sxpvacs] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [fqsxdkd] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [loiajse] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [maslnmu] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [uwyevqg] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [kpjicil] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [bvjgamf] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [fonwsxr] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [pfiyevh] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [udnjapu] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [nmrbbrn] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [lqaythp] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [oqoihdm] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [fecdwwc] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [krjcxxy] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [jyomvvb] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [ggsqlhf] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [kiwacth] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [qqilpnk] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [tduiots] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [ndcwixc] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [dfnwvon] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [nwimtab] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [ytrdaua] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [lysnkjy] c:\windows\cemkygu.exe
O4 - HKCU\..\Run: [hfvtwbm] c:\windows\cemkygu.exe
O4 - HKCU\..\Run: [mdwigfp] c:\windows\cemkygu.exe
O4 - HKCU\..\Run: [xfhairk] c:\windows\cemkygu.exe
O4 - HKCU\..\Run: [waiogmy] c:\windows\qodjhyu.exe
O4 - HKCU\..\Run: [rjreydu] c:\windows\qodjhyu.exe
O4 - HKCU\..\Run: [mctxgae] c:\windows\modvaty.exe
O4 - HKCU\..\Run: [yuhnkhu] c:\windows\modvaty.exe
O4 - HKCU\..\Run: [vgltcof] c:\windows\modvaty.exe
O4 - HKCU\..\Run: [jrxjdia] c:\windows\auamvqu.exe
O4 - HKCU\..\Run: [oiulhdn] c:\windows\auamvqu.exe
O4 - HKCU\..\Run: [lcuqbvc] c:\windows\auamvqu.exe
O4 - HKCU\..\Run: [bnrsnev] c:\windows\auamvqu.exe
O4 - HKCU\..\Run: [dghxsah] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [jmauuah] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [cewqotd] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [hxsmggx] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [idupkkh] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [qeinffi] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [qacliya] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [gmhubqm] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [wygisjb] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [xadsaye] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [hhrcrkc] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [kqrrykg] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [mrdjvtm] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [cfjjxqa] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [hlnnjle] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [ncbokjx] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [cmcmkpv] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [xrebwjt] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [iynvkdd] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [mkvmojj] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [tgfhsdu] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [pgrnmin] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [nmcjtsh] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [wxevtji] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [yvqqcmx] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [slkgmip] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [mehjbks] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [fndynnb] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [tftmvol] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [hivtasf] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [mpltobb] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [dtsktae] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [beivuvb] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [cogyonf] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [uvvknay] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [pqpkbxf] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [qkplelg] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [xsgoqme] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [mejmeuu] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [bsljiol] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [fwkiunv] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [nkhehfj] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [skyrxjc] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [strvkqm] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [uyvhuqg] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [fbrddps] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [kqfripi] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [hprocym] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [nfhbwfs] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [bkhdgkv] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [lkrcjcw] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [pnisnha] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [elvpryq] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [xfbseyt] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [bcvvbwn] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [hcwgjlx] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [etsasqp] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [rmbpone] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [uhrykmr] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [eewnmln] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [gcijlfg] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [fibijim] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [xyoiiao] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [oqrctuf] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [vticfxv] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [mtqwyws] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [oofhtuj] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [qdqdcrb] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [nwiinto] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [ltyayam] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [fbnrxcs] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [fcdphey] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [mbebsgx] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [gvigxdn] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [cehfpxa] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [nbaacfw] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [vejbuhc] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [jrbehfc] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [uxkreut] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [onpamfy] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [klyufkt] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [vlamybq] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [egddwpd] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [ckshryj] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [lbbqxfg] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [rhxpwuw] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [ypovxio] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [goobocw] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [ilhymip] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [hqhjadt] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [jpkrdnl] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [whvqkjk] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [udjtftj] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [rordagu] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [doxuqsd] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [xbevvnc] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [eokqvxs] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [awjcgbh] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [lwvcirt] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [imkjxjj] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [yebxgyx] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [xpwymvs] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [aeiwmwp] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [xsqvpmj] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [yjsrfel] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [ixfxdwm] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [jrshspo] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [bnpoylx] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [pqnghwq] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [fapvwfc] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [gcqsqsb] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [witjgna] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [hgnmeou] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [nkpmgak] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [ygadewl] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [wttjhcy] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [fdqbhqs] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [toqhkpd] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [llndagu] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [yessmdv] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [ayyoqth] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [rtqvevt] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [wnprlol] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [euuerdp] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [iaybamm] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [vjkmhkl] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [rbhmtnn] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [ipbfysv] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [dhcnqsa] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [gnovonj] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [dshujid] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [camkrcr] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [snrpcea] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [ycmmqcx] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [viapjjs] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [rdtcnpl] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [lwuyykl] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [qwibvfr] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [mcnhynj] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [dkerpqy] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [edslijx] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [jourcnj] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [beyefyx] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [vsqjbqw] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [mgkktyy] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [ryphseg] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [vlvrmno] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [vglbyre] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [xjcxivs] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [qfrombm] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [vmxuimp] c:\windows\doryday.exe
O4 - HKCU\..\Run: [girfola] c:\windows\doryday.exe
O4 - HKCU\..\Run: [utdgnbl] c:\windows\doryday.exe
O4 - HKCU\..\Run: [qbwqowy] c:\windows\doryday.exe
O4 - HKCU\..\Run: [lxhtwea] c:\windows\doryday.exe
O4 - HKCU\..\Run: [yhffakw] c:\windows\doryday.exe
O4 - HKCU\..\Run: [wpvbnts] c:\windows\doryday.exe
O4 - HKCU\..\Run: [pbowyrb] c:\windows\doryday.exe
O4 - HKCU\..\Run: [kqyywmt] c:\windows\doryday.exe
O4 - HKCU\..\Run: [eltnhri] c:\windows\doryday.exe
O4 - HKCU\..\Run: [wcjtphd] c:\windows\doryday.exe
O4 - HKCU\..\Run: [fmqvhad] c:\windows\doryday.exe
O4 - HKCU\..\Run: [pythtld] c:\windows\doryday.exe
O4 - HKCU\..\Run: [xotoxkh] c:\windows\doryday.exe
O4 - HKCU\..\Run: [qlrolcd] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [nkigpor] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [cxrwtfg] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [vsqhfvs] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [bfalvpc] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [dwiqhfp] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [ysmchfr] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [dxmymjj] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [kvbrqad] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [owbhwdb] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [kuoxvup] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [uaccfjd] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [bmooqph] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [mcbswbd] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [wgbadfn] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [kjafovg] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [ifidiaa] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [esfbiua] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [lryltev] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [gakufoa] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [qgvtigd] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [rodpwgf] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [kccgmgi] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [jlbtost] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [mlxwnih] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [avrhptp] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [umsbvuh] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [ekjomhl] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [tcdifpb] c:\windows\ogofwkh.exe
O4 - HKCU\..\Run: [niapnff] c:\windows\ogofwkh.exe
O4 - HKCU\..\Run: [paaoftx] c:\windows\ogofwkh.exe
O4 - HKCU\..\Run: [qietbgi] c:\windows\ogofwkh.exe
O4 - HKCU\..\Run: [cjlvylc] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [kjaitwk] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [nyfdtlg] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [phdaqql] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [qubywov] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [axfarih] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [wcweduo] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [fubnohu] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [eigrskp] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [uabbcui] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [yxrsgpo] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [upqjbnn] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [pgpfyih] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [xiqajtm] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [oihhwqm] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [duinqdw] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [jrlgmip] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [mrtjccp] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [ynmormm] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [ihjqdvu] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [uolebrx] c:\windows\usvftdd.exe
O4 - HKCU\..\Run: [rkjtdyq] c:\windows\usvftdd.exe
O4 - HKCU\..\Run: [jvvncye] c:\windows\usvftdd.exe
O4 - HKCU\..\Run: [panusrk] c:\windows\usvftdd.exe
O4 - HKCU\..\Run: [biufxqf] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [qrcymgr] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [lvqddsd] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ufaggtt] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ryljimv] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [myflnab] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [shslnyc] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ashiddy] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [cstvuuh] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [iwudtuk] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [avffwmw] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [fbwvcep] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ucfamiq] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [jeurjbg] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [qhsdkso] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [hbydbyw] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [myillfw] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [yulqxpq] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [pwyqfap] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ljjyraj] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [apmtsav] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ybbulxv] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [secfpmk] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [kihiwgq] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [spkqqko] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [idvjwwf] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [psootvu] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ptctued] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ahejlqd] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [oiixlqg] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ofvsjib] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [uabpltp] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [nafmayw] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ascedmq] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ypxbmdh] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [pmkyknp] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [xxexnyr] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [jpnhnpi] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [oepfduk] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [cqbecir] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [hchrucj] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [elktbuk] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [vonnkpe] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [loilkol] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [juclmaf] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [yswhieu] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [qkmoiqc] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [bimagux] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [xoktenh] c:\windows\kwcderh.exe
O4 - HKCU\..\Run: [dhqpyja] c:\windows\kwcderh.exe
O4 - HKCU\..\Run: [gevqrpc] c:\windows\kwcderh.exe
O4 - HKCU\..\Run: [kcscuph] c:\windows\kwcderh.exe
O4 - HKCU\..\Run: [skctcxr] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [ctwnhwc] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [ygveaht] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [nopjpdp] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [eyftnyq] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [yogatgj] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [wlbjriy] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [sxpjebn] c:\windows\vihhemh.exe
O4 - HKCU\..\Run: [hfgwumr] c:\windows\vihhemh.exe
O4 - HKCU\..\Run: [npruxpv] c:\windows\vihhemh.exe
O4 - HKCU\..\Run: [hxnudgm] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [omcdsbq] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [ijuuuwd] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [gcwdote] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [uffvrhu] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [xrljfnd] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [ytcmqxt] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [txauijs] c:\windows\ttkftog.exe
O4 - HKCU\..\Run: [potlods] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [ngkuwcj] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [mikivko] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [wfxlpma] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [fciankm] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [grkdcuy] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [miiodum] c:\windows\stavfko.exe
O4 - HKCU\..\Run: [kwpkvgk] c:\windows\stavfko.exe
O4 - HKCU\..\Run: [frghmrs] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [isikllq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [ppynlnb] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [gclftsq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [mbsergm] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [qqrtiok] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [swekfhq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [fruovlu] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [coiahwl] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [gpckxpr] c:\windows\bxhrnip.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

Advertisements

#2
Kristy
Posted 11 July 2005 - 03:18 PM

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

~Kristy
  • 0

#3
ruahogfan2
Posted 12 July 2005 - 06:26 PM

ruahogfan2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
service pack 1 downloaded. Thanks, Greg

Logfile of HijackThis v1.99.1
Scan saved at 7:24:32 PM, on 7/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\xefwvma.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-searchengine.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie-searchengine.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-searchengine.com/index.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [hefloba] c:\windows\xefwvma.exe
O4 - HKCU\..\Run: [brqcitx] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [jknvbyg] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [pafdukk] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [nltpffh] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [rnjsica] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [mrvrsod] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [aehcdhb] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [drhtgpb] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [cfgurdj] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [onxtyjh] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [abaimst] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [ivdhuac] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [wxdnghp] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [kkbvqni] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [lhrnybo] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [lisvanl] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [hvgnouu] c:\windows\xspkwae.exe
O4 - HKCU\..\Run: [ugjcgno] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [helsaae] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [ajqhtnc] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [bwqfvth] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [lfeqcrq] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [bxmilsq] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [bjadksf] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [tvocpuq] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [vvtfwgh] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [sjudgsd] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [quouoyy] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [pnkccop] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [ufruayy] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [dljqueu] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [ypketwg] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [rodgfvp] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [exbpmjn] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [aoqgdyf] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [ekmuikr] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [bbpojww] c:\windows\qyrdrco.exe
O4 - HKCU\..\Run: [fgskxed] c:\windows\qyrdrco.exe
O4 - HKCU\..\Run: [xnyiohx] c:\windows\qyrdrco.exe
O4 - HKCU\..\Run: [ksnibmv] c:\windows\qyrdrco.exe
O4 - HKCU\..\Run: [uokcbqr] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [vhsimgm] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ccqerog] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [aorprjv] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [rdnkyvc] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [hkjcfyx] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [rcmyyyc] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [frmnpgl] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [jslxexa] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ihowfsh] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ivwsjgv] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [okipwdd] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [firytho] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ldschyy] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [hcxxpmr] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [xauccnk] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [xekpwqs] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [mllitns] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [sudennq] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [npvethv] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [rtjfwbt] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [yuwcrpd] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [winljaq] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [jtjqxtt] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [hxivpqy] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [fxtyusi] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ddyrvgw] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ltgbulw] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [inxrnwl] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [onxectw] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [juaemes] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [tiqimdd] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [lrkkyes] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [nfxxrqg] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [bcqxpgg] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [pmbettg] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ojcueyk] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [bpxacop] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [mpsgtkb] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [uvrmmll] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [vsgbpux] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [oefbork] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [nxheblg] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [xhvlvwv] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [dodtlgt] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [sowribw] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [hqxcbxc] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [saopjnt] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [ninbljp] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [xfqypku] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [lsimxbp] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [cdvkwox] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [vyufbps] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [ltxrwjw] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [tcumval] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [apdtcxp] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [nvhphus] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [mcdxonn] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [vdsfnap] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [subyara] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [wyrddsc] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [jwuuegw] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [sowyfka] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [asxdtrs] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [kiajuag] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [xolwbqv] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [udiyjob] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [drvxtjo] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [jghbsxj] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [vmbbmbq] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [jtnconf] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [lnbehah] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [xfgefyi] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [dkokxqb] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [goibjql] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [enywsmf] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [vptftoh] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [tidfrin] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [ymbngvx] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [gvgbqhv] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [wurumet] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [goahmnd] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [jqplcrd] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [vqndgsw] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [giwiojk] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [agowsqn] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [vigbmmq] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [ujosqdw] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [xeaqpiy] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [oajtbui] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [xqxvjee] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [csinjug] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [iibimfk] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [fqggfuq] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [bditjkt] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [sfmgjjs] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [iwcbawu] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [kpfhfxp] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [ipekfnb] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [cfvvcpr] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [gkusgud] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [qeajjir] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [xxflfwb] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [fsnlqre] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [tgrbtbt] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [umjotwp] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [lxkqgky] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [swxwiem] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [nlvnaqv] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [fcxhhhg] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [mhuweho] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [ilghhcu] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [obpcypu] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [ivishrr] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [ciljowl] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [pkhfucc] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [enbfali] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [uoycexr] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [agoihxw] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [smoyilb] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [tskjket] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [tuseakx] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [anppbvl] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [suspmwl] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [bqjwpow] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [dlhqvnw] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [axbrldk] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [btbnwib] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [bejstnc] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [mcboown] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [xxnlhqr] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [sckwbfg] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [dxtiqea] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [mxofnpu] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [luyvqmr] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [glnuvri] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [hruuoud] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [tlshhlo] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [xqahkpv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [pcmpmnv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ncgxnuv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ejjqlkx] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [phllpwi] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [wteegpn] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [rkdupkn] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [iossmve] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [vlduvwi] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [lwhgtxu] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [basxgmv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [esjyloc] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [rleqcpt] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [dtjxflg] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ufoxgef] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [kwqneuj] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [arrcynb] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [jnevigk] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [sabxkuy] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [mwsmxsr] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [bqrmijw] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [laruyyv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [kamlvng] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [amljsip] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [mhynisj] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [eeeolry] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [yxxtibx] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [gojywws] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [jcemiwr] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [edwldic] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [gofaxcr] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ojnciai] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [cemhwgj] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [hnfbqsi] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [kbukgmu] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ropcdun] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [crvvnky] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [eloypxm] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [jatkble] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [mpsrwgc] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [hwtdcle] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [owektfc] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [bvtbmpd] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [nfepamq] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [ttolims] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [oycujgg] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [mjguxmd] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [hcjijix] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [eijxrne] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [scxiprj] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [qhfshwy] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [jvxmfga] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [mrwsjcf] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [debeskm] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [alecjcp] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [yysqpir] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [wccofbo] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [qxbivig] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [cqpgira] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [sbddwlm] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [fmrorgs] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [mgsvlqa] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [uqsxxqq] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [tgqgxwf] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [tesikrh] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [bnpcjve] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [udapuae] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [dfssary] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [cqjtxdi] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [ofaanss] c:\windows\wxtpqwq.exe
O4 - HKCU\..\Run: [qbyrrmp] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [eofopnr] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [aimuluf] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [ebvghhq] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [jjhikka] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [orsredc] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [ifjctqr] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [jxrjall] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [lsidrld] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [xkrmujf] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [jphiwxo] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [ovpmeyh] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [umlxlga] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [bghtids] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [dejcxxu] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [fcaxgls] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [flsrpvv] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [lknokcr] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [gfxiwxu] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [jbismaj] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [muxggfw] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [pfuilta] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [rctbyyj] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [xwdixnh] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [trmhato] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [iddqpnh] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [irqywcl] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [fxtarpt] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [kktopcw] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [dtbdwwo] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [fukxexg] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [gbupogv] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [fofrrny] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [mvtsira] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [xnhmsqn] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [unjadbc] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [uavnatb] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [qasvoof] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [jmfbecs] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [hxaqkxt] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [pmomtie] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [daurxgs] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [woychij] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [ccvblyd] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [iycrflt] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [wtuchox] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [fexymgi] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [slfnweq] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [coeqgai] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [gcahucb] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [wducayc] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [phjarqo] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [qxlecls] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [cjeyslq] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [qveidfx] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [wkknngy] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [fqsfogq] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [wwcqbdx] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [bikcesl] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [jcukwad] c:\windows\olgtfov.exe
O4 - HKCU\..\Run: [uyicwfx] c:\windows\olgtfov.exe
O4 - HKCU\..\Run: [oqiavkr] c:\windows\olgtfov.exe
O4 - HKCU\..\Run: [oxhfywk] c:\windows\olgtfov.exe
O4 - HKCU\..\Run: [wweiipg] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [tdufksn] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [eiocieh] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [hutsqxn] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [wviomay] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [hddpkmb] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [xwmmnxa] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [blkbpja] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [kaluogh] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [luydwgb] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [lcnghhf] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [xcjwadg] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [muvufbp] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [njtsubw] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [owjmods] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [imuxbrv] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [sxpvacs] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [fqsxdkd] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [loiajse] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [maslnmu] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [uwyevqg] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [kpjicil] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [bvjgamf] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [fonwsxr] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [pfiyevh] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [udnjapu] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [nmrbbrn] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [lqaythp] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [oqoihdm] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [fecdwwc] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [krjcxxy] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [jyomvvb] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [ggsqlhf] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [kiwacth] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [qqilpnk] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [tduiots] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [ndcwixc] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [dfnwvon] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [nwimtab] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [ytrdaua] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [lysnkjy] c:\windows\cemkygu.exe
O4 - HKCU\..\Run: [hfvtwbm] c:\windows\cemkygu.exe
O4 - HKCU\..\Run: [mdwigfp] c:\windows\cemkygu.exe
O4 - HKCU\..\Run: [xfhairk] c:\windows\cemkygu.exe
O4 - HKCU\..\Run: [waiogmy] c:\windows\qodjhyu.exe
O4 - HKCU\..\Run: [rjreydu] c:\windows\qodjhyu.exe
O4 - HKCU\..\Run: [mctxgae] c:\windows\modvaty.exe
O4 - HKCU\..\Run: [yuhnkhu] c:\windows\modvaty.exe
O4 - HKCU\..\Run: [vgltcof] c:\windows\modvaty.exe
O4 - HKCU\..\Run: [jrxjdia] c:\windows\auamvqu.exe
O4 - HKCU\..\Run: [oiulhdn] c:\windows\auamvqu.exe
O4 - HKCU\..\Run: [lcuqbvc] c:\windows\auamvqu.exe
O4 - HKCU\..\Run: [bnrsnev] c:\windows\auamvqu.exe
O4 - HKCU\..\Run: [dghxsah] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [jmauuah] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [cewqotd] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [hxsmggx] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [idupkkh] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [qeinffi] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [qacliya] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [gmhubqm] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [wygisjb] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [xadsaye] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [hhrcrkc] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [kqrrykg] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [mrdjvtm] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [cfjjxqa] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [hlnnjle] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [ncbokjx] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [cmcmkpv] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [xrebwjt] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [iynvkdd] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [mkvmojj] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [tgfhsdu] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [pgrnmin] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [nmcjtsh] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [wxevtji] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [yvqqcmx] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [slkgmip] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [mehjbks] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [fndynnb] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [tftmvol] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [hivtasf] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [mpltobb] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [dtsktae] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [beivuvb] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [cogyonf] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [uvvknay] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [pqpkbxf] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [qkplelg] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [xsgoqme] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [mejmeuu] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [bsljiol] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [fwkiunv] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [nkhehfj] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [skyrxjc] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [strvkqm] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [uyvhuqg] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [fbrddps] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [kqfripi] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [hprocym] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [nfhbwfs] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [bkhdgkv] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [lkrcjcw] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [pnisnha] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [elvpryq] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [xfbseyt] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [bcvvbwn] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [hcwgjlx] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [etsasqp] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [rmbpone] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [uhrykmr] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [eewnmln] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [gcijlfg] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [fibijim] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [xyoiiao] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [oqrctuf] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [vticfxv] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [mtqwyws] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [oofhtuj] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [qdqdcrb] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [nwiinto] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [ltyayam] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [fbnrxcs] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [fcdphey] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [mbebsgx] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [gvigxdn] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [cehfpxa] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [nbaacfw] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [vejbuhc] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [jrbehfc] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [uxkreut] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [onpamfy] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [klyufkt] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [vlamybq] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [egddwpd] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [ckshryj] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [lbbqxfg] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [rhxpwuw] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [ypovxio] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [goobocw] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [ilhymip] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [hqhjadt] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [jpkrdnl] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [whvqkjk] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [udjtftj] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [rordagu] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [doxuqsd] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [xbevvnc] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [eokqvxs] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [awjcgbh] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [lwvcirt] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [imkjxjj] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [yebxgyx] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [xpwymvs] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [aeiwmwp] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [xsqvpmj] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [yjsrfel] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [ixfxdwm] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [jrshspo] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [bnpoylx] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [pqnghwq] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [fapvwfc] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [gcqsqsb] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [witjgna] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [hgnmeou] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [nkpmgak] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [ygadewl] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [wttjhcy] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [fdqbhqs] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [toqhkpd] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [llndagu] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [yessmdv] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [ayyoqth] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [rtqvevt] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [wnprlol] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [euuerdp] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [iaybamm] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [vjkmhkl] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [rbhmtnn] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [ipbfysv] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [dhcnqsa] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [gnovonj] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [dshujid] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [camkrcr] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [snrpcea] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [ycmmqcx] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [viapjjs] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [rdtcnpl] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [lwuyykl] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [qwibvfr] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [mcnhynj] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [dkerpqy] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [edslijx] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [jourcnj] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [beyefyx] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [vsqjbqw] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [mgkktyy] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [ryphseg] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [vlvrmno] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [vglbyre] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [xjcxivs] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [qfrombm] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [vmxuimp] c:\windows\doryday.exe
O4 - HKCU\..\Run: [girfola] c:\windows\doryday.exe
O4 - HKCU\..\Run: [utdgnbl] c:\windows\doryday.exe
O4 - HKCU\..\Run: [qbwqowy] c:\windows\doryday.exe
O4 - HKCU\..\Run: [lxhtwea] c:\windows\doryday.exe
O4 - HKCU\..\Run: [yhffakw] c:\windows\doryday.exe
O4 - HKCU\..\Run: [wpvbnts] c:\windows\doryday.exe
O4 - HKCU\..\Run: [pbowyrb] c:\windows\doryday.exe
O4 - HKCU\..\Run: [kqyywmt] c:\windows\doryday.exe
O4 - HKCU\..\Run: [eltnhri] c:\windows\doryday.exe
O4 - HKCU\..\Run: [wcjtphd] c:\windows\doryday.exe
O4 - HKCU\..\Run: [fmqvhad] c:\windows\doryday.exe
O4 - HKCU\..\Run: [pythtld] c:\windows\doryday.exe
O4 - HKCU\..\Run: [xotoxkh] c:\windows\doryday.exe
O4 - HKCU\..\Run: [qlrolcd] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [nkigpor] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [cxrwtfg] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [vsqhfvs] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [bfalvpc] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [dwiqhfp] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [ysmchfr] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [dxmymjj] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [kvbrqad] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [owbhwdb] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [kuoxvup] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [uaccfjd] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [bmooqph] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [mcbswbd] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [wgbadfn] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [kjafovg] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [ifidiaa] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [esfbiua] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [lryltev] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [gakufoa] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [qgvtigd] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [rodpwgf] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [kccgmgi] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [jlbtost] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [mlxwnih] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [avrhptp] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [umsbvuh] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [ekjomhl] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [tcdifpb] c:\windows\ogofwkh.exe
O4 - HKCU\..\Run: [niapnff] c:\windows\ogofwkh.exe
O4 - HKCU\..\Run: [paaoftx] c:\windows\ogofwkh.exe
O4 - HKCU\..\Run: [qietbgi] c:\windows\ogofwkh.exe
O4 - HKCU\..\Run: [cjlvylc] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [kjaitwk] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [nyfdtlg] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [phdaqql] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [qubywov] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [axfarih] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [wcweduo] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [fubnohu] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [eigrskp] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [uabbcui] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [yxrsgpo] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [upqjbnn] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [pgpfyih] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [xiqajtm] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [oihhwqm] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [duinqdw] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [jrlgmip] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [mrtjccp] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [ynmormm] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [ihjqdvu] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [uolebrx] c:\windows\usvftdd.exe
O4 - HKCU\..\Run: [rkjtdyq] c:\windows\usvftdd.exe
O4 - HKCU\..\Run: [jvvncye] c:\windows\usvftdd.exe
O4 - HKCU\..\Run: [panusrk] c:\windows\usvftdd.exe
O4 - HKCU\..\Run: [biufxqf] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [qrcymgr] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [lvqddsd] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ufaggtt] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ryljimv] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [myflnab] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [shslnyc] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ashiddy] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [cstvuuh] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [iwudtuk] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [avffwmw] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [fbwvcep] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ucfamiq] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [jeurjbg] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [qhsdkso] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [hbydbyw] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [myillfw] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [yulqxpq] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [pwyqfap] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ljjyraj] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [apmtsav] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ybbulxv] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [secfpmk] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [kihiwgq] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [spkqqko] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [idvjwwf] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [psootvu] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ptctued] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ahejlqd] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [oiixlqg] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ofvsjib] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [uabpltp] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [nafmayw] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ascedmq] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ypxbmdh] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [pmkyknp] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [xxexnyr] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [jpnhnpi] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [oepfduk] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [cqbecir] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [hchrucj] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [elktbuk] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [vonnkpe] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [loilkol] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [juclmaf] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [yswhieu] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [qkmoiqc] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [bimagux] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [xoktenh] c:\windows\kwcderh.exe
O4 - HKCU\..\Run: [dhqpyja] c:\windows\kwcderh.exe
O4 - HKCU\..\Run: [gevqrpc] c:\windows\kwcderh.exe
O4 - HKCU\..\Run: [kcscuph] c:\windows\kwcderh.exe
O4 - HKCU\..\Run: [skctcxr] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [ctwnhwc] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [ygveaht] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [nopjpdp] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [eyftnyq] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [yogatgj] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [wlbjriy] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [sxpjebn] c:\windows\vihhemh.exe
O4 - HKCU\..\Run: [hfgwumr] c:\windows\vihhemh.exe
O4 - HKCU\..\Run: [npruxpv] c:\windows\vihhemh.exe
O4 - HKCU\..\Run: [hxnudgm] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [omcdsbq] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [ijuuuwd] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [gcwdote] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [uffvrhu] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [xrljfnd] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [ytcmqxt] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [txauijs] c:\windows\ttkftog.exe
O4 - HKCU\..\Run: [potlods] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [ngkuwcj] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [mikivko] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [wfxlpma] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [fciankm] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [grkdcuy] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [miiodum] c:\windows\stavfko.exe
O4 - HKCU\..\Run: [kwpkvgk] c:\windows\stavfko.exe
O4 - HKCU\..\Run: [frghmrs] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [isikllq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [ppynlnb] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [gclftsq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [mbsergm] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [qqrtiok] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [swekfhq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [fruovlu] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [coiahwl] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [gpckxpr] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [wmaytqh] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [aixshdx] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [rgguseo] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [qgkwcaf] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [xfjfeln] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [ielkyiw] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [apvvkay] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [ohxqwqg] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [njcskgg] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [feqytdy] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [ckcissi] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [guymabg] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [dnqdqok] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [iwhqqao] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [itnrmws] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [lxnvrwq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [eornmnq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [ynegtuu] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [wbubtii] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [elkwxvh] c:\windows\rykfoao.exe
O4 - HKCU\..\Run: [lxqwpvj] c:\windows\rykfoao.exe
O4 - HKCU\..\Run: [nsjcync] c:\windows\uygujch.exe
O4 - HKCU\..\Run: [sxicjlr] c:\windows\uygujch.exe
O4 - HKCU\..\Run: [dpkbald] c:\windows\uygujch.exe
O4 - HKCU\..\Run: [ajtupvv] c:\windows\uygujch.exe
O4 - HKCU\..\Run: [rmwvmkw] c:\windows\rpqubwb.exe
O4 - HKCU\..\Run: [clntkah] c:\windows\rpqubwb.exe
O4 - HKCU\..\Run: [bucxbvx] c:\windows\rpqubwb.exe
O4 - HKCU\..\Run: [tlckklr] c:\windows\rpqubwb.exe
O4 - HKCU\..\Run: [kcfbtfo] c:\windows\rpqubwb.exe
O4 - HKCU\..\Run: [bgyluni] c:\windows\rpnrfbh.exe
O4 - HKCU\..\Run: [ikrwqkh] c:\windows\rpnrfbh.exe
O4 - HKCU\..\Run: [cobabib] c:\windows\etuudmi.exe
O4 - HKCU\..\Run: [gkxmgpt] c:\windows\etuudmi.exe
O4 - HKCU\..\Run: [anwnesf] c:\windows\etuudmi.exe
O4 - HKCU\..\Run: [pxydegx] c:\windows\etuudmi.exe
O4 - HKCU\..\Run: [hlleiga] c:\windows\etuudmi.exe
O4 - HKCU\..\Run: [ximtswg] c:\windows\etuudmi.exe
O4 - HKCU\..\Run: [cvbnuqw] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [ueylexi] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [ykxkqah] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [xmvycfd] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [blwktdl] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [clbbgxb] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [mrkukhx] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [clalvso] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [xmkvmsj] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [okjfatu] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [fjieoxy] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [xnqeyil] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [mbaipci] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [qrljwjw] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [qdiapmn] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [vhmpqkw] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [xqioanj] c:\windows\ejoeito.exe
O4 - HKCU\..\Run: [ufapeuk] c:\windows\ejoeito.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  • 0

#4
Kristy
Posted 12 July 2005 - 07:12 PM

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello ruahogfan2,

You may wish to print out a copy of these instructions to follow while you complete this procedure.

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop. Don’t run it yet.

Next please run HijackThis, click Scan, and check:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie-searchengine.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie-searchengine.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie-searchengine.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ie-searchengine.com/index.htm
O4 - HKCU\..\Run: [hefloba] c:\windows\xefwvma.exe
O4 - HKCU\..\Run: [brqcitx] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [jknvbyg] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [pafdukk] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [nltpffh] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [rnjsica] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [mrvrsod] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [aehcdhb] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [drhtgpb] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [cfgurdj] c:\windows\dofjcqp.exe
O4 - HKCU\..\Run: [onxtyjh] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [abaimst] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [ivdhuac] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [wxdnghp] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [kkbvqni] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [lhrnybo] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [lisvanl] c:\windows\awrsneh.exe
O4 - HKCU\..\Run: [hvgnouu] c:\windows\xspkwae.exe
O4 - HKCU\..\Run: [ugjcgno] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [helsaae] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [ajqhtnc] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [bwqfvth] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [lfeqcrq] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [bxmilsq] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [bjadksf] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [tvocpuq] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [vvtfwgh] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [sjudgsd] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [quouoyy] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [pnkccop] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [ufruayy] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [dljqueu] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [ypketwg] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [rodgfvp] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [exbpmjn] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [aoqgdyf] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [ekmuikr] c:\windows\ukxiklm.exe
O4 - HKCU\..\Run: [bbpojww] c:\windows\qyrdrco.exe
O4 - HKCU\..\Run: [fgskxed] c:\windows\qyrdrco.exe
O4 - HKCU\..\Run: [xnyiohx] c:\windows\qyrdrco.exe
O4 - HKCU\..\Run: [ksnibmv] c:\windows\qyrdrco.exe
O4 - HKCU\..\Run: [uokcbqr] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [vhsimgm] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ccqerog] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [aorprjv] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [rdnkyvc] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [hkjcfyx] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [rcmyyyc] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [frmnpgl] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [jslxexa] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ihowfsh] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ivwsjgv] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [okipwdd] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [firytho] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ldschyy] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [hcxxpmr] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [xauccnk] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [xekpwqs] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [mllitns] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [sudennq] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [npvethv] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [rtjfwbt] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [yuwcrpd] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [winljaq] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [jtjqxtt] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [hxivpqy] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [fxtyusi] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ddyrvgw] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ltgbulw] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [inxrnwl] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [onxectw] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [juaemes] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [tiqimdd] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [lrkkyes] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [nfxxrqg] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [bcqxpgg] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [pmbettg] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [ojcueyk] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [bpxacop] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [mpsgtkb] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [uvrmmll] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [vsgbpux] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [oefbork] c:\windows\igmpfsl.exe
O4 - HKCU\..\Run: [nxheblg] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [xhvlvwv] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [dodtlgt] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [sowribw] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [hqxcbxc] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [saopjnt] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [ninbljp] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [xfqypku] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [lsimxbp] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [cdvkwox] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [vyufbps] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [ltxrwjw] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [tcumval] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [apdtcxp] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [nvhphus] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [mcdxonn] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [vdsfnap] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [subyara] c:\windows\mslvqsc.exe
O4 - HKCU\..\Run: [wyrddsc] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [jwuuegw] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [sowyfka] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [asxdtrs] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [kiajuag] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [xolwbqv] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [udiyjob] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [drvxtjo] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [jghbsxj] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [vmbbmbq] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [jtnconf] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [lnbehah] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [xfgefyi] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [dkokxqb] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [goibjql] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [enywsmf] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [vptftoh] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [tidfrin] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [ymbngvx] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [gvgbqhv] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [wurumet] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [goahmnd] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [jqplcrd] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [vqndgsw] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [giwiojk] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [agowsqn] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [vigbmmq] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [ujosqdw] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [xeaqpiy] c:\windows\deiyxvs.exe
O4 - HKCU\..\Run: [oajtbui] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [xqxvjee] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [csinjug] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [iibimfk] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [fqggfuq] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [bditjkt] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [sfmgjjs] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [iwcbawu] c:\windows\hymqaxn.exe
O4 - HKCU\..\Run: [kpfhfxp] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [ipekfnb] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [cfvvcpr] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [gkusgud] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [qeajjir] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [xxflfwb] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [fsnlqre] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [tgrbtbt] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [umjotwp] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [lxkqgky] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [swxwiem] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [nlvnaqv] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [fcxhhhg] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [mhuweho] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [ilghhcu] c:\windows\mfeewsa.exe
O4 - HKCU\..\Run: [obpcypu] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [ivishrr] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [ciljowl] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [pkhfucc] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [enbfali] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [uoycexr] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [agoihxw] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [smoyilb] c:\windows\vpgjjvi.exe
O4 - HKCU\..\Run: [tskjket] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [tuseakx] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [anppbvl] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [suspmwl] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [bqjwpow] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [dlhqvnw] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [axbrldk] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [btbnwib] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [bejstnc] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [mcboown] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [xxnlhqr] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [sckwbfg] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [dxtiqea] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [mxofnpu] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [luyvqmr] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [glnuvri] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [hruuoud] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [tlshhlo] c:\windows\qibyulr.exe
O4 - HKCU\..\Run: [xqahkpv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [pcmpmnv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ncgxnuv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ejjqlkx] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [phllpwi] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [wteegpn] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [rkdupkn] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [iossmve] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [vlduvwi] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [lwhgtxu] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [basxgmv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [esjyloc] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [rleqcpt] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [dtjxflg] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ufoxgef] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [kwqneuj] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [arrcynb] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [jnevigk] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [sabxkuy] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [mwsmxsr] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [bqrmijw] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [laruyyv] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [kamlvng] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [amljsip] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [mhynisj] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [eeeolry] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [yxxtibx] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [gojywws] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [jcemiwr] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [edwldic] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [gofaxcr] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ojnciai] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [cemhwgj] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [hnfbqsi] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [kbukgmu] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [ropcdun] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [crvvnky] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [eloypxm] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [jatkble] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [mpsrwgc] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [hwtdcle] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [owektfc] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [bvtbmpd] c:\windows\wwprdwc.exe
O4 - HKCU\..\Run: [nfepamq] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [ttolims] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [oycujgg] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [mjguxmd] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [hcjijix] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [eijxrne] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [scxiprj] c:\windows\lvpgfna.exe
O4 - HKCU\..\Run: [qhfshwy] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [jvxmfga] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [mrwsjcf] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [debeskm] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [alecjcp] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [yysqpir] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [wccofbo] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [qxbivig] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [cqpgira] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [sbddwlm] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [fmrorgs] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [mgsvlqa] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [uqsxxqq] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [tgqgxwf] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [tesikrh] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [bnpcjve] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [udapuae] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [dfssary] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [cqjtxdi] c:\windows\evfqogp.exe
O4 - HKCU\..\Run: [ofaanss] c:\windows\wxtpqwq.exe
O4 - HKCU\..\Run: [qbyrrmp] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [eofopnr] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [aimuluf] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [ebvghhq] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [jjhikka] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [orsredc] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [ifjctqr] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [jxrjall] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [lsidrld] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [xkrmujf] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [jphiwxo] c:\windows\akqcdny.exe
O4 - HKCU\..\Run: [ovpmeyh] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [umlxlga] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [bghtids] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [dejcxxu] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [fcaxgls] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [flsrpvv] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [lknokcr] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [gfxiwxu] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [jbismaj] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [muxggfw] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [pfuilta] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [rctbyyj] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [xwdixnh] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [trmhato] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [iddqpnh] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [irqywcl] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [fxtarpt] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [kktopcw] c:\windows\qscxvbr.exe
O4 - HKCU\..\Run: [dtbdwwo] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [fukxexg] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [gbupogv] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [fofrrny] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [mvtsira] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [xnhmsqn] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [unjadbc] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [uavnatb] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [qasvoof] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [jmfbecs] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [hxaqkxt] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [pmomtie] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [daurxgs] c:\windows\tykunet.exe
O4 - HKCU\..\Run: [woychij] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [ccvblyd] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [iycrflt] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [wtuchox] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [fexymgi] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [slfnweq] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [coeqgai] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [gcahucb] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [wducayc] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [phjarqo] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [qxlecls] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [cjeyslq] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [qveidfx] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [wkknngy] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [fqsfogq] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [wwcqbdx] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [bikcesl] c:\windows\olgignr.exe
O4 - HKCU\..\Run: [jcukwad] c:\windows\olgtfov.exe
O4 - HKCU\..\Run: [uyicwfx] c:\windows\olgtfov.exe
O4 - HKCU\..\Run: [oqiavkr] c:\windows\olgtfov.exe
O4 - HKCU\..\Run: [oxhfywk] c:\windows\olgtfov.exe
O4 - HKCU\..\Run: [wweiipg] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [tdufksn] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [eiocieh] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [hutsqxn] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [wviomay] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [hddpkmb] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [xwmmnxa] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [blkbpja] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [kaluogh] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [luydwgb] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [lcnghhf] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [xcjwadg] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [muvufbp] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [njtsubw] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [owjmods] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [imuxbrv] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [sxpvacs] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [fqsxdkd] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [loiajse] c:\windows\rhluudg.exe
O4 - HKCU\..\Run: [maslnmu] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [uwyevqg] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [kpjicil] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [bvjgamf] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [fonwsxr] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [pfiyevh] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [udnjapu] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [nmrbbrn] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [lqaythp] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [oqoihdm] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [fecdwwc] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [krjcxxy] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [jyomvvb] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [ggsqlhf] c:\windows\iwjhjup.exe
O4 - HKCU\..\Run: [kiwacth] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [qqilpnk] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [tduiots] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [ndcwixc] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [dfnwvon] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [nwimtab] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [ytrdaua] c:\windows\tdadyux.exe
O4 - HKCU\..\Run: [lysnkjy] c:\windows\cemkygu.exe
O4 - HKCU\..\Run: [hfvtwbm] c:\windows\cemkygu.exe
O4 - HKCU\..\Run: [mdwigfp] c:\windows\cemkygu.exe
O4 - HKCU\..\Run: [xfhairk] c:\windows\cemkygu.exe
O4 - HKCU\..\Run: [waiogmy] c:\windows\qodjhyu.exe
O4 - HKCU\..\Run: [rjreydu] c:\windows\qodjhyu.exe
O4 - HKCU\..\Run: [mctxgae] c:\windows\modvaty.exe
O4 - HKCU\..\Run: [yuhnkhu] c:\windows\modvaty.exe
O4 - HKCU\..\Run: [vgltcof] c:\windows\modvaty.exe
O4 - HKCU\..\Run: [jrxjdia] c:\windows\auamvqu.exe
O4 - HKCU\..\Run: [oiulhdn] c:\windows\auamvqu.exe
O4 - HKCU\..\Run: [lcuqbvc] c:\windows\auamvqu.exe
O4 - HKCU\..\Run: [bnrsnev] c:\windows\auamvqu.exe
O4 - HKCU\..\Run: [dghxsah] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [jmauuah] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [cewqotd] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [hxsmggx] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [idupkkh] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [qeinffi] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [qacliya] c:\windows\whfcpqb.exe
O4 - HKCU\..\Run: [gmhubqm] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [wygisjb] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [xadsaye] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [hhrcrkc] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [kqrrykg] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [mrdjvtm] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [cfjjxqa] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [hlnnjle] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [ncbokjx] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [cmcmkpv] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [xrebwjt] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [iynvkdd] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [mkvmojj] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [tgfhsdu] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [pgrnmin] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [nmcjtsh] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [wxevtji] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [yvqqcmx] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [slkgmip] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [mehjbks] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [fndynnb] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [tftmvol] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [hivtasf] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [mpltobb] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [dtsktae] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [beivuvb] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [cogyonf] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [uvvknay] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [pqpkbxf] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [qkplelg] c:\windows\ttuoimp.exe
O4 - HKCU\..\Run: [xsgoqme] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [mejmeuu] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [bsljiol] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [fwkiunv] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [nkhehfj] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [skyrxjc] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [strvkqm] c:\windows\secapcf.exe
O4 - HKCU\..\Run: [uyvhuqg] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [fbrddps] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [kqfripi] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [hprocym] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [nfhbwfs] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [bkhdgkv] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [lkrcjcw] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [pnisnha] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [elvpryq] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [xfbseyt] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [bcvvbwn] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [hcwgjlx] c:\windows\ljggjfw.exe
O4 - HKCU\..\Run: [etsasqp] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [rmbpone] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [uhrykmr] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [eewnmln] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [gcijlfg] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [fibijim] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [xyoiiao] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [oqrctuf] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [vticfxv] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [mtqwyws] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [oofhtuj] c:\windows\plujfpe.exe
O4 - HKCU\..\Run: [qdqdcrb] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [nwiinto] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [ltyayam] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [fbnrxcs] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [fcdphey] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [mbebsgx] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [gvigxdn] c:\windows\otptqog.exe
O4 - HKCU\..\Run: [cehfpxa] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [nbaacfw] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [vejbuhc] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [jrbehfc] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [uxkreut] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [onpamfy] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [klyufkt] c:\windows\rrdsspo.exe
O4 - HKCU\..\Run: [vlamybq] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [egddwpd] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [ckshryj] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [lbbqxfg] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [rhxpwuw] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [ypovxio] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [goobocw] c:\windows\fkcnair.exe
O4 - HKCU\..\Run: [ilhymip] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [hqhjadt] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [jpkrdnl] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [whvqkjk] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [udjtftj] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [rordagu] c:\windows\dhkvxht.exe
O4 - HKCU\..\Run: [doxuqsd] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [xbevvnc] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [eokqvxs] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [awjcgbh] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [lwvcirt] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [imkjxjj] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [yebxgyx] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [xpwymvs] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [aeiwmwp] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [xsqvpmj] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [yjsrfel] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [ixfxdwm] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [jrshspo] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [bnpoylx] c:\windows\lklddym.exe
O4 - HKCU\..\Run: [pqnghwq] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [fapvwfc] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [gcqsqsb] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [witjgna] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [hgnmeou] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [nkpmgak] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [ygadewl] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [wttjhcy] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [fdqbhqs] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [toqhkpd] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [llndagu] c:\windows\xtshrfr.exe
O4 - HKCU\..\Run: [yessmdv] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [ayyoqth] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [rtqvevt] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [wnprlol] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [euuerdp] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [iaybamm] c:\windows\elskyke.exe
O4 - HKCU\..\Run: [vjkmhkl] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [rbhmtnn] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [ipbfysv] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [dhcnqsa] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [gnovonj] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [dshujid] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [camkrcr] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [snrpcea] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [ycmmqcx] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [viapjjs] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [rdtcnpl] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [lwuyykl] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [qwibvfr] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [mcnhynj] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [dkerpqy] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [edslijx] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [jourcnj] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [beyefyx] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [vsqjbqw] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [mgkktyy] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [ryphseg] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [vlvrmno] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [vglbyre] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [xjcxivs] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [qfrombm] c:\windows\ilvwiak.exe
O4 - HKCU\..\Run: [vmxuimp] c:\windows\doryday.exe
O4 - HKCU\..\Run: [girfola] c:\windows\doryday.exe
O4 - HKCU\..\Run: [utdgnbl] c:\windows\doryday.exe
O4 - HKCU\..\Run: [qbwqowy] c:\windows\doryday.exe
O4 - HKCU\..\Run: [lxhtwea] c:\windows\doryday.exe
O4 - HKCU\..\Run: [yhffakw] c:\windows\doryday.exe
O4 - HKCU\..\Run: [wpvbnts] c:\windows\doryday.exe
O4 - HKCU\..\Run: [pbowyrb] c:\windows\doryday.exe
O4 - HKCU\..\Run: [kqyywmt] c:\windows\doryday.exe
O4 - HKCU\..\Run: [eltnhri] c:\windows\doryday.exe
O4 - HKCU\..\Run: [wcjtphd] c:\windows\doryday.exe
O4 - HKCU\..\Run: [fmqvhad] c:\windows\doryday.exe
O4 - HKCU\..\Run: [pythtld] c:\windows\doryday.exe
O4 - HKCU\..\Run: [xotoxkh] c:\windows\doryday.exe
O4 - HKCU\..\Run: [qlrolcd] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [nkigpor] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [cxrwtfg] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [vsqhfvs] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [bfalvpc] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [dwiqhfp] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [ysmchfr] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [dxmymjj] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [kvbrqad] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [owbhwdb] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [kuoxvup] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [uaccfjd] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [bmooqph] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [mcbswbd] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [wgbadfn] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [kjafovg] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [ifidiaa] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [esfbiua] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [lryltev] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [gakufoa] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [qgvtigd] c:\windows\njsffim.exe
O4 - HKCU\..\Run: [rodpwgf] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [kccgmgi] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [jlbtost] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [mlxwnih] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [avrhptp] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [umsbvuh] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [ekjomhl] c:\windows\rfhfcgt.exe
O4 - HKCU\..\Run: [tcdifpb] c:\windows\ogofwkh.exe
O4 - HKCU\..\Run: [niapnff] c:\windows\ogofwkh.exe
O4 - HKCU\..\Run: [paaoftx] c:\windows\ogofwkh.exe
O4 - HKCU\..\Run: [qietbgi] c:\windows\ogofwkh.exe
O4 - HKCU\..\Run: [cjlvylc] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [kjaitwk] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [nyfdtlg] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [phdaqql] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [qubywov] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [axfarih] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [wcweduo] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [fubnohu] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [eigrskp] c:\windows\nglhbuv.exe
O4 - HKCU\..\Run: [uabbcui] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [yxrsgpo] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [upqjbnn] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [pgpfyih] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [xiqajtm] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [oihhwqm] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [duinqdw] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [jrlgmip] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [mrtjccp] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [ynmormm] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [ihjqdvu] c:\windows\ifctrkk.exe
O4 - HKCU\..\Run: [uolebrx] c:\windows\usvftdd.exe
O4 - HKCU\..\Run: [rkjtdyq] c:\windows\usvftdd.exe
O4 - HKCU\..\Run: [jvvncye] c:\windows\usvftdd.exe
O4 - HKCU\..\Run: [panusrk] c:\windows\usvftdd.exe
O4 - HKCU\..\Run: [biufxqf] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [qrcymgr] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [lvqddsd] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ufaggtt] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ryljimv] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [myflnab] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [shslnyc] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ashiddy] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [cstvuuh] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [iwudtuk] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [avffwmw] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [fbwvcep] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ucfamiq] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [jeurjbg] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [qhsdkso] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [hbydbyw] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [myillfw] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [yulqxpq] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [pwyqfap] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ljjyraj] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [apmtsav] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [ybbulxv] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [secfpmk] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [kihiwgq] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [spkqqko] c:\windows\ghchyuv.exe
O4 - HKCU\..\Run: [idvjwwf] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [psootvu] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ptctued] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ahejlqd] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [oiixlqg] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ofvsjib] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [uabpltp] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [nafmayw] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ascedmq] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [ypxbmdh] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [pmkyknp] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [xxexnyr] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [jpnhnpi] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [oepfduk] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [cqbecir] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [hchrucj] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [elktbuk] c:\windows\mfieuqa.exe
O4 - HKCU\..\Run: [vonnkpe] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [loilkol] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [juclmaf] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [yswhieu] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [qkmoiqc] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [bimagux] c:\windows\opejwcb.exe
O4 - HKCU\..\Run: [xoktenh] c:\windows\kwcderh.exe
O4 - HKCU\..\Run: [dhqpyja] c:\windows\kwcderh.exe
O4 - HKCU\..\Run: [gevqrpc] c:\windows\kwcderh.exe
O4 - HKCU\..\Run: [kcscuph] c:\windows\kwcderh.exe
O4 - HKCU\..\Run: [skctcxr] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [ctwnhwc] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [ygveaht] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [nopjpdp] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [eyftnyq] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [yogatgj] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [wlbjriy] c:\windows\lphihfd.exe
O4 - HKCU\..\Run: [sxpjebn] c:\windows\vihhemh.exe
O4 - HKCU\..\Run: [hfgwumr] c:\windows\vihhemh.exe
O4 - HKCU\..\Run: [npruxpv] c:\windows\vihhemh.exe
O4 - HKCU\..\Run: [hxnudgm] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [omcdsbq] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [ijuuuwd] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [gcwdote] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [uffvrhu] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [xrljfnd] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [ytcmqxt] c:\windows\eaeomms.exe
O4 - HKCU\..\Run: [txauijs] c:\windows\ttkftog.exe
O4 - HKCU\..\Run: [potlods] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [ngkuwcj] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [mikivko] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [wfxlpma] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [fciankm] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [grkdcuy] c:\windows\cmmjvgr.exe
O4 - HKCU\..\Run: [miiodum] c:\windows\stavfko.exe
O4 - HKCU\..\Run: [kwpkvgk] c:\windows\stavfko.exe
O4 - HKCU\..\Run: [frghmrs] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [isikllq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [ppynlnb] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [gclftsq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [mbsergm] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [qqrtiok] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [swekfhq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [fruovlu] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [coiahwl] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [gpckxpr] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [wmaytqh] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [aixshdx] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [rgguseo] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [qgkwcaf] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [xfjfeln] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [ielkyiw] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [apvvkay] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [ohxqwqg] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [njcskgg] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [feqytdy] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [ckcissi] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [guymabg] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [dnqdqok] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [iwhqqao] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [itnrmws] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [lxnvrwq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [eornmnq] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [ynegtuu] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [wbubtii] c:\windows\bxhrnip.exe
O4 - HKCU\..\Run: [elkwxvh] c:\windows\rykfoao.exe
O4 - HKCU\..\Run: [lxqwpvj] c:\windows\rykfoao.exe
O4 - HKCU\..\Run: [nsjcync] c:\windows\uygujch.exe
O4 - HKCU\..\Run: [sxicjlr] c:\windows\uygujch.exe
O4 - HKCU\..\Run: [dpkbald] c:\windows\uygujch.exe
O4 - HKCU\..\Run: [ajtupvv] c:\windows\uygujch.exe
O4 - HKCU\..\Run: [rmwvmkw] c:\windows\rpqubwb.exe
O4 - HKCU\..\Run: [clntkah] c:\windows\rpqubwb.exe
O4 - HKCU\..\Run: [bucxbvx] c:\windows\rpqubwb.exe
O4 - HKCU\..\Run: [tlckklr] c:\windows\rpqubwb.exe
O4 - HKCU\..\Run: [kcfbtfo] c:\windows\rpqubwb.exe
O4 - HKCU\..\Run: [bgyluni] c:\windows\rpnrfbh.exe
O4 - HKCU\..\Run: [ikrwqkh] c:\windows\rpnrfbh.exe
O4 - HKCU\..\Run: [cobabib] c:\windows\etuudmi.exe
O4 - HKCU\..\Run: [gkxmgpt] c:\windows\etuudmi.exe
O4 - HKCU\..\Run: [anwnesf] c:\windows\etuudmi.exe
O4 - HKCU\..\Run: [pxydegx] c:\windows\etuudmi.exe
O4 - HKCU\..\Run: [hlleiga] c:\windows\etuudmi.exe
O4 - HKCU\..\Run: [ximtswg] c:\windows\etuudmi.exe
O4 - HKCU\..\Run: [cvbnuqw] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [ueylexi] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [ykxkqah] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [xmvycfd] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [blwktdl] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [clbbgxb] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [mrkukhx] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [clalvso] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [xmkvmsj] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [okjfatu] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [fjieoxy] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [xnqeyil] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [mbaipci] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [qrljwjw] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [qdiapmn] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [vhmpqkw] c:\windows\nflfjtr.exe
O4 - HKCU\..\Run: [xqioanj] c:\windows\ejoeito.exe
O4 - HKCU\..\Run: [ufapeuk] c:\windows\ejoeito.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (If you don’t know what this is, place a check by it as well. Also, if you know what it is, remove it from the list of files you will be deleting)

Close all open windows except for HijackThis and click Fix Checked.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Now we will use killbox.
*Double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

c:\windows\xefwvma.exe
c:\windows\dofjcqp.exe
c:\windows\awrsneh.exe
c:\windows\xspkwae.exe
c:\windows\ukxiklm.exe
c:\windows\qyrdrco.exe
c:\windows\igmpfsl.exe
c:\windows\mslvqsc.exe
c:\windows\deiyxvs.exe
c:\windows\hymqaxn.exe
c:\windows\mfeewsa.exe
c:\windows\vpgjjvi.exe
c:\windows\qibyulr.exe
c:\windows\wwprdwc.exe
c:\windows\lvpgfna.exe
c:\windows\evfqogp.exe
c:\windows\wxtpqwq.exe
c:\windows\akqcdny.exe
c:\windows\qscxvbr.exe
c:\windows\tykunet.exe
c:\windows\olgignr.exe
c:\windows\olgtfov.exe
c:\windows\rhluudg.exe
c:\windows\iwjhjup.exe
c:\windows\tdadyux.exe
c:\windows\cemkygu.exe
c:\windows\qodjhyu.exe
c:\windows\modvaty.exe
c:\windows\auamvqu.exe
c:\windows\whfcpqb.exe
c:\windows\ttuoimp.exe
c:\windows\secapcf.exe
c:\windows\ljggjfw.exe
c:\windows\plujfpe.exe
c:\windows\otptqog.exe
c:\windows\rrdsspo.exe
c:\windows\fkcnair.exe
c:\windows\dhkvxht.exe
c:\windows\lklddym.exe
c:\windows\xtshrfr.exe
c:\windows\elskyke.exe
c:\windows\ilvwiak.exe
c:\windows\doryday.exe
c:\windows\njsffim.exe
c:\windows\rfhfcgt.exe
c:\windows\ogofwkh.exe
c:\windows\nglhbuv.exe
c:\windows\ifctrkk.exe
c:\windows\usvftdd.exe
c:\windows\ghchyuv.exe
c:\windows\mfieuqa.exe
c:\windows\opejwcb.exe
c:\windows\kwcderh.exe
c:\windows\lphihfd.exe
c:\windows\vihhemh.exe
c:\windows\eaeomms.exe
c:\windows\ttkftog.exe
c:\windows\cmmjvgr.exe
c:\windows\stavfko.exe
c:\windows\bxhrnip.exe
c:\windows\rykfoao.exe
c:\windows\uygujch.exe
c:\windows\rpqubwb.exe
c:\windows\etuudmi.exe
c:\windows\nflfjtr.exe
c:\windows\ejoeito.exe
C:\Program Files\PartyPoker
C:\WINDOWS\System32\WLTRYSVC.EXE


*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not reboot after that, then reboot it.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. ;)

~Kristy :tazz:
  • 0

#5
ruahogfan2
Posted 14 July 2005 - 07:25 PM

ruahogfan2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Everything is running great. Thanks for your help! However I have a couple of things.

1. How do I learn to help people like you helped me? What your doing is great and I would like to do the same.

2. How do I avoid getting more bad programs on my computer? I was running Zonealarm and Adware but still was hijacked.

3. Maybe a topic for another board but I am running XPHome Edition and everytime at start up a little window of Microsoft Works shows up on the right side of my screen. It is a picture viewer or something. There is a setting for it not to open everytime but it does anyway.

Thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 8:22:58 PM, on 7/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [hkrgajr] c:\windows\jgxgtvb.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Greg
  • 0

#6
Kristy
Posted 14 July 2005 - 08:24 PM

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello ruahogfan2,

Your log looks much better. There's just one more thing that we need to get rid of and you will be set. I will then give you tips on how to prevent this from happening in the future.

The Microsoft Works question should probably be posted in the Windows XP, 2000, 2003, NT forum, or the Microsoft Office forum.

You can learn how to help people like I helped you by signing up in GeekU.

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Next please run HijackThis, click Scan, and check:

O4 - HKCU\..\Run: [hkrgajr] c:\windows\jgxgtvb.exe

Close all open windows except for HijackThis and click Fix Checked.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Be sure you're able to view hidden files, and remove the following files/folders in bold (if found):

c:\windows\jgxgtvb.exe

Empty your recycle bin, and reboot normally.

Rescan with HijackThis, and post a new log.

~Kristy :tazz:

Edited by Rustymilo, 14 July 2005 - 08:27 PM.

  • 0

#7
ruahogfan2
Posted 15 July 2005 - 06:39 PM

ruahogfan2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I just figured out that I was getting files sent to my computer via Microsoft Messenger. I have never jused Messenger before so I was socked to see that happening. The Clearner program alerted me to the problem. I now restricted Messenger with ZoneAlarm.

Thanks again for your help. I am on my to visit GeekU now.

Greg
Go Hogs Go
  • 0

#8
Kristy
Posted 15 July 2005 - 07:13 PM

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
No problem. :tazz:

Can you please post a new HijackThis log so I can make sure it is clean?

~Kristy
  • 0

#9
ruahogfan2
Posted 16 July 2005 - 03:12 PM

ruahogfan2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here you go:

Logfile of HijackThis v1.99.1
Scan saved at 4:11:58 PM, on 7/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • 0

#10
Kristy
Posted 16 July 2005 - 05:35 PM

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello ruahogfan2,

Congratulations! Your log is clean!

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

~Kristy :tazz:
  • 0

#11
Kristy
Posted 29 July 2005 - 01:32 AM

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP