Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud.c and others [CLOSED]


  • This topic is locked This topic is locked

#1
iowahaven

iowahaven

    New Member

  • Member
  • Pip
  • 7 posts
My friend's system is LOADED. Will not start in regular or Safe Mode; only Safe Mode with command prompt. I can see 100's (1000's?) of random name files in c:\windows directory and in HKU/S-1-5-21-{148... registry. I've tried removing them from the registry but the registry doesn't retain the changes up on rebooting. I tried removing them manually with del filename at command prompt but they return upon reboot. I put HijackThis on a floppy and ran it at the command mode. It has lots (100s) of O4 - HKLM entries [randomltrs] - c:\windows\randomltrfilename.exe. I know there is smitfraud.c on it and I can see a few more hijackthis log entries that should be removed. I think if I could get rid of whatever is generating these *.exe files I could use spybot/adaware/other packages to save the system but can't get it to boot up nor can't seem to get the requisite changes into the registry. Should I just reformat? I'd really like to get her pictures off if I could get in far enough to do so. Any ideas what this is? thanks in advance

Here's the log
Logfile of HijackThis v1.99.1
Scan saved at 3:42:59 PM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\taskmgr.exe
C:\nancy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.usequickb...3_desktop_icon/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O2 - BHO: inExplorer Search - {4E7BD74F-2B8D-469E-8AA5-A930F887B531} - C:\PROGRA~1\INEXPL~1\INEXPL~1.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: Xbrowse Class - {83DC91DB-7896-43E3-B34D-A7D043F16BB1} - C:\Documents and Settings\All Users.WINDOWS\Application Data\RDSA\rdsa.dll (file missing)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\nsc257.dll (file missing)
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll (file missing)
O3 - Toolbar: inExplorer Search - {4E7BD74F-2B8D-469E-8AA5-A930F887B531} - C:\PROGRA~1\INEXPL~1\INEXPL~1.DLL (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\system32\X1002142005.exe
O4 - HKLM\..\Run: [VisualElementFXad] C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
O4 - HKLM\..\Run: [Visual Element FX5] C:\Documents and Settings\All Users.WINDOWS\Application Data\RDSA\xde54890.exe
O4 - HKLM\..\Run: [ Component] C:\WINDOWS\system32\p2pgnfig.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [Sysnet] C:\Documents and Settings\KAREN LUDOVISSY.HOME-GBS2P2Z7W1\Desktop\snuninst.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [MCM3] C:\WINDOWS\mcm\mcm3.exe
O4 - HKLM\..\Run: [Microsoft Windows Application] system32.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{9E6E6D55-ED02-457F-912E-63F08A787EF3}\SVCHOST.EXE
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\jbaarj.exe reg_run
O4 - HKLM\..\Run: [BPCV2] c:\Program Files\bpc_search\bpcv2.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\system32\Services\{9E6E6D55-ED02-457F-912E-63F08A787EF3}\SECURITY.EXE
O4 - HKLM\..\Run: [lwtbetm] c:\windows\system32\ohwhohu.exe
O4 - HKLM\..\RunOnce: [BPCv2_re] c:\Program Files\Common Files\Java\bpc2_re_inst.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ejwcogq] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [yaianxr] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [myxdjwi] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [dbnbwha] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [xarnhuu] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [nsmiiar] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [hwurerh] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [rqyaqgv] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [fxktirv] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [wqcumgu] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [lalcnjo] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [fhrmhoa] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [cfyjiqx] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [esewrbi] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [dslnuje] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [wurvhpc] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [ujeakxu] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [wujymai] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [fdwxsmb] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [gurjigd] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [ubdagcl] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [thlqiwy] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [frxkmpm] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [cfqqmxd] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [smohtmj] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [wynvibc] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [hyehoir] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [kgisybg] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [gooqiff] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [npqyhkk] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [gkdjvuy] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [lwmhesl] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [dbrxloa] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [bnhgrte] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [ftodjgl] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [nomuoox] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [bsogxvr] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [wnptmxn] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [wccuhri] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [wbstqhi] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [ptidqao] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [nkaqexx] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [gdmtasj] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [uysdalm] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [tlbykwy] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [jqdgbnh] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [xfxeyfa] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [rqmutcs] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [yalteti] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [fsybvkm] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [utwkcgu] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [vjdhtxs] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [sgaqpav] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [ngttycg] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [uaqlbcu] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [awobcre] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [hcmfdqb] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [cdoxsup] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [ogacire] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [gciywfw] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [dmbecdo] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [apbstqd] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [hqobdsj] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [sjmfrbv] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [pxnbhql] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [hppgmef] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [jpgyeag] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [lcbehuk] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [quiiwvg] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [ngogaqh] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [gghiftk] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [xcalion] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [nabfybj] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [sjkdopx] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [xrlivii] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [txptdly] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [kegqhvb] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [vtwwjia] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [rsgwcik] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [mnlwhwk] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [dexgvit] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [pujbgdc] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [uaeoehj] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [dnvogfq] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [xrogsug] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [bruoiui] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [jtsmdag] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [xstlgyv] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [ylijrxs] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [iebvshy] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [qxvfqav] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [clgeujt] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [gvivvke] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [jqbpive] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [duvwoxo] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [kekakws] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [berinhj] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [mvavhpp] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [amsyqcw] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [asvekmc] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [uixvpkf] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [gentwag] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [uclefsk] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [xxmijed] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [sxwrovv] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [wevrcgw] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [hnxpard] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [ywfydko] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [ncdiylw] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [hxdcjqc] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [boilqqm] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [dnrbfnm] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [aobmgdn] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [mnklgen] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [bqiclou] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [qypyofq] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [vkaxhjt] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [knxdcvc] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [nydycgd] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [ibdqkxp] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [egqnfpr] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [nhkmudc] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [pgsoius] c:\windows\xxwkirg.exe
O4 - HKCU\..\Run: [trvobfu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [maefpve] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uhsorwa] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vfdkkcb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [caagmus] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kbrmwyt] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yexvsot] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [eeghxax] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hfcooyu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [umgmfdb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [arabcun] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [cfnvceu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [owfqsru] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ktrohds] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lkmmnfe] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [gmxathq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xqdjrmb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [cfhruhl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ouqiudd] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vlrusnq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [faqjnda] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [wsjqgef] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kyyoepn] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [sktsldj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vvuljhp] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ymnbakq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rkpmrvs] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [gifthdm] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [aipmoeu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [isivbep] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [pmsnxdu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [emnqgax] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jkgwljw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [cfnfcxr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [djasady] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tficalq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [epupiia] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [adntmgk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lqbunaw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [olovrcs] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bphjogo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [wqbybkv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jwvhkwh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jmdycxa] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [adnxhnr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [creedxy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xnhwyog] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ftdciho] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kkfekto] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tofrlng] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [miinueu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hllkyly] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [waohqdd] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qqsfdsv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rgsmtxg] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vbecwgw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hmsbkid] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [achvmje] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [geltsvo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fhwhgul] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mbearax] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qpvjfnk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bhvfthy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [orjjigq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ngfmasr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [sxajbbu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [aejoxtf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [egtepjv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lsgbllx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [wsolvhf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yfxwfrf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xdgfphf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [gukkmhx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [aedmpxl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tigmnuh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qlgqwgd] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rfawxef] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [eoeqdit] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bukiseq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [utcuxdo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [owtjyqx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [siuthoh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ftfdfra] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [nafadhs] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [flkrakf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [cfcksan] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mcrmiur] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mxvdpde] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uaboocv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tkmbxvr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qwlfxej] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yyikkyp] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [dyscjun] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fcfmayd] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [dhejllk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qvkycla] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mkrqfdi] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uxtpwqv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xedoyxe] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qjyuyng] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [scwismd] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [wdmayba] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [nujcxds] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jvfbxwn] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [eymxrxc] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mtqxhee] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tllbepy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [odibiwr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lwghpyc] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mthmghv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ugrtwpj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [dbrswat] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [phxhvaf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [iiiwtvx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [gqqqptc] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [dfksxrk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vytilhy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [dueqdyd] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tkoqyss] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tpukvah] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rqwefjy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [pifrtgl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [iaxivxo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [elwimgm] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rtulnxj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ynbplln] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vkocegb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mpneuub] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ldtpikb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [sdbueed] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lunhuqh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vqgdwqk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [sligbti] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xsxuvlp] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [cjeltxi] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [aekywcr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bjofobf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ukweqpi] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [trtpvju] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [sqthbnh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yutvefa] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [woganua] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [gtwgpkg] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hfvpldf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uuseiqq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [wjxwluk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ckwqoln] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [udlrckq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [pheauca] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [prqhgok] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [pfhavij] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tryqvbg] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [epffrar] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xqrnmcu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uyfregp] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ktbehlq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vfxxxqb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [sgbdnyl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fovjygw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hospsnw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rnnrsja] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uhawidw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yoyeccx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ifdhbkv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [emcpgqe] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uupfmmt] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rwfawsx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yqsrsbs] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [eeromlm] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fwxddse] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [inopffe] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [scamvwk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ardllgq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [gisqwud] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hjwuafh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lunatsx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [krfhtkk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ujtttwb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fnhptvt] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [cvsbkey] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [eeelbdc] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jhfudtf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ylonafl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rtgmvme] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lcdxjwc] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bfdoqua] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ohotmex] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [icfcneq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [laqhnih] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kqxlflr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [futfyav] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bgvwbun] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lxaevwj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [khuswyn] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bwrujgp] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ueykeoe] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [twsdflj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kseqvdj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hhfukbn] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ixetrat] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rpxfuad] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [daarhxc] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xlcqvfn] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fnlwlrr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ihwthlq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ljktjhy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yyllfpj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qlppfaa] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qdlwpeq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kcbhfof] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [dkebubf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [pmtaoqw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ihimytv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [iwmnsoh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tbfhqwa] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ojnncnb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uhroqtl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jvqqqwk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [dkicktx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [nkufyfb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [euohdit] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vyiamwb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vbeqjeu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ygxrcwb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ymhgaui] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xyqfjdg] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [efashgr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ungrcuw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jkuqtmo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [quinyid] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [voyukna] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [gooybet] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xwilwmg] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xphuosi] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bwqellh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tbonpqp] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qgppqcs] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [icauyei] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hojfhdl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bscbwem] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [sjmhfrp] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ekymhid] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hotohdh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [adwqjpb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tjfwkix] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hvewbwl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [daciubw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [neumujy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mlxlvox] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [gklscth] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xttfoeb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [pwhrhgk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [skgrqyd] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [wpyekfj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bgvsfgs] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [efurbxm] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mkjgowb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rdrhfdl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tbfllfp] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [aljglvo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [pswvvem] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jlsgtax] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lrjcbsh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uexuytv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [cgxnctc] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yoxhmoe] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fhpsoav] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bttqblt] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rjvtioo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [utdeqka] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ecmckkl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ugwyelk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yoksvuk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [idremqd] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [glkoufl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [wvpdnrw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hdjkhec] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [flyhdrn] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xhypqfb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [sryyhgy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [stxujcq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [assqjxy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [nvgpnkr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fpbshah] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xlehypc] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mwmhwjk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [wjolpvo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [sqlmdfw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fxilxbs] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [dqduwij] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kvqlneu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ayufblt] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [inmohtu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kwceien] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ypepkgh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [egebtab] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lvvttst] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [prdcnwa] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vdevvas] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qsljous] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fhdaeev] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rsmflyv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rnoeqbh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yowbeav] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [nxfmalg] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [idjgiwo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lnlrbic] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [wriqtqb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ofiumpy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vcodwxi] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fupeixk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hoaprkd] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [slsypdv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [cpqhbut] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jcbvaqj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ypokref] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mrxvwnh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kepvyjy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ijfvspf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tftsqwi] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lggdlcn] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [oidryhi] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [obphbgt] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kextpfa] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [epfpxqe] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rncsots] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mhempqa] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lmfhpcl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fxbkjcn] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fucdefb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [nvscwlh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ebduula] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ysbbdgf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [wisjhvp] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uvlkeox] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rgawgdu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ssyvyji] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [nffqhqq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jfdkopq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [pumhufc] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kkrvuag] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ecptjpr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ypwbvwx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hitciym] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uskevor] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vxkqowx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yxllnwk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lafwgls] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [dtcdhcl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [osyfpdw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jfnxqbo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [klsdufw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [koenlwq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [javuxkq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rcjmsmv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vffbwxx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xppqrdh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [asjhnsj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [aqequnh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rlyevfb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qrqreun] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [euyfxwr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qyoxiny] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [huddpce] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [skctaei] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [gxpagad] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mywvboh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bxgfoyl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [sdtddlu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hfkgvht] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [oaufadp] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qgmgmbm] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [nkajfrp] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [asuqnqi] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [eophlpm] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vogakfc] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [dtyrngj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [pnfnkpu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uwtwthi] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [iwmirpk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qmfxcrg] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vxhtuqy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ywitmup] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uyggwjo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [iddxjfh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [wnncfeq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ingocam] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xcbfpia] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jhfojou] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hsqiecg] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lraebld] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [crjippx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yiryoqx] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vlxjhmd] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [uxywtgf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ncynqku] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ecwvrfy] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qvtogjf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [txsnkrh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fenpkss] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vjqmvmw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [yydxmhf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [mksryxi] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rctqlww] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rxuclys] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [fludkbc] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [vrnverc] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [cxicfha] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [avmtayb] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [tfdvdkr] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jkitiwn] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [eisxthv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [smvadoj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [cdewpva] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [eikiklh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bifubol] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [lcepnxo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [oshlibo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xsobuwe] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [gxwknbu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ehobxgk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [jxodmsd] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ujmcnbl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [stjmfme] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kcgmxmw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [opejskt] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [kdgnutk] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [pybbrek] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [bjydats] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xkwkhxq] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [potmjmv] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [horsaqs] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [hqrinir] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xinqsdf] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qtghceh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [gluqmkt] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ppptmeh] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [qmiqxsu] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [ywlvero] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [exyxxmi] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [pdbsppw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [rulnfuw] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [eyknutj] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [pklsggo] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [dnndgcl] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [eqkbxst] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [xmpqmnm] c:\windows\gjytjxy.exe
O4 - HKCU\..\Run: [gsuixwe] c:\windows\pwwrjpd.exe
O4 - HKCU\..\Run: [udxwgyy] c:\windows\pwwrjpd.exe
O4 - HKCU\..\Run: [xtragnm] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [xgttdcu] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [uxdhxkb] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [jajgfep] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [xcemdyy] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [jldkoav] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ybsctph] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [wgxgyfu] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [qktjhrl] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [jbocnqt] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [heattnm] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [gfyxpwl] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [taehxww] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [dcjtctf] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [gjqmiwt] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [goukjgn] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [iihrpse] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [axorvum] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [tovlsqa] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [kvlrxsc] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [uoxghar] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [rbopujc] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [bjuwbwf] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [avuskum] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [wieseyq] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [yomxjxe] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [oogmalv] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ungyfsw] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [pjrkpvp] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [sepxgsu] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [bctlflo] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [gqcecfs] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ahkfert] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [uovamdq] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [fjkrrek] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [fiwrbbd] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [jfrunwp] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [eicqgpe] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [yhuyesh] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [aycweyj] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [xjayjcc] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [nmtyvef] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ftyhsnk] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [jshbtcg] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [xyfphqj] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [liimqik] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [tmnuaiw] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [hhqpcvn] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [mvyatly] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [jwjrdnq] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [jkffxpw] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [xpmmjlo] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [rxlbhok] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [iwlyoak] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ntgwulh] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [unretuk] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [hgjiwwn] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [cfiwfki] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [onuycab] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [jmyxjym] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [uksklya] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [yskkcmm] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [kcormnp] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [hdnwxab] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ljeanmr] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [uxgbcsb] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [tbaousk] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [cdjmapl] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ybjcdfe] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [wnvbqem] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [tyvjwqh] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ivsivus] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [tcnfwic] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ajjoxaf] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [esoqphu] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [kwprfpw] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [pornxoq] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [dwfwpiu] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [cqtosgx] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [lycklso] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [tokfrkc] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [pxspyqr] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [bwskwof] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [lnvikif] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [taaiygb] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [xjqtquh] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [yfqmpgm] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [yhpiipt] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [meahwry] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [vvgerou] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [wqhqaaa] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [hgopumw] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [anqarmr] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [cldjmgj] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [eggbaae] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [easssjo] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [qkixwcq] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [lklcqno] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [gtnsckt] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [xsmyeuk] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [toajylp] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [rqkfayx] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [pfwoihl] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [grallee] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [rboommu] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ltrbnxj] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ushohdh] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ebpgxig] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [wrlcadr] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [gkxogyl] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [idjbwlb] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [emhsakw] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [oawtxra] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [iddnevc] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [nswsmus] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [uweodiw] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [yskcmrn] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [rbarixu] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [nvcbuey] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [xytdoqw] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ynifsmk] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [wnqwpdg] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [irehqtl] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [kerknfw] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [hrfgkbn] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [gwqmqin] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [nvusdql] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [icunxrn] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [fwenwoc] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [kcvgxht] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [jemxlod] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [okxolos] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [rtjqeev] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [qhptogn] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [shytwmb] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [bjcdlnb] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [eqnptqu] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ntgokne] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ymtwpjp] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [poyewhb] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [qjhhpaj] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ykmgsmj] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [vdlmvtm] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [tqnlfhu] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [lqqhcjc] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [fnxrlvl] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [nphaprc] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [wadqljj] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [idljxku] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [qmoivpa] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [nxptscx] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [yjikylc] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [husnbhg] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [vjxgqtd] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [picrwob] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [poatmdg] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ovheren] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [nqxjuvy] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [rajbgip] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ahyeang] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ngyidyk] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [ibxrqrf] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [xymxtme] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [vojrvwh] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [sohxwbv] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [wyllpdi] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [kkfivbe] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [fregjiq] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [rlrvhwk] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [tlkhhqg] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [irmiljk] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [nskucke] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [xmadvtq] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [jnsnjcq] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [tuagxbk] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [riwnpwq] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [wxcgvnt] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [uiqfoii] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [thmybna] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [phlwlml] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [vcxfkbt] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [xieklbx] c:\windows\bflbalq.exe
O4 - HKCU\..\Run: [eqgyvsn] c:\windows

Edited by iowahaven, 24 July 2005 - 02:58 PM.

  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

You may format if you wish, but we can fix this problem up. It's not really a lot of files as it looks like there. But there are a lot of fixing in HijackThis.

If you can, attach your log instead because it's too long and it was probably cut off. Or upload it online somewhere so that I can see the whole log.
  • 0

#3
iowahaven

iowahaven

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for the reply...actually the unending list of files is just a drop in the bucket to what is in the log....I didn't realize it truncated it. It says it is too large (713KB) to attach the whole thing. There are many more than a 1000 entries of those c:/windows/randomltrsfilename.exe files. When I find the last complete entry in the log the slider is still very small and located about 10% down in the file. I did pick up the end of the hijackthis log...it is:

O4 - HKCU\..\Run: [ailjkbf] c:\windows\dkskgri.exe
O4 - HKCU\..\Run: [xrwfajb] c:\windows\dkskgri.exe
O4 - HKCU\..\Run: [vjvxjdl] c:\windows\dkskgri.exe
O4 - HKCU\..\Run: [kfxyjkw] c:\windows\dkskgri.exe
O4 - HKCU\..\Run: [snnhivq] c:\windows\dkskgri.exe
O4 - HKCU\..\Run: [gsldmwr] c:\windows\dkskgri.exe
O4 - HKCU\..\Run: [tmsevev] c:\windows\dkskgri.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office 2000\Office\OSA9.EXE
O4 - Global Startup: Music Communication Module.lnk = ?
O4 - Global Startup: nipd.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {3E521EE4-7051-4F85-A9C6-4C1B227AF004} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3E521EE4-7051-4F85-A9C6-4C1B227AF004} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyho...mdh/install.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bullseye-...er_VENDARE4.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O21 - SSODL: Media Component - {5458F200-E889-49F3-9B37-E2CDC6B56802} - C:\WINDOWS\system32\modedcz2.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

So...obviously I will not be able to individually select the files to delete. Is there a way to make a batch file to delete them or ??? I await your very welcome advise and assistance
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, that looks like it's almost all of them. :tazz:

There really is no easy way to do this in HijackThis. I can make it easier on you though. ;) For all those random entries to check, just hit the space bar and down arrow. Keep doing this until all those entries in that range are checked. Deleting the files should be easier since it's basically one file taking up a bunch of entries. There's only like 6 files there in all those random O4 entries.

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit ewido. DO NOT scan yet.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Download CCleaner and install it, but do not run it yet.

Please download this file: Revised Installer for the Nailfix Utility
Save it to your desktop.
DO NOT run it yet.

Download LSPFix http://www.greyknigh.../spy/LSPFix.exe and run it. Click on flsmngr.dll on the left window and click on the arrow pointing to the right. Click Finish and follow the prompts.

To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, please double-click on nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now as the action.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

Now run HijackThis, click Scan, and place a checkmark next to each of the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsear...sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O2 - BHO: inExplorer Search - {4E7BD74F-2B8D-469E-8AA5-A930F887B531} - C:\PROGRA~1\INEXPL~1\INEXPL~1.DLL (file missing)
O2 - BHO: FlashEnhancer Ext - {5EDB03AF-0341-4e96-9E9B-3171522E4BAF} - c:\Program Files\Fla\fla.dll (file missing)
O2 - BHO: Xbrowse Class - {83DC91DB-7896-43E3-B34D-A7D043F16BB1} - C:\Documents and Settings\All Users.WINDOWS\Application Data\RDSA\rdsa.dll (file missing)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\nsc257.dll (file missing)
O2 - BHO: FlashEnhancer Extnder - {A749B4BC-7621-4a80-9220-D0A283367DD5} - c:\Program Files\Fln\fln.dll (file missing)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll (file missing)
O3 - Toolbar: inExplorer Search - {4E7BD74F-2B8D-469E-8AA5-A930F887B531} - C:\PROGRA~1\INEXPL~1\INEXPL~1.DLL (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Visual Element Fx] C:\WINDOWS\system32\X1002142005.exe
O4 - HKLM\..\Run: [VisualElementFXad] C:\WINDOWS\VisualElementFXad\VisualElementFXad.exe
O4 - HKLM\..\Run: [Visual Element FX5] C:\Documents and Settings\All Users.WINDOWS\Application Data\RDSA\xde54890.exe
O4 - HKLM\..\Run: [ Component] C:\WINDOWS\system32\p2pgnfig.exe
O4 - HKLM\..\Run: [FlnCPY] "C:\Program Files\Common Files\Java\flncpy.exe"
O4 - HKLM\..\Run: [Sysnet] C:\Documents and Settings\KAREN LUDOVISSY.HOME-GBS2P2Z7W1\Desktop\snuninst.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [MCM3] C:\WINDOWS\mcm\mcm3.exe
O4 - HKLM\..\Run: [Microsoft Windows Application] system32.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\system32\Services\{9E6E6D55-ED02-457F-912E-63F08A787EF3}\SVCHOST.EXE
O4 - HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\jbaarj.exe reg_run
O4 - HKLM\..\Run: [BPCV2] c:\Program Files\bpc_search\bpcv2.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\system32\Services\{9E6E6D55-ED02-457F-912E-63F08A787EF3}\SECURITY.EXE
O4 - HKLM\..\Run: [lwtbetm] c:\windows\system32\ohwhohu.exe
O4 - HKLM\..\RunOnce: [BPCv2_re] c:\Program Files\Common Files\Java\bpc2_re_inst.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [ejwcogq] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [yaianxr] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [myxdjwi] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [dbnbwha] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [xarnhuu] c:\windows\jdyjjkd.exe
O4 - HKCU\..\Run: [nsmiiar] c:\windows\jdyjjkd.exe

...check and fix all those random O4 entries in between here.....

O4 - HKCU\..\Run: [vjvxjdl] c:\windows\dkskgri.exe
O4 - HKCU\..\Run: [kfxyjkw] c:\windows\dkskgri.exe
O4 - HKCU\..\Run: [snnhivq] c:\windows\dkskgri.exe
O4 - HKCU\..\Run: [gsldmwr] c:\windows\dkskgri.exe
O4 - HKCU\..\Run: [tmsevev] c:\windows\dkskgri.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: nipd.exe
O9 - Extra button: Microsoft AntiSpyware helper - {3E521EE4-7051-4F85-A9C6-4C1B227AF004} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3E521EE4-7051-4F85-A9C6-4C1B227AF004} - (no file) (HKCU)
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} - http://www.mydailyho...mdh/install.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://www.bullseye-...er_VENDARE4.cab
O21 - SSODL: Media Component - {5458F200-E889-49F3-9B37-E2CDC6B56802} - C:\WINDOWS\system32\modedcz2.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

Close all open windows except for HJT, then click the Fix Checked button. Close HJT.
NOTE: The 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always in in a single letter r.

Delete these:

C:\Documents and Settings\All Users.WINDOWS\Application Data\RDSA\
C:\Documents and Settings\KAREN LUDOVISSY.HOME-GBS2P2Z7W1\Desktop\snuninst.exe
C:\PROGRA~1\INEXPL~1\
C:\PROGRA~1\INEXPL~1\
c:\Program Files\bpc_search\
c:\Program Files\Common Files\Java\bpc2_re_inst.exe
C:\Program Files\Common Files\Java\flacpy.exe
C:\Program Files\Common Files\Java\flncpy.exe
c:\Program Files\Fla\
c:\Program Files\Fln\
c:\windows\bflbalq.exe
C:\WINDOWS\Bolger.dll
c:\windows\dkskgri.exe
c:\windows\gjytjxy.exe
c:\windows\jdyjjkd.exe
C:\WINDOWS\mcm\
C:\WINDOWS\Nail.exe
c:\windows\pwwrjpd.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\systb.dll
c:\windows\system32\flsmngr.dll
C:\WINDOWS\system32\intell32.exe
C:\WINDOWS\system32\jbaarj.exe
C:\WINDOWS\system32\modedcz2.dll
C:\WINDOWS\system32\nsc257.dll
c:\windows\system32\ohwhohu.exe
C:\WINDOWS\system32\p2pgnfig.exe
C:\WINDOWS\system32\richedtr.dll
C:\WINDOWS\system32\richup.exe
C:\WINDOWS\system32\Services\{9E6E6D55-ED02-457F-912E-63F08A787EF3}\
C:\WINDOWS\System32\spoolsrv32.exe
C:\WINDOWS\system32\X1002142005.exe
C:\WINDOWS\VisualElementFXad\
C:\WINDOWS\wupdt.exe
c:\windows\xxwkirg.exe
C:\WINDOWS\zeta.exe
nipd.exe
system32.exe


Now run CCleaner.
  • Uncheck "Cookies" under "Internet Explorer".
  • If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
  • Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the report log from the Ewido scan by using Add Reply
  • 0

#5
iowahaven

iowahaven

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Just so I'm clear on your instructions....do I only have to delete the first occurrence of each file on the randomfilename.exe O4 entries? If not, I already tried the spacebar/down arrow - after an hour I was less than 20% through. Secondly, on the program to download...can I run that from the command line? I am not able to get the system to come up in anything but Safe Mode with a Command Prompt. I'll get going on finding the files you recommended and download for use while I wait for the reply on the first part.
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No. In HijackThis, you have to check all of them. That's the hard part. But when you get to the deletions, there's really not as much to delete. So yes, do what you have been doing with the space bar and down arrow. Make sure you get all of them. Otherwise, some may return again. So try to do this in one big step.

Which program are you talking about? Ewido? Can you install any programs? Is this just the command prompt screen (no Windows)? All those require Windows to run properly since you have to press buttons to do the scans.
  • 0

#7
iowahaven

iowahaven

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
:tazz: No windows...just command prompt. Windows hangs during booting....even in safe mode. I've put hijackthis on a floppy to see if I could see what was going on and delete them. I was hoping there was some way to make a batch file to delete the set of O4 entries...I seriously did the spacebar/arrow for well over an hour today and the vertical slider indicated that I was only about 10-20% done. I would go ahead and delete them and then start again.... So NO I don't have any windows...just operating from the command prompt. I can get into the registry and can see the tons of them loading ...I thought maybe if I walked away for awhile Windows might eventually work through the list and come up but over an hour later it had not. I like my friend....but not enough to sit here for 5 hrs tapping spacebar/arrow to select and delete them. And...after all that, I finally gave up and of course when I came back and restarted with Command prompt they were all once again back in the registry and hijackthis.
  • 0

#8
iowahaven

iowahaven

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I could email you the file so you can see the magnitude if that would help
  • 0

#9
iowahaven

iowahaven

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I put the text into a hidden web page at
http://www.alpinecom.../hijackthis.htm
  • 0

#10
iowahaven

iowahaven

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Just did a line count of that section 13,881 instances of randomfilename.exe
  • 0

#11
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I'm sorry to say this (again), but there is no easy way (batch file) to remove them using HijackThis.

OK, I just thought of something. We might be able to do this without HijackThis then since it's too much for you to fix there.

Email me (see my profile for email address) your whole HijackThis log. Make sure you include a link to this topic here. Otherwise, I would think that you are one of the regulars looking for help - and I usually direct them to the forums.
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP