Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

PC Crashing [CLOSED]


  • This topic is locked This topic is locked

#1
GeekNeeder

GeekNeeder

    Member

  • Member
  • PipPip
  • 24 posts
Hello,

My PC has been crashing when I try to do something that uses a lot of CPU. Most of the time, when the CPU usage reaches 100% the PC crashes and I have to reboot from the tower. I haven't been able to run a lot of scans as it would crash while it was scanning. Please have a look at my HijackThis Long (it's kind of too long :tazz: ;) ) It would not fit one post and I do not want to bump the replies...

Logfile of HijackThis v1.99.1
Scan saved at 6:11:21 µµ, on 13/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Creative\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Documents and Settings\Angelos\My Documents\Firefox\firefox.exe
C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://a-search.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Jorge\My Documents\Winamp\winampa.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SiSSoundMan] C:\WINDOWS\System32\SoundMan.exe
O4 - HKLM\..\Run: [SiSSetCDfmt] C:\WINDOWS\System32\SetCDfmt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Pru] C:\WINDOWS\System32\Krs.exe
O4 - HKLM\..\Run: [Pgi] C:\WINDOWS\System32\Vfe.exe
O4 - HKLM\..\Run: [Qfn] C:\WINDOWS\System32\Dgk.exe
O4 - HKLM\..\Run: [Ksv] C:\WINDOWS\System32\Kbq.exe
O4 - HKLM\..\Run: [Pfd] C:\WINDOWS\System32\Hvr.exe
O4 - HKLM\..\Run: [Krk] C:\WINDOWS\Tbi.exe
O4 - HKLM\..\Run: [Ocr] C:\WINDOWS\System32\Hfr.exe
O4 - HKLM\..\Run: [Emn] C:\WINDOWS\System32\Irp.exe
O4 - HKLM\..\Run: [Qnb] C:\WINDOWS\System32\Ddu.exe
O4 - HKLM\..\Run: [Krt] C:\WINDOWS\Ods.exe
O4 - HKLM\..\Run: [Kum] C:\WINDOWS\System32\Tpu.exe
O4 - HKLM\..\Run: [Udc] C:\WINDOWS\Tbo.exe
O4 - HKLM\..\Run: [Trr] C:\WINDOWS\System32\Vrl.exe
O4 - HKLM\..\Run: [Rpi] C:\WINDOWS\Qqc.exe
O4 - HKLM\..\Run: [Tkg] C:\WINDOWS\System32\Puo.exe
O4 - HKLM\..\Run: [Pne] C:\WINDOWS\Shf.exe
O4 - HKLM\..\Run: [Ofq] C:\WINDOWS\System32\Vkg.exe
O4 - HKLM\..\Run: [Hso] C:\WINDOWS\System32\Ful.exe
O4 - HKLM\..\Run: [Eao] C:\WINDOWS\Ukr.exe
O4 - HKLM\..\Run: [Uhu] C:\WINDOWS\Ohj.exe
O4 - HKLM\..\Run: [Odi] C:\WINDOWS\System32\Hmm.exe
O4 - HKLM\..\Run: [Pff] C:\WINDOWS\Lon.exe
O4 - HKLM\..\Run: [Rma] C:\WINDOWS\System32\Kia.exe
O4 - HKLM\..\Run: [Dls] C:\WINDOWS\Cqb.exe
O4 - HKLM\..\Run: [Kko] C:\WINDOWS\System32\Kpg.exe
O4 - HKLM\..\Run: [Geg] C:\WINDOWS\Olo.exe
O4 - HKLM\..\Run: [Hbd] C:\WINDOWS\System32\Fti.exe
O4 - HKLM\..\Run: [Fbq] C:\WINDOWS\Dpv.exe
O4 - HKLM\..\Run: [Shv] C:\WINDOWS\Jvs.exe
O4 - HKLM\..\Run: [Bfb] C:\WINDOWS\Gsv.exe
O4 - HKLM\..\Run: [Pmq] C:\WINDOWS\System32\Poe.exe
O4 - HKLM\..\Run: [Sbe] C:\WINDOWS\Nlu.exe
O4 - HKLM\..\Run: [Rge] C:\WINDOWS\System32\Occ.exe
O4 - HKLM\..\Run: [Mln] C:\WINDOWS\Tqt.exe
O4 - HKLM\..\Run: [Eqm] C:\WINDOWS\System32\Dkh.exe
O4 - HKLM\..\Run: [Uha] C:\WINDOWS\System32\Nsm.exe
O4 - HKLM\..\Run: [Fkr] C:\WINDOWS\Egt.exe
O4 - HKLM\..\Run: [Iui] C:\WINDOWS\Afk.exe
O4 - HKLM\..\Run: [Ngu] C:\WINDOWS\Bis.exe
O4 - HKLM\..\Run: [Eir] C:\WINDOWS\Psg.exe
O4 - HKLM\..\Run: [Aab] C:\WINDOWS\Onc.exe
O4 - HKLM\..\Run: [Hjc] C:\WINDOWS\System32\Mtr.exe
O4 - HKLM\..\Run: [Gvr] C:\WINDOWS\System32\Chd.exe
O4 - HKLM\..\Run: [Oeh] C:\WINDOWS\System32\Mbl.exe
O4 - HKLM\..\Run: [Khh] C:\WINDOWS\System32\Qie.exe
O4 - HKLM\..\Run: [Bja] C:\WINDOWS\Obf.exe
O4 - HKLM\..\Run: [Trl] C:\WINDOWS\System32\Eup.exe
O4 - HKLM\..\Run: [Gpc] C:\WINDOWS\Qiv.exe
O4 - HKLM\..\Run: [Ref] C:\WINDOWS\System32\And.exe
O4 - HKLM\..\Run: [Ujm] C:\WINDOWS\System32\Asr.exe
O4 - HKLM\..\Run: [Gqd] C:\WINDOWS\Eaa.exe
O4 - HKLM\..\Run: [Bfu] C:\WINDOWS\Sdq.exe
O4 - HKLM\..\Run: [Ont] C:\WINDOWS\Eqq.exe
O4 - HKLM\..\Run: [Msf] C:\WINDOWS\System32\Tgk.exe
O4 - HKLM\..\Run: [Msc] C:\WINDOWS\System32\Ffq.exe
O4 - HKLM\..\Run: [Nvm] C:\WINDOWS\System32\Fhk.exe
O4 - HKLM\..\Run: [Fcg] C:\WINDOWS\Euh.exe
O4 - HKLM\..\Run: [Dvs] C:\WINDOWS\System32\Ikp.exe
O4 - HKLM\..\Run: [Gfr] C:\WINDOWS\Pch.exe
O4 - HKLM\..\Run: [Rgt] C:\WINDOWS\System32\Ggh.exe
O4 - HKLM\..\Run: [Tdl] C:\WINDOWS\Asj.exe
O4 - HKLM\..\Run: [Kcc] C:\WINDOWS\Ick.exe
O4 - HKLM\..\Run: [Igr] C:\WINDOWS\System32\Brf.exe
O4 - HKLM\..\Run: [Krq] C:\WINDOWS\Ntg.exe
O4 - HKLM\..\Run: [Bqm] C:\WINDOWS\System32\Nns.exe
O4 - HKLM\..\Run: [Rgc] C:\WINDOWS\System32\Vou.exe
O4 - HKLM\..\Run: [Joi] C:\WINDOWS\Mbc.exe
O4 - HKLM\..\Run: [Pva] C:\WINDOWS\Djv.exe
O4 - HKLM\..\Run: [Huu] C:\WINDOWS\System32\Vtv.exe
O4 - HKLM\..\Run: [Vkd] C:\WINDOWS\Dhm.exe
O4 - HKLM\..\Run: [Qlr] C:\WINDOWS\System32\Fvp.exe
O4 - HKLM\..\Run: [Bgl] C:\WINDOWS\System32\Dfi.exe
O4 - HKLM\..\Run: [Dfr] C:\WINDOWS\System32\Une.exe
O4 - HKLM\..\Run: [Huv] C:\WINDOWS\System32\Tml.exe
O4 - HKLM\..\Run: [Ppn] C:\WINDOWS\System32\Fvs.exe
O4 - HKLM\..\Run: [Hpu] C:\WINDOWS\System32\Qjr.exe
O4 - HKLM\..\Run: [Idj] C:\WINDOWS\System32\Irj.exe
O4 - HKLM\..\Run: [Kta] C:\WINDOWS\Gta.exe
O4 - HKLM\..\Run: [Fug] C:\WINDOWS\Kle.exe
O4 - HKLM\..\Run: [Lts] C:\WINDOWS\System32\Kdg.exe
O4 - HKLM\..\Run: [Bql] C:\WINDOWS\System32\Lag.exe
O4 - HKLM\..\Run: [Oop] C:\WINDOWS\Cac.exe
O4 - HKLM\..\Run: [Aer] C:\WINDOWS\Vvu.exe
O4 - HKLM\..\Run: [Kpk] C:\WINDOWS\Ttd.exe
O4 - HKLM\..\Run: [Nqc] C:\WINDOWS\Rom.exe
O4 - HKLM\..\Run: [Poc] C:\WINDOWS\System32\Qlr.exe
O4 - HKLM\..\Run: [Ctf] C:\WINDOWS\System32\Ggq.exe
O4 - HKLM\..\Run: [Vaf] C:\WINDOWS\System32\Fqv.exe
O4 - HKLM\..\Run: [Leq] C:\WINDOWS\System32\Qrq.exe
O4 - HKLM\..\Run: [Rnq] C:\WINDOWS\Eaj.exe
O4 - HKLM\..\Run: [Fou] C:\WINDOWS\System32\Fou.exe
O4 - HKLM\..\Run: [Suh] C:\WINDOWS\System32\Khq.exe
O4 - HKLM\..\Run: [Auu] C:\WINDOWS\Uou.exe
O4 - HKLM\..\Run: [Qid] C:\WINDOWS\Msj.exe
O4 - HKLM\..\Run: [Qjv] C:\WINDOWS\Gon.exe
O4 - HKLM\..\Run: [Jce] C:\WINDOWS\Hti.exe
O4 - HKLM\..\Run: [Paf] C:\WINDOWS\System32\Nef.exe
O4 - HKLM\..\Run: [Uin] C:\WINDOWS\Jtg.exe
O4 - HKLM\..\Run: [Vjl] C:\WINDOWS\System32\Krb.exe
O4 - HKLM\..\Run: [Ovp] C:\WINDOWS\Hkp.exe
O4 - HKLM\..\Run: [Crl] C:\WINDOWS\System32\Rog.exe
O4 - HKLM\..\Run: [Npl] C:\WINDOWS\System32\Uak.exe
O4 - HKLM\..\Run: [Jer] C:\WINDOWS\Tsk.exe
O4 - HKLM\..\Run: [Aco] C:\WINDOWS\System32\Ddt.exe
O4 - HKLM\..\Run: [Lct] C:\WINDOWS\System32\Bqb.exe
O4 - HKLM\..\Run: [Qrt] C:\WINDOWS\Ubu.exe
O4 - HKLM\..\Run: [Mvf] C:\WINDOWS\System32\Phc.exe
O4 - HKLM\..\Run: [Jeg] C:\WINDOWS\System32\Hjh.exe
O4 - HKLM\..\Run: [Jff] C:\WINDOWS\Bku.exe
O4 - HKLM\..\Run: [Khr] C:\WINDOWS\System32\Eao.exe
O4 - HKLM\..\Run: [Ppb] C:\WINDOWS\System32\Jph.exe
O4 - HKLM\..\Run: [Onn] C:\WINDOWS\System32\Eno.exe
O4 - HKLM\..\Run: [Rhi] C:\WINDOWS\System32\Lan.exe
O4 - HKLM\..\Run: [Gpq] C:\WINDOWS\System32\Urh.exe
O4 - HKLM\..\Run: [Pjj] C:\WINDOWS\Snr.exe
O4 - HKLM\..\Run: [Ast] C:\WINDOWS\Jrb.exe
O4 - HKLM\..\Run: [Ord] C:\WINDOWS\Fau.exe
O4 - HKLM\..\Run: [Qpc] C:\WINDOWS\Mol.exe
O4 - HKLM\..\Run: [Fod] C:\WINDOWS\Bbk.exe
O4 - HKLM\..\Run: [Uig] C:\WINDOWS\Cqf.exe
O4 - HKLM\..\Run: [Mev] C:\WINDOWS\Dtv.exe
O4 - HKLM\..\Run: [Egt] C:\WINDOWS\Rih.exe
O4 - HKLM\..\Run: [Hrl] C:\WINDOWS\Apu.exe
O4 - HKLM\..\Run: [Eln] C:\WINDOWS\System32\Aiv.exe
O4 - HKLM\..\Run: [Bsn] C:\WINDOWS\System32\Lpn.exe
O4 - HKLM\..\Run: [Dsh] C:\WINDOWS\System32\Gic.exe
O4 - HKLM\..\Run: [Jal] C:\WINDOWS\Trv.exe
O4 - HKLM\..\Run: [Hao] C:\WINDOWS\Bdd.exe
O4 - HKLM\..\Run: [Deg] C:\WINDOWS\System32\Gka.exe
O4 - HKLM\..\Run: [Ocb] C:\WINDOWS\System32\Rap.exe
O4 - HKLM\..\Run: [Cie] C:\WINDOWS\Fjp.exe
O4 - HKLM\..\Run: [Gro] C:\WINDOWS\Qpb.exe
O4 - HKLM\..\Run: [Sac] C:\WINDOWS\System32\Ggs.exe
O4 - HKLM\..\Run: [Dct] C:\WINDOWS\Daa.exe
O4 - HKLM\..\Run: [Npk] C:\WINDOWS\System32\Nta.exe
O4 - HKLM\..\Run: [Ctb] C:\WINDOWS\System32\Vfp.exe
O4 - HKLM\..\Run: [Mor] C:\WINDOWS\System32\Sgr.exe
O4 - HKLM\..\Run: [Imm] C:\WINDOWS\System32\Huv.exe
O4 - HKLM\..\Run: [Ffn] C:\WINDOWS\System32\Efb.exe
O4 - HKLM\..\Run: [Etm] C:\WINDOWS\System32\Hhc.exe
O4 - HKLM\..\Run: [Nut] C:\WINDOWS\Inf.exe
O4 - HKLM\..\Run: [Mcj] C:\WINDOWS\Tdr.exe
O4 - HKLM\..\Run: [Vvp] C:\WINDOWS\System32\Ttd.exe
O4 - HKLM\..\Run: [Lis] C:\WINDOWS\System32\Iob.exe
O4 - HKLM\..\Run: [Mma] C:\WINDOWS\Mpq.exe
O4 - HKLM\..\Run: [Pto] C:\WINDOWS\Bca.exe
O4 - HKLM\..\Run: [Vmj] C:\WINDOWS\System32\Dnc.exe
O4 - HKLM\..\Run: [Qga] C:\WINDOWS\Mrh.exe
O4 - HKLM\..\Run: [Vij] C:\WINDOWS\System32\Foi.exe
O4 - HKLM\..\Run: [Oam] C:\WINDOWS\Osg.exe
O4 - HKLM\..\Run: [Gbc] C:\WINDOWS\Cao.exe
O4 - HKLM\..\Run: [Mdc] C:\WINDOWS\System32\Ops.exe
O4 - HKLM\..\Run: [Qmf] C:\WINDOWS\Hel.exe
O4 - HKLM\..\Run: [Moe] C:\WINDOWS\Lmh.exe
O4 - HKLM\..\Run: [Nvk] C:\WINDOWS\System32\Trl.exe
O4 - HKLM\..\Run: [Nfp] C:\WINDOWS\Srh.exe
O4 - HKLM\..\Run: [Aci] C:\WINDOWS\System32\Qvj.exe
O4 - HKLM\..\Run: [Tjf] C:\WINDOWS\Ldk.exe
O4 - HKLM\..\Run: [Cvj] C:\WINDOWS\Mdp.exe
O4 - HKLM\..\Run: [Gcc] C:\WINDOWS\System32\Mid.exe
O4 - HKLM\..\Run: [Nfq] C:\WINDOWS\Svi.exe
O4 - HKLM\..\Run: [Ifq] C:\WINDOWS\Dlm.exe
O4 - HKLM\..\Run: [Lka] C:\WINDOWS\System32\Ula.exe
O4 - HKLM\..\Run: [Jst] C:\WINDOWS\System32\Cse.exe
O4 - HKLM\..\Run: [Hlo] C:\WINDOWS\System32\Lbd.exe
O4 - HKLM\..\Run: [Bmo] C:\WINDOWS\System32\Mls.exe
O4 - HKLM\..\Run: [Jie] C:\WINDOWS\System32\Oao.exe
O4 - HKLM\..\Run: [Phf] C:\WINDOWS\System32\Kbg.exe
O4 - HKLM\..\Run: [Seg] C:\WINDOWS\System32\Idd.exe
O4 - HKLM\..\Run: [Tit] C:\WINDOWS\Smo.exe
O4 - HKLM\..\Run: [Rjn] C:\WINDOWS\System32\Mbi.exe
O4 - HKLM\..\Run: [Fqc] C:\WINDOWS\System32\Lgc.exe
O4 - HKLM\..\Run: [Hhn] C:\WINDOWS\Rul.exe
O4 - HKLM\..\Run: [Mkr] C:\WINDOWS\Kta.exe
O4 - HKLM\..\Run: [Qdj] C:\WINDOWS\System32\Dip.exe
O4 - HKLM\..\Run: [Guc] C:\WINDOWS\System32\Fld.exe
O4 - HKLM\..\Run: [Rgn] C:\WINDOWS\System32\Mai.exe
O4 - HKLM\..\Run: [Omh] C:\WINDOWS\System32\Gjo.exe
O4 - HKLM\..\Run: [Vio] C:\WINDOWS\System32\Ced.exe
O4 - HKLM\..\Run: [Ovj] C:\WINDOWS\System32\Vtl.exe
O4 - HKLM\..\Run: [Lcq] C:\WINDOWS\System32\Ils.exe
O4 - HKLM\..\Run: [Fjv] C:\WINDOWS\System32\Ska.exe
O4 - HKLM\..\Run: [Lig] C:\WINDOWS\System32\Ihd.exe
O4 - HKLM\..\Run: [Oue] C:\WINDOWS\System32\Eka.exe
O4 - HKLM\..\Run: [Csr] C:\WINDOWS\Qhu.exe
O4 - HKLM\..\Run: [Bfm] C:\WINDOWS\Idp.exe
O4 - HKLM\..\Run: [Fjf] C:\WINDOWS\System32\Mnp.exe
O4 - HKLM\..\Run: [Ean] C:\WINDOWS\System32\Jhu.exe
O4 - HKLM\..\Run: [Iva] C:\WINDOWS\Irk.exe
O4 - HKLM\..\Run: [Pdc] C:\WINDOWS\Dlp.exe
O4 - HKLM\..\Run: [Iis] C:\WINDOWS\System32\Tee.exe
O4 - HKLM\..\Run: [Dsg] C:\WINDOWS\System32\Gvt.exe
O4 - HKLM\..\Run: [Olb] C:\WINDOWS\Irc.exe
O4 - HKLM\..\Run: [Voa] C:\WINDOWS\Vat.exe
O4 - HKLM\..\Run: [Onr] C:\WINDOWS\Dcv.exe
O4 - HKLM\..\Run: [Rvp] C:\WINDOWS\System32\Feo.exe
O4 - HKLM\..\Run: [Eqr] C:\WINDOWS\Vai.exe
O4 - HKLM\..\Run: [Cqv] C:\WINDOWS\System32\Cue.exe
O4 - HKLM\..\Run: [Gtn] C:\WINDOWS\System32\Bbb.exe
O4 - HKLM\..\Run: [Qem] C:\WINDOWS\Dua.exe
O4 - HKLM\..\Run: [Rmk] C:\WINDOWS\Qpm.exe
O4 - HKLM\..\Run: [Lbc] C:\WINDOWS\Qan.exe
O4 - HKLM\..\Run: [Enm] C:\WINDOWS\Rdi.exe
O4 - HKLM\..\Run: [Ksl] C:\WINDOWS\System32\Krk.exe
O4 - HKLM\..\Run: [Nto] C:\WINDOWS\System32\Ukg.exe
O4 - HKLM\..\Run: [Jjg] C:\WINDOWS\Frm.exe
O4 - HKLM\..\Run: [Blv] C:\WINDOWS\System32\Ujj.exe
O4 - HKLM\..\Run: [Hob] C:\WINDOWS\Hvj.exe
O4 - HKLM\..\Run: [Nov] C:\WINDOWS\System32\Fef.exe
O4 - HKLM\..\Run: [Ohl] C:\WINDOWS\System32\Ala.exe
O4 - HKLM\..\Run: [Quf] C:\WINDOWS\Ama.exe
O4 - HKLM\..\Run: [Rip] C:\WINDOWS\System32\Ire.exe
O4 - HKLM\..\Run: [Vnp] C:\WINDOWS\System32\Fod.exe
O4 - HKLM\..\Run: [Edo] C:\WINDOWS\Bjg.exe
O4 - HKLM\..\Run: [Pun] C:\WINDOWS\System32\Bnp.exe
O4 - HKLM\..\Run: [Ahu] C:\WINDOWS\System32\Kts.exe
O4 - HKLM\..\Run: [Vnt] C:\WINDOWS\System32\Geq.exe
O4 - HKLM\..\Run: [Idk] C:\WINDOWS\Nem.exe
O4 - HKLM\..\Run: [Quo] C:\WINDOWS\System32\Ffa.exe
O4 - HKLM\..\Run: [Fnl] C:\WINDOWS\System32\Vla.exe
O4 - HKLM\..\Run: [Gtr] C:\WINDOWS\Hgj.exe
O4 - HKLM\..\Run: [Ulo] C:\WINDOWS\System32\Rhg.exe
O4 - HKLM\..\Run: [Kul] C:\WINDOWS\Fuq.exe
O4 - HKLM\..\Run: [Lri] C:\WINDOWS\Gps.exe
O4 - HKLM\..\Run: [Hde] C:\WINDOWS\System32\Lip.exe
O4 - HKLM\..\Run: [Rpc] C:\WINDOWS\Ufp.exe
O4 - HKLM\..\Run: [Iti] C:\WINDOWS\System32\Jeq.exe
O4 - HKLM\..\Run: [Alm] C:\WINDOWS\System32\Ici.exe
O4 - HKLM\..\Run: [Glp] C:\WINDOWS\Ppc.exe
O4 - HKLM\..\Run: [Atd] C:\WINDOWS\Qbk.exe
O4 - HKLM\..\Run: [Qgc] C:\WINDOWS\System32\Brj.exe
O4 - HKLM\..\Run: [Rkh] C:\WINDOWS\Lti.exe
O4 - HKLM\..\Run: [Hda] C:\WINDOWS\System32\Ptv.exe
O4 - HKLM\..\Run: [Oqb] C:\WINDOWS\System32\Uve.exe
O4 - HKLM\..\Run: [Ahv] C:\WINDOWS\System32\Loo.exe
O4 - HKLM\..\Run: [Vcs] C:\WINDOWS\System32\Hml.exe
O4 - HKLM\..\Run: [Dmu] C:\WINDOWS\Amh.exe
O4 - HKLM\..\Run: [Qod] C:\WINDOWS\Mfh.exe
O4 - HKLM\..\Run: [Qud] C:\WINDOWS\System32\Ipt.exe
O4 - HKLM\..\Run: [Bdr] C:\WINDOWS\Fmu.exe
O4 - HKLM\..\Run: [Vpt] C:\WINDOWS\System32\Can.exe
O4 - HKLM\..\Run: [Ffi] C:\WINDOWS\Pqc.exe
O4 - HKLM\..\Run: [Vtm] C:\WINDOWS\Jer.exe
O4 - HKLM\..\Run: [Ema] C:\WINDOWS\System32\Qok.exe
O4 - HKLM\..\Run: [Ude] C:\WINDOWS\System32\Hvb.exe
O4 - HKLM\..\Run: [Ghq] C:\WINDOWS\System32\Rgi.exe
O4 - HKLM\..\Run: [Jrr] C:\WINDOWS\System32\Ook.exe
O4 - HKLM\..\Run: [Pmj] C:\WINDOWS\Gtr.exe
O4 - HKLM\..\Run: [Doi] C:\WINDOWS\System32\Vvj.exe
O4 - HKLM\..\Run: [Gtd] C:\WINDOWS\System32\Ebs.exe
O4 - HKLM\..\Run: [Urj] C:\WINDOWS\Gqq.exe
O4 - HKLM\..\Run: [Fht] C:\WINDOWS\Aum.exe
O4 - HKLM\..\Run: [Igi] C:\WINDOWS\System32\Tip.exe
O4 - HKLM\..\Run: [Pbe] C:\WINDOWS\System32\Btc.exe
O4 - HKLM\..\Run: [Pnt] C:\WINDOWS\Jee.exe
O4 - HKLM\..\Run: [Ick] C:\WINDOWS\Fuu.exe
O4 - HKLM\..\Run: [Kdp] C:\WINDOWS\System32\Lig.exe
O4 - HKLM\..\Run: [Ifu] C:\WINDOWS\Jqh.exe
O4 - HKLM\..\Run: [Htl] C:\WINDOWS\System32\Hij.exe
O4 - HKLM\..\Run: [Bah] C:\WINDOWS\System32\Hcn.exe
O4 - HKLM\..\Run: [Amu] C:\WINDOWS\Dbo.exe
O4 - HKLM\..\Run: [Klm] C:\WINDOWS\Qfp.exe
O4 - HKLM\..\Run: [Kog] C:\WINDOWS\System32\Dme.exe
O4 - HKLM\..\Run: [Uio] C:\WINDOWS\Mms.exe
O4 - HKLM\..\Run: [Imp] C:\WINDOWS\Ouj.exe
O4 - HKLM\..\Run: [Spp] C:\WINDOWS\System32\Jkt.exe
O4 - HKLM\..\Run: [One] C:\WINDOWS\Eil.exe
O4 - HKLM\..\Run: [Obl] C:\WINDOWS\Dgm.exe
O4 - HKLM\..\Run: [Pnc] C:\WINDOWS\Iqq.exe
O4 - HKLM\..\Run: [Dpo] C:\WINDOWS\System32\Bie.exe
O4 - HKLM\..\Run: [Esi] C:\WINDOWS\System32\Jpp.exe
O4 - HKLM\..\Run: [Agq] C:\WINDOWS\Sdu.exe
O4 - HKLM\..\Run: [Jsg] C:\WINDOWS\System32\Lcj.exe
O4 - HKLM\..\Run: [Iav] C:\WINDOWS\System32\Edu.exe
O4 - HKLM\..\Run: [Ldi] C:\WINDOWS\System32\Dtv.exe
O4 - HKLM\..\Run: [Qlh] C:\WINDOWS\Bod.exe
O4 - HKLM\..\Run: [Utu] C:\WINDOWS\Vqu.exe
O4 - HKLM\..\Run: [Csb] C:\WINDOWS\Our.exe
O4 - HKLM\..\Run: [Ett] C:\WINDOWS\System32\Qfb.exe
O4 - HKLM\..\Run: [Kkb] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Tgo] C:\WINDOWS\System32\Bkq.exe
O4 - HKLM\..\Run: [Okj] C:\WINDOWS\System32\Jpm.exe
O4 - HKLM\..\Run: [Tfi] C:\WINDOWS\System32\Lul.exe
O4 - HKLM\..\Run: [Qhv] C:\WINDOWS\Ipi.exe
O4 - HKLM\..\Run: [Dmd] C:\WINDOWS\Pdc.exe
O4 - HKLM\..\Run: [Dpr] C:\WINDOWS\System32\Gnu.exe
O4 - HKLM\..\Run: [Enc] C:\WINDOWS\System32\Uie.exe
O4 - HKLM\..\Run: [Vql] C:\WINDOWS\Mfd.exe
O4 - HKLM\..\Run: [Hhp] C:\WINDOWS\System32\Mmo.exe
O4 - HKLM\..\Run: [Bub] C:\WINDOWS\System32\Jfp.exe
O4 - HKLM\..\Run: [Qal] C:\WINDOWS\Phj.exe
O4 - HKLM\..\Run: [Hme] C:\WINDOWS\System32\Grn.exe
O4 - HKLM\..\Run: [Kjn] C:\WINDOWS\System32\Pfo.exe
O4 - HKLM\..\Run: [Abu] C:\WINDOWS\System32\Pok.exe
O4 - HKLM\..\Run: [Rpb] C:\WINDOWS\System32\Ldb.exe
O4 - HKLM\..\Run: [Kvs] C:\WINDOWS\System32\Gbk.exe
O4 - HKLM\..\Run: [Khj] C:\WINDOWS\Bmi.exe
O4 - HKLM\..\Run: [Kff] C:\WINDOWS\Ijt.exe
O4 - HKLM\..\Run: [Pem] C:\WINDOWS\Bse.exe
O4 - HKLM\..\Run: [Cfc] C:\WINDOWS\Oan.exe
O4 - HKLM\..\Run: [Cil] C:\WINDOWS\System32\Tfp.exe
O4 - HKLM\..\Run: [Lrv] C:\WINDOWS\System32\Brf.exe
O4 - HKLM\..\Run: [Fhk] C:\WINDOWS\Jas.exe
O4 - HKLM\..\Run: [Quu] C:\WINDOWS\Npl.exe
O4 - HKLM\..\Run: [Cub] C:\WINDOWS\Joh.exe
O4 - HKLM\..\Run: [Otj] C:\WINDOWS\System32\Hia.exe
O4 - HKLM\..\Run: [Dbs] C:\WINDOWS\Phl.exe
O4 - HKLM\..\Run: [Pna] C:\WINDOWS\System32\Lea.exe
O4 - HKLM\..\Run: [Ubm] C:\WINDOWS\System32\Vpm.exe
O4 - HKLM\..\Run: [Aul] C:\WINDOWS\Lnt.exe
O4 - HKLM\..\Run: [Off] C:\WINDOWS\Vtt.exe
O4 - HKLM\..\Run: [Ioa] C:\WINDOWS\Mjb.exe
O4 - HKLM\..\Run: [Cbm] C:\WINDOWS\Mju.exe
O4 - HKLM\..\Run: [Bue] C:\WINDOWS\System32\Bmg.exe
O4 - HKLM\..\Run: [Enb] C:\WINDOWS\Qmm.exe
O4 - HKLM\..\Run: [Rbh] C:\WINDOWS\Pnv.exe
O4 - HKLM\..\Run: [Nic] C:\WINDOWS\Tqn.exe
O4 - HKLM\..\Run: [Jmb] C:\WINDOWS\System32\Aui.exe
O4 - HKLM\..\Run: [Qhn] C:\WINDOWS\Qcp.exe
O4 - HKLM\..\Run: [Tci] C:\WINDOWS\System32\Ihl.exe
O4 - HKLM\..\Run: [Fai] C:\WINDOWS\Hba.exe
O4 - HKLM\..\Run: [Otb] C:\WINDOWS\System32\Alo.exe
O4 - HKLM\..\Run: [Inh] C:\WINDOWS\Ubc.exe
O4 - HKLM\..\Run: [Aba] C:\WINDOWS\System32\Hbm.exe
O4 - HKLM\..\Run: [Kns] C:\WINDOWS\System32\Ndu.exe
O4 - HKLM\..\Run: [Miu] C:\WINDOWS\System32\Lgg.exe
O4 - HKLM\..\Run: [Uns] C:\WINDOWS\Ssf.exe
O4 - HKLM\..\Run: [Llo] C:\WINDOWS\Ftc.exe
O4 - HKLM\..\Run: [Ijp] C:\WINDOWS\System32\Qqk.exe
O4 - HKLM\..\Run: [Jfu] C:\WINDOWS\System32\Ahc.exe
O4 - HKLM\..\Run: [Nts] C:\WINDOWS\System32\Qel.exe
O4 - HKLM\..\Run: [Dcu] C:\WINDOWS\System32\Dpd.exe
O4 - HKLM\..\Run: [Cuh] C:\WINDOWS\Grb.exe
O4 - HKLM\..\Run: [Iqn] C:\WINDOWS\Pji.exe
O4 - HKLM\..\Run: [Cjb] C:\WINDOWS\Gdq.exe
O4 - HKLM\..\Run: [Fnp] C:\WINDOWS\System32\Vik.exe
O4 - HKLM\..\Run: [Qhd] C:\WINDOWS\Tcp.exe
O4 - HKLM\..\Run: [Fck] C:\WINDOWS\System32\Goc.exe
O4 - HKLM\..\Run: [Jcr] C:\WINDOWS\System32\Qtk.exe
O4 - HKLM\..\Run: [Gef] C:\WINDOWS\System32\Vmg.exe
O4 - HKLM\..\Run: [Car] C:\WINDOWS\Prb.exe
O4 - HKLM\..\Run: [Pkj] C:\WINDOWS\System32\Cbo.exe
O4 - HKLM\..\Run: [Roi] C:\WINDOWS\Ebb.exe
O4 - HKLM\..\Run: [Evj] C:\WINDOWS\Asu.exe
O4 - HKLM\..\Run: [Smr] C:\WINDOWS\System32\Ush.exe
O4 - HKLM\..\Run: [Vpf] C:\WINDOWS\Ota.exe
O4 - HKLM\..\Run: [Dnq] C:\WINDOWS\System32\Dns.exe
O4 - HKLM\..\Run: [Snc] C:\WINDOWS\System32\Efo.exe
O4 - HKLM\..\Run: [Kkd] C:\WINDOWS\Fub.exe
O4 - HKLM\..\Run: [Tll] C:\WINDOWS\System32\Hgg.exe
O4 - HKLM\..\Run: [Mqi] C:\WINDOWS\Hgs.exe
O4 - HKLM\..\Run: [Bpf] C:\WINDOWS\Oas.exe
O4 - HKLM\..\Run: [Oaj] C:\WINDOWS\System32\Ggk.exe
O4 - HKLM\..\Run: [Krj] C:\WINDOWS\System32\Mgr.exe
O4 - HKLM\..\Run: [Hbn] C:\WINDOWS\Cng.exe
O4 - HKLM\..\Run: [Ppc] C:\WINDOWS\System32\Ron.exe
O4 - HKLM\..\Run: [Rtt] C:\WINDOWS\Loe.exe
O4 - HKLM\..\Run: [Iua] C:\WINDOWS\System32\Pro.exe
O4 - HKLM\..\Run: [Cml] C:\WINDOWS\System32\Tkp.exe
O4 - HKLM\..\Run: [Qsi] C:\WINDOWS\Urs.exe
O4 - HKLM\..\Run: [Lvp] C:\WINDOWS\Eup.exe
O4 - HKLM\..\Run: [Vqo] C:\WINDOWS\Amo.exe
O4 - HKLM\..\Run: [Okk] C:\WINDOWS\System32\Jlc.exe
O4 - HKLM\..\Run: [Hlj] C:\WINDOWS\Aes.exe
O4 - HKLM\..\Run: [Bnu] C:\WINDOWS\Cgc.exe
O4 - HKLM\..\Run: [Dev] C:\WINDOWS\Ujm.exe
O4 - HKLM\..\Run: [Buv] C:\WINDOWS\System32\Stv.exe
O4 - HKLM\..\Run: [Rgm] C:\WINDOWS\System32\Ugg.exe
O4 - HKLM\..\Run: [Kmj] C:\WINDOWS\System32\Kgq.exe
O4 - HKLM\..\Run: [Got] C:\WINDOWS\Krj.exe
O4 - HKLM\..\Run: [Kbc] C:\WINDOWS\Rkq.exe
O4 - HKLM\..\Run: [Eal] C:\WINDOWS\System32\Bba.exe
O4 - HKLM\..\Run: [Ldr] C:\WINDOWS\System32\Ori.exe
O4 - HKLM\..\Run: [Fas] C:\WINDOWS\Iuc.exe
O4 - HKLM\..\Run: [Nnf] C:\WINDOWS\Tse.exe
O4 - HKLM\..\Run: [Rmf] C:\WINDOWS\Sql.exe
O4 - HKLM\..\Run: [Dpb] C:\WINDOWS\System32\Hta.exe
O4 - HKLM\..\Run: [Cii] C:\WINDOWS\System32\Dkk.exe
O4 - HKLM\..\Run: [Edf] C:\WINDOWS\System32\Jvv.exe
O4 - HKLM\..\Run: [Pov] C:\WINDOWS\System32\Lbv.exe
O4 - HKLM\..\Run: [Sbl] C:\WINDOWS\System32\Jsh.exe
O4 - HKLM\..\Run: [Hjj] C:\WINDOWS\System32\Rpu.exe
O4 - HKLM\..\Run: [Cbg] C:\WINDOWS\Jsk.exe
O4 - HKLM\..\Run: [Qfl] C:\WINDOWS\System32\Sav.exe
O4 - HKLM\..\Run: [Boi] C:\WINDOWS\Eht.exe
O4 - HKLM\..\Run: [Ici] C:\WINDOWS\Jmq.exe
O4 - HKLM\..\Run: [Nrb] C:\WINDOWS\System32\Ras.exe
O4 - HKLM\..\Run: [Sed] C:\WINDOWS\System32\Lqk.exe
O4 - HKLM\..\Run: [Ajm] C:\WINDOWS\System32\Enr.exe
O4 - HKLM\..\Run: [Kkv] C:\WINDOWS\System32\Csm.exe
O4 - HKLM\..\Run: [Knc] C:\WINDOWS\System32\Pqq.exe
O4 - HKLM\..\Run: [Lla] C:\WINDOWS\System32\Pdm.exe
O4 - HKLM\..\Run: [Oct] C:\WINDOWS\Stq.exe
O4 - HKLM\..\Run: [Bia] C:\WINDOWS\Cvg.exe
O4 - HKLM\..\Run: [Kqs] C:\WINDOWS\System32\Fms.exe
O4 - HKLM\..\Run: [Elq] C:\WINDOWS\System32\Ncv.exe
O4 - HKLM\..\Run: [Djt] C:\WINDOWS\Avc.exe
O4 - HKLM\..\Run: [Jkv] C:\WINDOWS\Uie.exe
O4 - HKLM\..\Run: [Trn] C:\WINDOWS\Sam.exe
O4 - HKLM\..\Run: [Ufg] C:\WINDOWS\System32\Dvu.exe
O4 - HKLM\..\Run: [Vkf] C:\WINDOWS\System32\Pub.exe
O4 - HKLM\..\Run: [Kei] C:\WINDOWS\System32\Qds.exe
O4 - HKLM\..\Run: [Bcj] C:\WINDOWS\System32\Aas.exe
O4 - HKLM\..\Run: [Jiu] C:\WINDOWS\System32\Elv.exe
O4 - HKLM\..\Run: [Gqu] C:\WINDOWS\System32\Gep.exe
O4 - HKLM\..\Run: [Ksb] C:\WINDOWS\Coj.exe
O4 - HKLM\..\Run: [Kbn] C:\WINDOWS\Lis.exe
O4 - HKLM\..\Run: [Sil] C:\WINDOWS\Hbv.exe
O4 - HKLM\..\Run: [Csh] C:\WINDOWS\System32\Emo.exe
O4 - HKLM\..\Run: [Jab] C:\WINDOWS\Ojp.exe
O4 - HKLM\..\Run: [Ksf] C:\WINDOWS\System32\Efl.exe
O4 - HKLM\..\Run: [Fuq] C:\WINDOWS\Bnm.exe
O4 - HKLM\..\Run: [Ndf] C:\WINDOWS\System32\Ouo.exe
O4 - HKLM\..\Run: [Gvv] C:\WINDOWS\Lel.exe
O4 - HKLM\..\Run: [Pjc] C:\WINDOWS\Iie.exe
O4 - HKLM\..\Run: [Lqk] C:\WINDOWS\Ood.exe
O4 - HKLM\..\Run: [Vlr] C:\WINDOWS\System32\Ojl.exe
O4 - HKLM\..\Run: [Nmv] C:\WINDOWS\Arr.exe
O4 - HKLM\..\Run: [Heg] C:\WINDOWS\System32\Alb.exe
O4 - HKLM\..\Run: [Che] C:\WINDOWS\System32\Eph.exe
O4 - HKLM\..\Run: [Eck] C:\WINDOWS\Dhu.exe
O4 - HKLM\..\Run: [Ejm] C:\WINDOWS\Uff.exe
O4 - HKLM\..\Run: [Shg] C:\WINDOWS\Itv.exe
O4 - HKLM\..\Run: [Vkj] C:\WINDOWS\System32\Uth.exe
O4 - HKLM\..\Run: [Qgh] C:\WINDOWS\System32\Kqd.exe
O4 - HKLM\..\Run: [Lam] C:\WINDOWS\System32\Vlr.exe
O4 - HKLM\..\Run: [Oji] C:\WINDOWS\Ccd.exe
O4 - HKLM\..\Run: [Mfg] C:\WINDOWS\Uah.exe
O4 - HKLM\..\Run: [Nmp] C:\WINDOWS\System32\Sie.exe
O4 - HKLM\..\Run: [Cli] C:\WINDOWS\System32\Mrc.exe
O4 - HKLM\..\Run: [Dge] C:\WINDOWS\System32\Jun.exe
O4 - HKLM\..\Run: [Bnn] C:\WINDOWS\System32\Oms.exe
O4 - HKLM\..\Run: [Gps] C:\WINDOWS\Oem.exe
O4 - HKLM\..\Run: [Cup] C:\WINDOWS\Tpe.exe
O4 - HKLM\..\Run: [Aut] C:\WINDOWS\System32\Ndr.exe
O4 - HKLM\..\Run: [Tvi] C:\WINDOWS\System32\Koi.exe
O4 - HKLM\..\Run: [Vfe] C:\WINDOWS\Cnk.exe
O4 - HKLM\..\Run: [Btm] C:\WINDOWS\System32\Drq.exe
O4 - HKLM\..\Run: [Dst] C:\WINDOWS\Vuu.exe
O4 - HKLM\..\Run: [Kdc] C:\WINDOWS\Uts.exe
O4 - HKLM\..\Run: [Crp] C:\WINDOWS\System32\Cnm.exe
O4 - HKLM\..\Run: [Gse] C:\WINDOWS\Gll.exe
O4 - HKLM\..\Run: [Pmh] C:\WINDOWS\Sdd.exe
O4 - HKLM\..\Run: [Lgb] C:\WINDOWS\Kbo.exe
O4 - HKLM\..\Run: [Gso] C:\WINDOWS\Njq.exe
O4 - HKLM\..\Run: [Prc] C:\WINDOWS\Ghn.exe
O4 - HKLM\..\Run: [Ult] C:\WINDOWS\System32\Gso.exe
O4 - HKLM\..\Run: [Lan] C:\WINDOWS\System32\Hbn.exe
O4 - HKLM\..\Run: [Cfl] C:\WINDOWS\Ebu.exe
O4 - HKLM\..\Run: [Cso] C:\WINDOWS\System32\Esk.exe
O4 - HKLM\..\Run: [Jlj] C:\WINDOWS\Bek.exe
O4 - HKLM\..\Run: [Bht] C:\WINDOWS\Ncu.exe
O4 - HKLM\..\Run: [Urd] C:\WINDOWS\System32\Pov.exe
O4 - HKLM\..\Run: [Bed] C:\WINDOWS\Jtg.exe
O4 - HKLM\..\Run: [Grv] C:\WINDOWS\Vkp.exe
O4 - HKLM\..\Run: [Git] C:\WINDOWS\System32\Tcr.exe
O4 - HKLM\..\Run: [Pql] C:\WINDOWS\System32\Fbd.exe
O4 - HKLM\..\Run: [Qtc] C:\WINDOWS\System32\Ppq.exe
O4 - HKLM\..\Run: [Bms] C:\WINDOWS\Hlh.exe
O4 - HKLM\..\Run: [Une] C:\WINDOWS\System32\Afl.exe
O4 - HKLM\..\Run: [Svp] C:\WINDOWS\Nna.exe
O4 - HKLM\..\Run: [Kkj] C:\WINDOWS\System32\Aui.exe
O4 - HKLM\..\Run: [Gbd] C:\WINDOWS\System32\Sut.exe
O4 - HKLM\..\Run: [Ajo] C:\WINDOWS\System32\Eqo.exe
O4 - HKLM\..\Run: [Qmk] C:\WINDOWS\Han.exe
O4 - HKLM\..\Run: [Mpu] C:\WINDOWS\Bgu.exe
O4 - HKLM\..\Run: [Bes] C:\WINDOWS\System32\Dkt.exe
O4 - HKLM\..\Run: [Ouq] C:\WINDOWS\Ejr.exe
O4 - HKLM\..\Run: [Jrl] C:\WINDOWS\Bkk.exe
O4 - HKLM\..\Run: [Eje] C:\WINDOWS\System32\Ujl.exe
O4 - HKLM\..\Run: [Rmr] C:\WINDOWS\Gcj.exe
O4 - HKLM\..\Run: [Abf] C:\WINDOWS\Aeb.exe
O4 - HKLM\..\Run: [Avh] C:\WINDOWS\Lud.exe
O4 - HKLM\..\Run: [Qei] C:\WINDOWS\System32\Jvo.exe
O4 - HKLM\..\Run: [Qer] C:\WINDOWS\Cnh.exe
O4 - HKLM\..\Run: [Ftl] C:\WINDOWS\Ubr.exe
O4 - HKLM\..\Run: [Nfa] C:\WINDOWS\Rbl.exe
O4 - HKLM\..\Run: [Chd] C:\WINDOWS\System32\Gnb.exe
O4 - HKLM\..\Run: [Fhe] C:\WINDOWS\Fne.exe
O4 - HKLM\..\Run: [Tia] C:\WINDOWS\System32\Eaj.exe
O4 - HKLM\..\Run: [Tur] C:\WINDOWS\Gvh.exe
O4 - HKLM\..\Run: [Mfr] C:\WINDOWS\System32\Lem.exe
O4 - HKLM\..\Run: [Fpb] C:\WINDOWS\System32\Rug.exe
O4 - HKLM\..\Run: [Hqo] C:\WINDOWS\Lpd.exe
O4 - HKLM\..\Run: [Vdq] C:\WINDOWS\System32\Gnf.exe
O4 - HKLM\..\Run: [Vso] C:\WINDOWS\System32\Gbq.exe
O4 - HKLM\..\Run: [Ktq] C:\WINDOWS\Jum.exe
O4 - HKLM\..\Run: [Jdj] C:\WINDOWS\System32\Qlm.exe
O4 - HKLM\..\Run: [Mar] C:\WINDOWS\System32\Ocl.exe
O4 - HKLM\..\Run: [Osr] C:\WINDOWS\System32\Tbv.exe
O4 - HKLM\..\Run: [Ars] C:\WINDOWS\System32\Teb.exe
O4 - HKLM\..\Run: [Naa] C:\WINDOWS\Dmv.exe
O4 - HKLM\..\Run: [Mpt] C:\WINDOWS\System32\Vva.exe
O4 - HKLM\..\Run: [Dkr] C:\WINDOWS\Ujv.exe
O4 - HKLM\..\Run: [Mna] C:\WINDOWS\Que.exe
O4 - HKLM\..\Run: [Nok] C:\WINDOWS\Vcp.exe
O4 - HKLM\..\Run: [Tpj] C:\WINDOWS\Pot.exe
O4 - HKLM\..\Run: [Ltl] C:\WINDOWS\System32\Rth.exe
O4 - HKLM\..\Run: [Teo] C:\WINDOWS\Oep.exe
O4 - HKLM\..\Run: [Frd] C:\WINDOWS\Sgh.exe
O4 - HKLM\..\Run: [Src] C:\WINDOWS\System32\Gdf.exe
O4 - HKLM\..\Run: [Qcu] C:\WINDOWS\System32\Rve.exe
O4 - HKLM\..\Run: [Dsj] C:\WINDOWS\System32\Cpm.exe
O4 - HKLM\..\Run: [Spg] C:\WINDOWS\Smc.exe
O4 - HKLM\..\Run: [Cfr] C:\WINDOWS\System32\Ulc.exe
O4 - HKLM\..\Run: [Mcd] C:\WINDOWS\System32\Vlv.exe
O4 - HKLM\..\Run: [Fth] C:\WINDOWS\Bqf.exe
O4 - HKLM\..\Run: [Dtr] C:\WINDOWS\System32\Ogj.exe
O4 - HKLM\..\Run: [Gtj] C:\WINDOWS\System32\Djf.exe
O4 - HKLM\..\Run: [Lpd] C:\WINDOWS\Cmq.exe
O4 - HKLM\..\Run: [Hpr] C:\WINDOWS\Gmb.exe
O4 - HKLM\..\Run: [Lkf] C:\WINDOWS\System32\Ucj.exe
O4 - HKLM\..\Run: [Eid] C:\WINDOWS\System32\Uhs.exe
O4 - HKLM\..\Run: [Tun] C:\WINDOWS\System32\Rqn.exe
O4 - HKLM\..\Run: [Dml] C:\WINDOWS\System32\Tqc.exe
O4 - HKLM\..\Run: [Lot] C:\WINDOWS\System32\Tjh.exe
O4 - HKLM\..\Run: [Qka] C:\WINDOWS\Neh.exe
O4 - HKLM\..\Run: [Ucf] C:\WINDOWS\Jev.exe
O4 - HKLM\..\Run: [Oeg] C:\WINDOWS\Upn.exe
O4 - HKLM\..\Run: [Pmd] C:\WINDOWS\System32\Opd.exe
O4 - HKLM\..\Run: [Mjh] C:\WINDOWS\Vks.exe
O4 - HKLM\..\Run: [Onv] C:\WINDOWS\Flb.exe
O4 - HKLM\..\Run: [Cpr] C:\WINDOWS\Csq.exe
O4 - HKLM\..\Run: [Btt] C:\WINDOWS\System32\Dnm.exe
O4 - HKLM\..\Run: [Smm] C:\WINDOWS\Rvi.exe
O4 - HKLM\..\Run: [Aup] C:\WINDOWS\System32\Cct.exe
O4 - HKLM\..\Run: [Mpg] C:\WINDOWS\System32\Opd.exe
O4 - HKLM\..\Run: [Nsu] C:\WINDOWS\Jap.exe
O4 - HKLM\..\Run: [Bvm] C:\WINDOWS\System32\Ana.exe
O4 - HKLM\..\Run: [Frn] C:\WINDOWS\Kjh.exe
O4 - HKLM\..\Run: [Erp] C:\WINDOWS\Jfc.exe
O4 - HKLM\..\Run: [Hrd] C:\WINDOWS\Uto.exe
O4 - HKLM\..\Run: [Gqj] C:\WINDOWS\System32\Tcd.exe
O4 - HKLM\..\Run: [Thc] C:\WINDOWS\System32\Otk.exe
O4 - HKLM\..\Run: [Khu] C:\WINDOWS\Fms.exe
O4 - HKLM\..\Run: [Suj] C:\WINDOWS\Khi.exe
O4 - HKLM\..\Run: [Spv] C:\WINDOWS\System32\Umf.exe
O4 - HKLM\..\Run: [Uuk] C:\WINDOWS\System32\Bgc.exe
O4 - HKLM\..\Run: [Kgc] C:\WINDOWS\System32\Jpm.exe
O4 - HKLM\..\Run: [Nrh] C:\WINDOWS\System32\Esu.exe
O4 - HKLM\..\Run: [Cmt] C:\WINDOWS\System32\Eug.exe
O4 - HKLM\..\Run: [Iep] C:\WINDOWS\Eae.exe
O4 - HKLM\..\Run: [Lut] C:\WINDOWS\Oqi.exe
O4 - HKLM\..\Run: [Bme] C:\WINDOWS\System32\Iml.exe
O4 - HKLM\..\Run: [Ocv] C:\WINDOWS\System32\Skr.exe
O4 - HKLM\..\Run: [Pgh] C:\WINDOWS\Bpb.exe
O4 - HKLM\..\Run: [Dqv] C:\WINDOWS\Frh.exe
O4 - HKLM\..\Run: [Vre] C:\WINDOWS\Rug.exe
O4 - HKLM\..\Run: [Egq] C:\WINDOWS\System32\Gtq.exe
O4 - HKLM\..\Run: [Fuh] C:\WINDOWS\System32\Veo.exe
O4 - HKLM\..\Run: [Rhq] C:\WINDOWS\System32\Cgv.exe
O4 - HKLM\..\Run: [Vvj] C:\WINDOWS\System32\Hlv.exe
O4 - HKLM\..\Run: [Djr] C:\WINDOWS\System32\Bea.exe
O4 - HKLM\..\Run: [Joo] C:\WINDOWS\System32\Une.exe
O4 - HKLM\..\Run: [Icc] C:\WINDOWS\System32\Rqm.exe
O4 - HKLM\..\Run: [Pvj] C:\WINDOWS\Ngj.exe
O4 - HKLM\..\Run: [Dpt] C:\WINDOWS\System32\Rgk.exe
O4 - HKLM\..\Run: [Fsc] C:\WINDOWS\System32\Bpg.exe
O4 - HKLM\..\Run: [Vrn] C:\WINDOWS\System32\Mki.exe
O4 - HKLM\..\Run: [Fju] C:\WINDOWS\Bci.exe
O4 - HKLM\..\Run: [Gnk] C:\WINDOWS\Uvo.exe
O4 - HKLM\..\Run: [Cnv] C:\WINDOWS\Rdd.exe
O4 - HKLM\..\Run: [Jsq] C:\WINDOWS\Unm.exe
O4 - HKLM\..\Run: [Ouf] C:\WINDOWS\System32\Djo.exe
O4 - HKLM\..\Run: [Kgi] C:\WINDOWS\System32\Cki.exe
O4 - HKLM\..\Run: [Nco] C:\WINDOWS\System32\Lbs.exe
O4 - HKLM\..\Run: [Qni] C:\WINDOWS\Sma.exe
O4 - HKLM\..\Run: [Ffc] C:\WINDOWS\Ftf.exe
O4 - HKLM\..\Run: [Bjr] C:\WINDOWS\Abr.exe
O4 - HKLM\..\Run: [Bbs] C:\WINDOWS\System32\Oiu.exe
O4 - HKLM\..\Run: [Iom] C:\WINDOWS\Kdv.exe
O4 - HKLM\..\Run: [Crb] C:\WINDOWS\System32\Blb.exe
O4 - HKLM\..\Run: [Aap] C:\WINDOWS\Ppl.exe
O4 - HKLM\..\Run: [Dqk] C:\WINDOWS\System32\Nuf.exe
O4 - HKLM\..\Run: [Nog] C:\WINDOWS\Tpi.exe
O4 - HKLM\..\Run: [Vca] C:\WINDOWS\Ibu.exe
O4 - HKLM\..\Run: [Pjv] C:\WINDOWS\System32\Plk.exe
O4 - HKLM\..\Run: [Jco] C:\WINDOWS\Vrf.exe
O4 - HKLM\..\Run: [Qbf] C:\WINDOWS\System32\Icg.exe
O4 - HKLM\..\Run: [Jrq] C:\WINDOWS\Csn.exe
O4 - HKLM\..\Run: [Bqe] C:\WINDOWS\Rio.exe
O4 - HKLM\..\Run: [Bop] C:\WINDOWS\System32\Gnr.exe
O4 - HKLM\..\Run: [Vmh] C:\WINDOWS\System32\Bnf.exe
O4 - HKLM\..\Run: [Oho] C:\WINDOWS\Irr.exe
O4 - HKLM\..\Run: [Osb] C:\WINDOWS\System32\Dqa.exe
O4 - HKLM\..\Run: [Uvq] C:\WINDOWS\System32\Doa.exe
O4 - HKLM\..\Run: [Jri] C:\WINDOWS\Jjd.exe
O4 - HKLM\..\Run: [Pvc] C:\WINDOWS\Bus.exe
O4 - HKLM\..\Run: [Psh] C:\WINDOWS\Pse.exe
O4 - HKLM\..\Run: [Egs] C:\WINDOWS\Ksp.exe
O4 - HKLM\..\Run: [Hul] C:\WINDOWS\System32\Dbp.exe
O4 - HKLM\..\Run: [Hpp] C:\WINDOWS\System32\Sko.exe
O4 - HKLM\..\Run: [Tdr] C:\WINDOWS\Qgh.exe
O4 - HKLM\..\Run: [Vct] C:\WINDOWS\Uhp.exe
O4 - HKLM\..\Run: [Pqb] C:\WINDOWS\Ivv.exe
O4 - HKLM\..\Run: [Ddp] C:\WINDOWS\System32\Qim.exe
O4 - HKLM\..\Run: [Clu] C:\WINDOWS\System32\Koq.exe
O4 - HKLM\..\Run: [Bfa] C:\WINDOWS\Mph.exe
O4 - HKLM\..\Run: [Edp] C:\WINDOWS\System32\Hjl.exe
O4 - HKLM\..\Run: [Cpm] C:\WINDOWS\Ktq.exe
O4 - HKLM\..\Run: [Mvu] C:\WINDOWS\Lph.exe
O4 - HKLM\..\Run: [Egi] C:\WINDOWS\Rnn.exe
O4 - HKLM\..\Run: [Vdb] C:\WINDOWS\System32\Brm.exe
O4 - HKLM\..\Run: [Ite] C:\WINDOWS\System32\Daj.exe
O4 - HKLM\..\Run: [Vvb] C:\WINDOWS\System32\Aee.exe
O4 - HKLM\..\Run: [Oej] C:\WINDOWS\System32\Hks.exe
O4 - HKLM\..\Run: [Uaf] C:\WINDOWS\Ost.exe
O4 - HKLM\..\Run: [Sjq] C:\WINDOWS\Glg.exe
O4 - HKLM\..\Run: [Dft] C:\WINDOWS\System32\Iuk.exe
O4 - HKLM\..\Run: [Cuq] C:\WINDOWS\System32\Hbr.exe
O4 - HKLM\..\Run: [Psm] C:\WINDOWS\System32\Ogi.exe
O4 - HKLM\..\Run: [Ies] C:\WINDOWS\System32\Ucp.exe
O4 - HKLM\..\Run: [Lrs] C:\WINDOWS\System32\Kql.exe
O4 - HKLM\..\Run: [Psa] C:\WINDOWS\System32\Mvp.exe
O4 - HKLM\..\Run: [Nmo] C:\WINDOWS\System32\Qkl.exe
O4 - HKLM\..\Run: [Pus] C:\WINDOWS\Eaq.exe
O4 - HKLM\..\Run: [Jpj] C:\WINDOWS\System32\Ksr.exe
O4 - HKLM\..\Run: [Mbb] C:\WINDOWS\Deg.exe
O4 - HKLM\..\Run: [Jub] C:\WINDOWS\System32\Vsj.exe
O4 - HKLM\..\Run: [Rrs] C:\WINDOWS\System32\Vkq.exe
O4 - HKLM\..\Run: [Ckq] C:\WINDOWS\Ptl.exe
O4 - HKLM\..\Run: [Qbe] C:\WINDOWS\System32\Gdp.exe
O4 - HKLM\..\Run: [Ooq] C:\WINDOWS\Rul.exe
O4 - HKLM\..\Run: [Ked] C:\WINDOWS\System32\Kjg.exe
O4 - HKLM\..\Run: [Sre] C:\WINDOWS\System32\Tce.exe
O4 - HKLM\..\Run: [Pcu] C:\WINDOWS\Ahm.exe
O4 - HKLM\..\Run: [Ged] C:\WINDOWS\System32\Rfj.exe
O4 - HKLM\..\Run: [Tbr] C:\WINDOWS\System32\Gur.exe
O4 - HKLM\..\Run: [Mgd] C:\WINDOWS\Ttb.exe
O4 - HKLM\..\Run: [Boh] C:\WINDOWS\System32\Jtp.exe
O4 - HKLM\..\Run: [Rks] C:\WINDOWS\Ppu.exe
O4 - HKLM\..\Run: [Aqp] C:\WINDOWS\System32\Rre.exe
O4 - HKLM\..\Run: [Srg] C:\WINDOWS\System32\Pud.exe
O4 - HKLM\..\Run: [Lio] C:\WINDOWS\System32\Gkf.exe
O4 - HKLM\..\Run: [Bsv] C:\WINDOWS\System32\Bii.exe
O4 - HKLM\..\Run: [Aeq] C:\WINDOWS\System32\Sal.exe
O4 - HKLM\..\Run: [Lac] C:\WINDOWS\System32\Qrr.exe
O4 - HKLM\..\Run: [Jmk] C:\WINDOWS\System32\Ncu.exe
O4 - HKLM\..\Run: [Mhp] C:\WINDOWS\System32\Tpb.exe
O4 - HKLM\..\Run: [Ptr] C:\WINDOWS\Inn.exe
O4 - HKLM\..\Run: [Aff] C:\WINDOWS\Cnl.exe
O4 - HKLM\..\Run: [Mrk] C:\WINDOWS\Meo.exe
O4 - HKLM\..\Run: [Nrj] C:\WINDOWS\Clq.exe
O4 - HKLM\..\Run: [Nvg] C:\WINDOWS\System32\Jdg.exe
O4 - HKLM\..\Run: [Sql] C:\WINDOWS\System32\Rul.exe
O4 - HKLM\..\Run: [Tad] C:\WINDOWS\Psl.exe
O4 - HKLM\..\Run: [Kjr] C:\WINDOWS\Vgn.exe
O4 - HKLM\..\Run: [Noa] C:\WINDOWS\System32\Vsv.exe
O4 - HKLM\..\Run: [Tqf] C:\WINDOWS\Etj.exe
O4 - HKLM\..\Run: [Uqt] C:\WINDOWS\System32\Ldq.exe
O4 - HKLM\..\Run: [Epb] C:\WINDOWS\Kmf.exe
O4 - HKLM\..\Run: [Evk] C:\WINDOWS\System32\Qrd.exe
O4 - HKLM\..\Run: [Bmk] C:\WINDOWS\Qlt.exe
O4 - HKLM\..\Run: [Gjn] C:\WINDOWS\Drb.exe
O4 - HKLM\..\Run: [Oqi] C:\WINDOWS\System32\Iug.exe
O4 - HKLM\..\Run: [Guf] C:\WINDOWS\Vga.exe
O4 - HKLM\..\Run: [Bbf] C:\WINDOWS\Lmv.exe
O4 - HKLM\..\Run: [Vjr] C:\WINDOWS\Gpr.exe
O4 - HKLM\..\Run: [Fko] C:\WINDOWS\System32\Tnc.exe
O4 - HKLM\..\Run: [Eog] C:\WINDOWS\System32\Jej.exe
O4 - HKLM\..\Run: [Iia] C:\WINDOWS\Agc.exe
O4 - HKLM\..\Run: [Cgt] C:\WINDOWS\System32\Mei.exe
O4 - HKLM\..\Run: [Jep] C:\WINDOWS\Fpn.exe
O4 - HKLM\..\Run: [Ndl] C:\WINDOWS\Gle.exe
O4 - HKLM\..\Run: [Ecf] C:\WINDOWS\System32\Vcq.exe
O4 - HKLM\..\Run: [Thh] C:\WINDOWS\Lif.exe
O4 - HKLM\..\Run: [Tch] C:\WINDOWS\System32\Uuo.exe
O4 - HKLM\..\Run: [Chg] C:\WINDOWS\Bjb.exe
O4 - HKLM\..\Run: [Emt] C:\WINDOWS\System32\Huc.exe
O4 - HKLM\..\Run: [Rkm] C:\WINDOWS\System32\Fsj.exe
O4 - HKLM\..\Run: [Sqg] C:\WINDOWS\System32\Ssj.exe
O4 - HKLM\..\Run: [Cvi] C:\WINDOWS\System32\Gan.exe
O4 - HKLM\..\Run: [Lbt] C:\WINDOWS\System32\Nlb.exe
O4 - HKLM\..\Run: [His] C:\WINDOWS\Kvd.exe
O4 - HKLM\..\Run: [Mio] C:\WINDOWS\System32\Tkq.exe
O4 - HKLM\..\Run: [Fhp] C:\WINDOWS\Nbm.exe
O4 - HKLM\..\Run: [Tcp] C:\WINDOWS\System32\Vna.exe
O4 - HKLM\..\Run: [Cjs] C:\WINDOWS\Qte.exe
O4 - HKLM\..\Run: [Brg] C:\WINDOWS\System32\Nmt.exe
O4 - HKLM\..\Run: [Hoj] C:\WINDOWS\System32\Nvt.exe
O4 - HKLM\..\Run: [Sjb] C:\WINDOWS\System32\Smq.exe
O4 - HKLM\..\Run: [Gok] C:\WINDOWS\Mcn.exe
O4 - HKLM\..\Run: [Uoo] C:\WINDOWS\System32\Hnd.exe
O4 - HKLM\..\Run: [Cqg] C:\WINDOWS\Fmu.exe
O4 - HKLM\..\Run: [Rop] C:\WINDOWS\Vif.exe
O4 - HKLM\..\Run: [Kvd] C:\WINDOWS\Tlt.exe
O4 - HKLM\..\Run: [Ccl] C:\WINDOWS\System32\Pbs.exe
O4 - HKLM\..\Run: [Kjo] C:\WINDOWS\Hte.exe
O4 - HKLM\..\Run: [Als] C:\WINDOWS\System32\Apg.exe
O4 - HKLM\..\Run: [Uhb] C:\WINDOWS\System32\Jpm.exe
O4 - HKLM\..\Run: [Eeu] C:\WINDOWS\System32\Hou.exe
O4 - HKLM\..\Run: [Hmj] C:\WINDOWS\Voe.exe
O4 - HKLM\..\Run: [Qnf] C:\WINDOWS\System32\Soq.exe
O4 - HKLM\..\Run: [Lmv] C:\WINDOWS\System32\Vkl.exe
O4 - HKLM\..\Run: [Mot] C:\WINDOWS\System32\Ges.exe
O4 - HKLM\..\Run: [Auf] C:\WINDOWS\Sjr.exe
O4 - HKLM\..\Run: [Nld] C:\WINDOWS\System32\Bfp.exe
O4 - HKLM\..\Run: [Fqv] C:\WINDOWS\System32\Epg.exe
O4 - HKLM\..\Run: [Kch] C:\WINDOWS\System32\Mfq.exe
O4 - HKLM\..\Run: [Tpp] C:\WINDOWS\System32\Iic.exe
O4 - HKLM\..\Run: [Thf] C:\WINDOWS\System32\Ukc.exe
O4 - HKLM\..\Run: [Ain] C:\WINDOWS\System32\Drp.exe
O4 - HKLM\..\Run: [Ebo] C:\WINDOWS\System32\Hmn.exe
O4 - HKLM\..\Run: [Ida] C:\WINDOWS\Ldl.exe
O4 - HKLM\..\Run: [Vdr] C:\WINDOWS\Qek.exe
O4 - HKLM\..\Run: [Rec] C:\WINDOWS\Muc.exe
O4 - HKLM\..\Run: [Pur] C:\WINDOWS\Lra.exe
O4 - HKLM\..\Run: [Tdb] C:\WINDOWS\System32\Ufk.exe
O4 - HKLM\..\Run: [Jin] C:\WINDOWS\Rst.exe
O4 - HKLM\..\Run: [Oui] C:\WINDOWS\Jdi.exe
O4 - HKLM\..\Run: [Khq] C:\WINDOWS\System32\Rit.exe
O4 - HKLM\..\Run: [Jko] C:\WINDOWS\System32\Cvs.exe
O4 - HKLM\..\Run: [Nib] C:\WINDOWS\System32\Org.exe
O4 - HKLM\..\Run: [Jet] C:\WINDOWS\System32\Jfd.exe
O4 - HKLM\..\Run: [Aua] C:\WINDOWS\Jnv.exe
O4 - HKLM\..\Run: [Kap] C:\WINDOWS\Nna.exe
O4 - HKLM\..\Run: [Ost] C:\WINDOWS\System32\Rtq.exe
O4 - HKLM\..\Run: [Del] C:\WINDOWS\System32\Rcm.exe
O4 - HKLM\..\Run: [Lur] C:\WINDOWS\Fmc.exe
O4 - HKLM\..\Run: [Pev] C:\WINDOWS\System32\Pls.exe
O4 - HKLM\..\Run: [Mod] C:\WINDOWS\Hjs.exe
O4 - HKLM\..\Run: [Utg] C:\WINDOWS\System32\Tbk.exe
O4 - HKLM\..\Run: [Kst] C:\WINDOWS\Rtc.exe
O4 - HKLM\..\Run: [Epk] C:\WINDOWS\System32\Bkg.exe
O4 - HKLM\..\Run: [Vqk] C:\WINDOWS\System32\Ssu.exe
O4 - HKLM\..\Run: [Ukl] C:\WINDOWS\Eae.exe
O4 - HKLM\..\Run: [Spa] C:\WINDOWS\Hdk.exe
O4 - HKLM\..\Run: [Neu] C:\WINDOWS\Kju.exe
O4 - HKLM\..\Run: [Uhi] C:\WINDOWS\Ocg.exe
O4 - HKLM\..\Run: [Fnk] C:\WINDOWS\Qha.exe
O4 - HKLM\..\Run: [Rof] C:\WINDOWS\Tkd.exe
O4 - HKLM\..\Run: [Qve] C:\WINDOWS\System32\Vbo.exe
O4 - HKLM\..\Run: [Vaq] C:\WINDOWS\Fof.exe
O4 - HKLM\..\Run: [Lii] C:\WINDOWS\System32\Mdi.exe
O4 - HKLM\..\Run: [Jlc] C:\WINDOWS\System32\Jqg.exe
O4 - HKLM\..\Run: [Adp] C:\WINDOWS\Rub.exe
O4 - HKLM\..\Run: [Cjg] C:\WINDOWS\Mbh.exe
O4 - HKLM\..\Run: [Hvh] C:\WINDOWS\Vem.exe
O4 - HKLM\..\Run: [Ava] C:\WINDOWS\Kqi.exe
O4 - HKLM\..\Run: [Hks] C:\WINDOWS\System32\Kik.exe
O4 - HKLM\..\Run: [Oii] C:\WINDOWS\System32\Mst.exe
O4 - HKLM\..\Run: [Bis] C:\WINDOWS\System32\Cgd.exe
O4 - HKLM\..\Run: [Spj] C:\WINDOWS\System32\Ioi.exe
O4 - HKLM\..\Run: [Vbv] C:\WINDOWS\System32\Nhc.exe
O4 - HKLM\..\Run: [Qln] C:\WINDOWS\System32\Vbh.exe
O4 - HKLM\..\Run: [Gti] C:\WINDOWS\System32\Gqm.exe
O4 - HKLM\..\Run: [Egk] C:\WINDOWS\Udt.exe
O4 - HKLM\..\Run: [Dtk] C:\WINDOWS\Jel.exe
O4 - HKLM\..\Run: [Crf] C:\WINDOWS\System32\Psq.exe
O4 - HKLM\..\Run: [Ppa] C:\WINDOWS\Vla.exe
O4 - HKLM\..\Run: [Mun] C:\WINDOWS\Kdk.exe
O4 - HKLM\..\Run: [Vkb] C:\WINDOWS\System32\Vku.exe
O4 - HKLM\..\Run: [Qmj] C:\WINDOWS\Irq.exe
O4 - HKLM\..\Run: [Pta] C:\WINDOWS\Qku.exe
O4 - HKLM\..\Run: [Gtt] C:\WINDOWS\Tsl.exe
O4 - HKLM\..\Run: [Vem] C:\WINDOWS\System32\Ial.exe
O4 - HKLM\..\Run: [Rcs] C:\WINDOWS\Oeu.exe
O4 - HKLM\..\Run: [Rao] C:\WINDOWS\System32\Rlp.exe
O4 - HKLM\..\Run: [Agj] C:\WINDOWS\Eva.exe
O4 - HKLM\..\Run: [Mco] C:\WINDOWS\Lav.exe
O4 - HKLM\..\Run: [Nmj] C:\WINDOWS\System32\Gua.exe
O4 - HKLM\..\Run: [Mpj] C:\WINDOWS\Rgv.exe
O4 - HKLM\..\Run: [Jfh] C:\WINDOWS\Lqu.exe
O4 - HKLM\..\Run: [Iic] C:\WINDOWS\Gjo.exe
O4 - HKLM\..\Run: [Elp] C:\WINDOWS\System32\Lci.exe
O4 - HKLM\..\Run: [Qbt] C:\WINDOWS\System32\Top.exe
O4 - HKLM\..\Run: [Lft] C:\WINDOWS\Ivr.exe
O4 - HKLM\..\Run: [Ich] C:\WINDOWS\System32\Vkn.exe
O4 - HKLM\..\Run: [Bif] C:\WINDOWS\Hpu.exe
O4 - HKLM\..\Run: [Ecl] C:\WINDOWS\System32\Ntr.exe
O4 - HKLM\..\Run: [Tkq] C:\WINDOWS\Acf.exe
O4 - HKLM\..\Run: [Pib] C:\WINDOWS\Imp.exe
O4 - HKLM\..\Run: [Bmj] C:\WINDOWS\System32\Nlo.exe
O4 - HKLM\..\Run: [Skp] C:\WINDOWS\System32\Hpc.exe
O4 - HKLM\..\Run: [Bdp] C:\WINDOWS\System32\Vtp.exe
O4 - HKLM\..\Run: [Pga] C:\WINDOWS\Tmj.exe
O4 - HKLM\..\Run: [Cnf] C:\WINDOWS\System32\Eei.exe
O4 - HKLM\..\Run: [Tlo] C:\WINDOWS\System32\Hsd.exe
O4 - HKLM\..\Run: [Gaa] C:\WINDOWS\Lta.exe
O4 - HKLM\..\Run: [Lks] C:\WINDOWS\System32\Cfj.exe
O4 - HKLM\..\Run: [Mvn] C:\WINDOWS\System32\Abl.exe
O4 - HKLM\..\Run: [Ckp] C:\WINDOWS\Lov.exe
O4 - HKLM\..\Run: [Qtt] C:\WINDOWS\System32\Iae.exe
O4 - HKLM\..\Run: [Dum] C:\WINDOWS\Ohv.exe
O4 - HKLM\..\Run: [Iat] C:\WINDOWS\Qbc.exe
O4 - HKLM\..\Run: [Lve] C:\WINDOWS\Sfb.exe
O4 - HKLM\..\Run: [Rfq] C:\WINDOWS\System32\Ppm.exe
O4 - HKLM\..\Run: [Fqg] C:\WINDOWS\System32\Stt.exe
O4 - HKLM\..\Run: [Ssm] C:\WINDOWS\Tkf.exe
O4 - HKLM\..\Run: [Cvv] C:\WINDOWS\Spg.exe
O4 - HKLM\..\Run: [Sjf] C:\WINDOWS\Pfl.exe
O4 - HKLM\..\Run: [Biv] C:\WINDOWS\System32\Lva.exe
O4 - HKLM\..\Run: [Aed] C:\WINDOWS\Tc

Edited by GeekNeeder, 13 July 2005 - 09:28 AM.

  • 0

Advertisement


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
You have a CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run CleanUp!Reboot your computer into normal windows.

Please run an on-line virus scan at TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)
  • 0

#3
GeekNeeder

GeekNeeder

    Member

  • Member
  • PipPip
  • 24 posts
Hello and thnx for helping me!

I did as you said, however some things were not possible. I could not update about:buster and CWShredder (yes, the firewall supposedly did not interefere with this as I checked the box to let them access the internet).

I booted into safemode and run about:buster. I run it twice, as you said, but I do not think that explorer.exe was terminated as nothing happened. After the reboot, about: buster could only scan once. If I let it scan twice, the PC would crash (it happened 3 times :tazz: ). I have the log. I decided to proceed to CWShredder. Nothing happened, and it told me that I do not have CoolWebSearch. I run CWShredder previously when entering the malware forum and it did fix some things, so maybe that is why it didn't do anything now. CleanUp cleaned 324 filed (13.2MB). As I said before, I run cleanup as well when entering the malware forum. That time it cleaned ~3000 files and ~300MB.

I could not run the online scans as they require Internet Explorer. I have long ago disabled IE to work (through Sygate Firewall) because I was getting ads that there was something wrong with my PC. Those ads in IE were entitled with three letters, the first one always capital. I spotted them and deleted as many as I could, but then saw them again in my HJT log!

I'm not willing to use IE. Please tell me if you need the about:buster log.

Thank you once again!
  • 0

#4
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,

Can you post the About:Buster log and a fresh HJT log here.

Instead of copying and pasting them, attach them as text files when replying.
  • 0

#5
GeekNeeder

GeekNeeder

    Member

  • Member
  • PipPip
  • 24 posts
The HJT log and about:buster log are attached...

Is there somethingS I need to delete from the HJT program? I clicked on info about a file and it says that there is something wrong with it. Especially the 3 letter files that begin with a capital letter. I also found those in startup (from msconfig) and disabled them.

Attached Files


Edited by GeekNeeder, 13 July 2005 - 03:03 PM.

  • 0

#6
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi,

Lets do it this way -


Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall sosme programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp
DelDomains.inf
Hoster.zip
Unzip the files from Hoster.zip and save hte extracted files in the same folder.

Ewido Security Suite

Install Ewido, and update the definitions to the newest files. Do NOT run a scan yet.


2. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://a-search.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\remove_me.dll (file missing)
O9 - Extra button: Corel Network monitor worker - {5EC7B538-87A7-4526-90FE-89E2F1534A9F} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {5EC7B538-87A7-4526-90FE-89E2F1534A9F} - C:\WINDOWS\System32\intlmain.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\remove_me.dll (file missing) (HKCU)


Check the boxes next to above items. Also Check boxes next to all the O4 items other than the following items -

O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Jorge\My Documents\Winamp\winampa.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SiSSoundMan] C:\WINDOWS\System32\SoundMan.exe
O4 - HKLM\..\Run: [SiSSetCDfmt] C:\WINDOWS\System32\SetCDfmt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] C:\DOCUME~1\Angelos\MYDOCU~1\YAHOOM~1\ypager.exe -quiet
O4 - HKCU\..\Run: [sr64] C:\Documents and Settings\Angelos\Application Data\Microsoft\sr64\leiqdqho.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

Close all windows other than Hijack This and click on Fix checked.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

3. Remove Infections

Run CleanUp and delete all temp files including temporary internet files

Run Ewido full scan. Let it fix any items it finds.

4. Delete Rogue files



Download the following attached file and save it on your desktop. Open the file in Notepad. Click on File ---> Save as. Make sure the Save as Type is set to All Files aand then save the file as delfile.bat.

Run delfile.bat.

Open Add or Remove Programs (click on Start ---> Settings ---> Control panel. This should be the 3rd item). Uninstall or remove the following items -

My Way Search
My Search


Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following folders -

C:\Program Files\Search-Assistant
C:\Program Files\MySearch


Run Hoster.exe. Click on "Restore Original Hosts"

Right click on Deldomains.inf and click on Install.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder. Dont delete the folder, only the files in it !!!!!!!!


Reboot the PC in Normal Mode.


Run Hijack This and post a fresh HJT log along with Ewido scan report.

Edited by tampabelle, 13 July 2005 - 07:05 PM.

  • 0

#7
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Topic reopened at the request of the User.



Please post a fresh HJT log. Do not continue with the last fix posted here.
  • 0

#9
GeekNeeder

GeekNeeder

    Member

  • Member
  • PipPip
  • 24 posts
Hello and thank you for reopening the thread.

The new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:58:33 pµ, on 22/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Angelos\My Documents\Winamp\winampa.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Creative\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\PROGRA~1\Creative\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Angelos\My Documents\Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SiSSoundMan] C:\WINDOWS\System32\SoundMan.exe
O4 - HKLM\..\Run: [SiSSetCDfmt] C:\WINDOWS\System32\SetCDfmt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Angelos\My Documents\Winamp\winampa.exe
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sr64] C:\Documents and Settings\Angelos\Application Data\Microsoft\sr64\leiqdqho.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AutoUpdate] C:\Documents and Settings\Angelos\My Documents\Serials3k\s3k_autoupdate.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Real-time Monitor.lnk = ?
O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Creative\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Translate - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextTranslation.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Creative\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Creative\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

This time it wasn't as long as others, so I posted it directly instead of as an attachment.
  • 0

#10
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Download DelDomains.inf.

Right Click on it and then click on Install.


Run Hijack This and click on scan. The following items need to be fixed -

O4 - HKCU\..\Run: [sr64] C:\Documents and Settings\Angelos\Application Data\Microsoft\sr64\leiqdqho.exe
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)


Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.


Delete the folder - C:\Documents and Settings\Angelos\Application Data\Microsoft\sr64\

Reboot the PC and post a fresh HJT log.

Also let me know how your PC is behaving !!!!!!
  • 0
<

Advertisement


#11
GeekNeeder

GeekNeeder

    Member

  • Member
  • PipPip
  • 24 posts
Hello,

Here is the fresh HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:51:39 pµ, on 23/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Angelos\My Documents\Winamp\winampa.exe
C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\Bluetooth Software\BTTray.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\PROGRA~1\Creative\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Documents and Settings\Angelos\My Documents\Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SiSSoundMan] C:\WINDOWS\System32\SoundMan.exe
O4 - HKLM\..\Run: [SiSSetCDfmt] C:\WINDOWS\System32\SetCDfmt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Angelos\My Documents\Winamp\winampa.exe
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AutoUpdate] C:\Documents and Settings\Angelos\My Documents\Serials3k\s3k_autoupdate.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Real-time Monitor.lnk = ?
O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Creative\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Translate - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextTranslation.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Creative\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Creative\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

Now, concerning about my PC's behavior, it seems (or I want it to seem that way) that the PC is running somewhat faster. When I logged in my windows account, everything started up much faster than other times. Other times I would log in and do something else for, maybe, 10 minutes so that my PC is ready to work. However, it still uses a lot of CPU when scrolling fast. Is this usually OK? I will have to get back to you to see if it crashes, after I run Adobe Photoshop and try some things that make the computer crash! :tazz: Thanks for your help!
  • 0

#12
GeekNeeder

GeekNeeder

    Member

  • Member
  • PipPip
  • 24 posts
Nope...
Adobe Photoshop did it's job -- it crashed my computer. Using the lasso to select large things crashed it. Similar actions, like holding the mouse button for a long time while dragging something, usually in Flash, would also crash the PC.
oh... and now that I remember: when I right-clicked and clicked Install for DelDomains.inf, nothing much happen other than a somewhat refresh of the screen and the hourglass of the mouse (loading).
  • 0

#13
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Do you have something disabled in your msconfig ????

Is there somethingS I need to delete from the HJT program? I clicked on info about a file and it says that there is something wrong with it. Especially the 3 letter files that begin with a capital letter. I also found those in startup (from msconfig) and disabled them.



Please re-enable all the items you disabled and post a fresh HJT log

Edited by tampabelle, 22 August 2005 - 06:13 PM.

  • 0

#14
GeekNeeder

GeekNeeder

    Member

  • Member
  • PipPip
  • 24 posts
That was a long time ago... When I found them I disabled them because I knew they were harmful. Why was that wrong, though? They are not even there now. I'm really sorry for making this harder :tazz: Is there something I can do about this? ...I feel dumb...
  • 0

#15
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
The idea is that if you have disabled something in msconfig, then I wont be able to see it and it could be interfering with the other programs.

Do you have windowns media player installed and running out of your "My Documents" folder ???



Please RIGHT-CLICK HERE to download Silent Runner's.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Edited by tampabelle, 23 August 2005 - 08:15 AM.

  • 0

Advertisement




Similar Topics: PC Crashing [CLOSED]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured