Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP! [RESOLVED]

Started by Don P , Aug 04 2005 01:31 AM

  • This topic is locked This topic is locked

#1
Don P
Posted 04 August 2005 - 01:31 AM

Don P

    Member

  • Member
  • PipPip
  • 10 posts
Hi, I have definitely attracted a bad a** spyware on my system... it is really annoying. I am sort of a newbie when it comes to removing spyware so pleaaassee help me. I have tried system restore and also norten and ewido but they seem to be a bunch of novices too. I am posting my hijack this scan below, please help me as soon as possible.

Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 2:27:38 AM, on 8/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\update.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\update.exe
C:\WINDOWS\System32\intell32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.343\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSGuard spyware remover] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKCU\..\Run: [onnnymv] c:\windows\yfujjws.exe
O4 - HKCU\..\Run: [xmnyssk] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [hwjdmiy] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [lbxiqjg] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [rdxmdpi] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [gbovknc] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [rjwmkmp] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [ceetnuo] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [njdhlwr] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [iweylci] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [gsjjerb] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [mcxkouw] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [pohxhjf] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [lkpwgeo] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [rqoigri] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [puwtnnf] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [qhwmqqq] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [tanntmm] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [rnpqbeh] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [ufsvvpf] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [nfiqafl] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [hskkpnn] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [bjbwhpb] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [wvatsvr] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [hgoxrjg] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [gllkmkt] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [wwghxkx] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [lcswlgi] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [lhwjygs] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [frfwban] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [uehfpsc] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [bvanoxl] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [afoshsc] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [fncklqa] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [dwlnnhb] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [ioygacr] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [wvkeihx] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [bpkxgic] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [baddaqo] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [tatener] c:\windows\wcllitb.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [darbynr] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [afftqrh] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [hctafic] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [vynuuyu] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [uccuscf] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ummlovv] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ulcdnjw] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [icpmjvy] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [occhlpn] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [gdrlyes] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [uwqspoi] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [kwrmrtc] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ahagapp] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [idcrubb] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [haehkjw] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [pvpwngr] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [mtcqoav] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [kaugbbj] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [pffrxdw] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [bkolcbo] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [kqkdkev] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [mnkytrm] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [qbaqqfc] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [mrommtq] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [gylmlua] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [mtuponc] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [dtyiptm] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [soebtdo] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [yntadyg] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [jvqnnak] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [rllmoqw] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [pogjfni] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ywswvat] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [hcicqkx] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [dxmfgos] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ktmljkc] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [mjeuxhp] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [txkyrwe] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [qpkdmup] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [uuhhkuv] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [pudgaml] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [yrlrrfe] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [uppxlef] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [fujnhmx] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [psladef] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [wrsbbwj] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [boduucp] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [xfjttxb] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [acoovat] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [kcunnbf] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [pnkyxkl] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [hwravcn] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [vicqqos] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [qvgusgv] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ubyxbkd] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [xxcdrml] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [uhrlvgy] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [arjcdpt] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ddputmr] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [owuvyow] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [omntfec] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [udkdaps] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [hcitxoo] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [gqcuuur] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [idxikoh] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [hyqlqcp] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [uyoifrn] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [buqpito] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [rabncst] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [veeoiru] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [gcdtlfd] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [xoyddwm] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [mngoexw] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [iepauah] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [gqnmmjm] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [hlobeeq] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [gujypqx] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [viuqvkb] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [uiqogyb] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [wsnbypx] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [mmjerpu] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [fcndgbp] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [lnhebmc] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [gaimvst] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [tvdwalq] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [xtgmfsx] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [jdaxquo] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [uhiowts] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [arcouuq] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [optimtx] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [spsjnis] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [yaqylmg] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [pgusbjo] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [vqynnef] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [srmmawu] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [ntuhdfi] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [pexpuom] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [tohkpht] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [uoyanqs] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [plhjase] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [xhnjdrq] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [xwtldxr] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [wqmytxu] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [ybjsvcv] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [nwbrpuw] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [pqkmtiw] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [oqibvlk] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [hruehte] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [shaffol] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [blagrwo] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [hksdnxq] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [elkcynd] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [bckusis] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [nkwvqjf] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [kvinhgc] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [ilvuwet] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [uvueuyv] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [jrhliis] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [jerujdy] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [joydrlv] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [cwpbadp] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [ifuyjit] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [gepjxfl] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [ufjejdm] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [enchtdd] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [ddtecsp] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [cadggiu] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ndvsagd] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ejlshnj] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [xgqgvil] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [pylxffx] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [hchecgr] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [dprltra] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [uvnayud] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [oelqjyx] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [lysscfy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [qxnmifo] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ckdfnrt] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [nkwedry] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [jfstlmu] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [jlnymov] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [xduonle] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ijnwkts] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [lishhjr] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [wcjunbi] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [sxbwflq] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [klxeavc] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [iatemyj] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [bmgeoqd] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [efiscwo] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [xtetust] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [bxgswin] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [vystyxr] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [mxttjqb] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ydmfwjf] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [eujblak] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [amkljeg] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [lotevku] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [tuylsqb] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ehdnmkt] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [vlolvbs] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [xxsekko] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [tqgbkqv] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [lwthvle] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ntvaiuk] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [qfsivmb] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [bwesugy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [nyqnaoy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [kwyvlbm] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [tugemal] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [fgoxtfy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [jmtclta] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [clmharx] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [tktkxtg] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [uruxhdn] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ihourjy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [oljcbyx] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [uvoopwt] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [mlppsiy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [pqnyldn] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [odppagx] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [wyjisxy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [yxosatb] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [hnbsbar] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ovfibex] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [xrayqpe] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [psbkrdp] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [niuoihp] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ddnhbjo] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [cxcuuxo] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [gcxpkud] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [leqwbbq] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [ggiwmhd] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [lixgiif] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [ltobcpn] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [mgfysxw] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [pgqygjx] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [auewflj] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [wyciexj] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [kubobhb] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [wqjrrvh] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [vmswhuh] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [axjvrmh] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [ujbllmq] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [prxgycj] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [eqaywsd] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [ivdilsv] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [rfajuoe] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [tnftawo] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [wgepmhg] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [visstvb] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [vntjouo] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [bamjycn] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [nqrrcxq] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [busldfe] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [uckkdst] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [wjuyutc] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [msdjvmf] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [yypjjce] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [eidoome] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [rernhco] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [xigtsyr] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [jmlsrhi] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [chwllww] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [nfsadul] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [guiteiv] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [dxrivia] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [tiaoyei] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [rsdueia] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [jyvkmpd] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [equfhee] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [jlwvgyu] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [penfmme] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [vbhiynh] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ttyajhf] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [lurymgl] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ghosrpa] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [emrfyse] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [vyuhlqq] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [wyawdfr] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [evrrcln] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [tdkcgog] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [wrxdhlr] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [hqohaja] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [tttmuaj] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [kwsddbl] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [lwwmyfa] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [dtaxshr] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [jcugbpl] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [gwrqpwt] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [bymqitm] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [tkienqk] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [opnbgqr] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [chptqha] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ovxqaas] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [xnwjtfa] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [iggnhup] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [liwyhwk] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [jrbupyv] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [pguhypa] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [eoleptf] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [xbqfuwj] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [kdhyasi] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [mnwoclp] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [jalvnfk] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [hmlrate] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [pvjdlji] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [xccgndc] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [dsehhuw] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [pnwbjin] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [txutuur] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ipkyovp] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [umskjbv] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [osmwepm] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [aitjqxn] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ejjrimx] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [brgtnil] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [nidisww] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [whssngv] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [gjayeoy] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [belcers] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [viwfqmg] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [nwaoefj] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [aeejqhq] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [qihpkae] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [yessvtj] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ufrtpsb] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [lynyyho] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [pxuofrm] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [qwesyfw] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [offakmw] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ohdwvrm] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [sbsptsf] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [bxxiicg] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [xoxbvpr] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [kgambyi] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [cbchmqj] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [dcpdfpd] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [fubgcql] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [hdcahbn] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [emajjkh] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [qonueui] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ututmnk] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [nlfmwrl] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [savfirs] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [kkewtjm] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [skbhmft] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [atgivdx] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [uhismfc] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [mcwrvsu] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [xoitrlg] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [henbace] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [mnqtifq] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [rlkkemg] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [fqkdmol] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [tlbioyr] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [oxmqaen] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [tqdjckq] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ykexten] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [jyfdgdh] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [faqlpha] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [fwpomxe] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [xrsottp] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [epgqjio] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [bdmgbxe] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [faxytyb] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [gdbpdre] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ngumoqd] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [xhlhdrc] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [rjfnrku] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [jukutos] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [xmdcabi] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [bulfhsq] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [fgbolxv] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [wwsirdw] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [wkrqbcl] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [sxgbsrm] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [vwxskrt] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [qkabfue] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [beollrg] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [mqbsghx] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [dwpmgyx] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [nwwqqmd] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [xuxyaqm] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [wfsafab] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [dasyuvr] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ncysifa] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [asjfuoe] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [nymrlth] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [exalayc] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [mphfptc] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [nrlrvgd] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [wbcyfsv] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ysvhudd] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [irugrld] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ofatgpj] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [jxllete] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [luukebg] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [sttsovu] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [xjuvbjq] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [gebkglg] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [rkvexat] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [egceege] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [bnsjepr] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [kffyrlh] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ylytunh] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [wfabypb] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [valgjkw] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [qwthvhx] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [namihdf] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ryiafdm] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [yrpxcvm] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [eikuegt] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [qfpeqxd] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ixbraks] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [krbwtnl] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [ykxnrog] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [gcdleuy] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [aayqram] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [hdttwpk] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [punaanq] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [ixgpehd] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [ufqhscw] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [bkooegn] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [pknjejg] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [jaxpxlp] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [nxpmhst] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [mostvac] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [lrbjbeh] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [wavgfap] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [tsuqinc] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [vhrwyte] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [kcjrgir] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [wjdpoyy] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [vvvievo] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [cotgsgl] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [gmmjhgw] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [yrrwfaj] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ojretem] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ugtgutx] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [tvonpmt] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [raurmlw] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ylkapnp] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ayrhcha] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [tfdlpll] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [mnugvxh] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [vwvwnci] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [yygxhwg] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [yxpspyh] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [njipsfp] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ybwiuui] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [gqcfgpn] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [xwqqvcu] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [qetunsm] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [yixoyfv] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ohlssyr] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ysuefsr] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ltuynit] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ewjqwcg] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [svpugvu] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [dvrfikp] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [acusubt] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [pkaqlam] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [pldtebs] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [fvqumuh] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [fycqbps] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [cejehis] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [vkdtyai] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [qhjohtf] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [uhgwqnl] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [oxcqixw] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [bjoyvvt] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [uclxipb] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [fpkevum] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [qmnskww] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [dpmyyvi] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [fkpycra] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [akertan] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [iaoeksy] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [cmrcogv] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [ysdafls] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [wjgpbwl] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [dgbwhrk] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [vevmppm] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [qirbxkw] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [averfov] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [dqjsgtm] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [ngoqyyv] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [wgcepoc] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [oyhvasg] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [usvchym] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [xlhefxw] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [qpmkamw] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [dawxetk] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [eyoloil] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [skkmfxf] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [vgtgysm] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [lcgqusa] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [dcoywuw] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [srunutr] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [vxfhqsd] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [howcgbe] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [fyxiibs] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [ncxhisg] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [festotj] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [mpfpqxo] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [thxlcih] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [tdkepns] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [xbipfvv] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [dkqpjea] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [ngjkafr] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [cnvewek] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [yybsmny] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [cnyomoo] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [oxojhda] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [vrgnpjo] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [uvcemjf] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [xmersmr] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [qttldri] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [wbbaael] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [dseahjd] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [lcvcuej] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [gccumcc] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [dphpwdm] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [mglclls] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [hwjqmeo] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [bjviutd] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [giyohan] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [bxygutq] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [wocbywd] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [ostwnnb] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [lobibya] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [hqqaegd] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [wpkltac] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [cmcayhf] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [doslrfd] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [pepqabl] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [bicshvv] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [emvywgb] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [lvpnahb] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [bmgecxa] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [srkgpti] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [gmwqgpf] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [foxesob] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [cjocero] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [rpivbth] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [pthnurt] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [jeqwhrt] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [cpfntrh] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [vhrsaui] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [vkkowqk] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [vosejcj] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [gsrcrdc] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [utilnge] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [nubedso] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [fujcufs] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [uwuhase] c:\windows\baoyvaw.exe
O4 - HKCU\..\Run: [prqvrtm] c:\windows\baoyvaw.exe
O4 - HKCU\..\Run: [rkoehhj] c:\windows\baoyvaw.exe
O4 - HKCU\..\Run: [nnkyghc] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [hgrgfdc] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [sxgmeoe] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [mpbfdxe] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [rdophfm] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [hoacubm] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [rdstxcd] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [qotwrqy] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [uoqrjxp] c:\windows\cfxrcuh.exe
O4 - HKCU\..\Run: [wtcpcnl] c:\windows\cfxrcuh.exe
O4 - HKCU\..\Run: [petlkky] c:\windows\cfxrcuh.exe
O4 - HKCU\..\Run: [jlyvgpa] c:\windows\jkxoxxq.exe
O4 - HKCU\..\Run: [wtvbbeh] c:\windows\dktblyk.exe
O4 - HKCU\..\Run: [mbqnejf] c:\windows\gyhnalc.exe
O4 - HKCU\..\Run: [uxdvjit] c:\windows\xicmwqr.exe
O4 - HKCU\..\Run: [nkqiacc] c:\windows\eyafsuy.exe
O4 - HKCU\..\Run: [kembrat] c:\windows\gcniagk.exe
O4 - HKCU\..\Run: [jvulopy] c:\windows\bxkbvtx.exe
O4 - HKCU\..\Run: [bquddhn] c:\windows\juqptnt.exe
O4 - HKCU\..\Run: [lwmrorx] c:\windows\cifkqqo.exe
O4 - HKCU\..\Run: [hnbwebc] c:\windows\bllwenh.exe
O4 - HKCU\..\Run: [cbhhplv] c:\windows\sqxgvdb.exe
O4 - HKCU\..\Run: [rcogdwr] c:\windows\efuabms.exe
O4 - HKCU\..\Run: [arwgbdb] c:\windows\bicucpy.exe
O4 - HKCU\..\Run: [dmbcgjj] c:\windows\peeojso.exe
O4 - HKCU\..\Run: [mxdqcby] c:\windows\vbtdxum.exe
O4 - HKCU\..\Run: [eyivlps] c:\windows\bcsxmfd.exe
O4 - HKCU\..\Run: [skwrxci] c:\windows\cwsvcnc.exe
O4 - HKCU\..\Run: [lyjdhgl] c:\windows\jiyucgp.exe
O4 - HKCU\..\Run: [mqfpieg] c:\windows\fdrfjww.exe
O4 - HKCU\..\Run: [swrqvyl] c:\windows\fkcptiw.exe
O4 - HKCU\..\Run: [ywyhvvx] c:\windows\qlnaqwi.exe
O4 - HKCU\..\Run: [wywldwl] c:\windows\kcqvebk.exe
O4 - HKCU\..\Run: [xrpticd] c:\windows\fkhxqst.exe
O4 - HKCU\..\Run: [ohweagj] c:\windows\pirexgc.exe
O4 - HKCU\..\Run: [lxxirdh] c:\windows\icrbgki.exe
O4 - HKCU\..\Run: [pxisgyr] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ikyfhbk] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [bhrkmau] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [tqgaabo] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [qufnpcr] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [xixecds] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ylbtbuk] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [bbnqrgm] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [vhlsrlm] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [qiwrvfg] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [oodrqmi] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [kgxwobc] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [cfdebht] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [poikfwy] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [rdldppd] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [lfwxfkj] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [wvxqwpe] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [yvvxaxi] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [sskylkb] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [hjwymwi] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jyaober] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [yoaande] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [vudgauo] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [uuduwnn] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [msiiign] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [crshpig] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [gsyuphg] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [sacdlwt] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [lpptqvt] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [imikvfy] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [eokohxj] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [wwladwa] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [nkamhhy] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ktyqxlb] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jhqbagm] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [kuojats] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ndqoxny] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [wpklnki] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [alftufk] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [tgihjcx] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [vwlpyto] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jgtmwgh] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [aeutyco] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [gbrqyoo] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [tvtoqod] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [qgcnouu] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ggvvhmv] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [vemieei] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [mjawhvf] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [bgcqymw] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [pxghdfi] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [praxdum] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [kondloo] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [lywrkkh] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ivbasfx] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [urtxcog] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [loahbwl] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [mdnqgxh] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [dbffipa] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [dgegkjs] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [wimiscm] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [xkxgfdf] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jvcslne] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [tkgtvco] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [wpsowjl] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [njjikei] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [gwkmxcx] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [saeqtlm] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [osedvxs] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [okggqsk] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [yvqufgh] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [brfrfxf] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [cwjhfwf] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [tqrhprk] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [cryelwp] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ttdcgsw] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [yracwcu] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [rxjdayf] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jhuhxre] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jjdmasa] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [hieqifi] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ssdkrug] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [kpnswbv] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [vbjraha] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [rmkqtoy] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [lbrxckh] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jmejyyx] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ubryfku] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [veftiff] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [rlfgbwc] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [nrdukdp] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [wykmgnv] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [kusagqf] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [uyecily] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [hrurbsv] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jxjosie] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [vnuttsu] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [txspnlm] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [xmfnlul] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [ttihtsk] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [fgmuiui] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [seonyhn] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [infsqis] c:\windows\knosnvo.exe
O4 - HKCU\..\Run: [cafalxh] c:\windows\knosnvo.exe
O4 - HKCU\..\Run: [kcnknov] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [wedoory] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [pkfkmfa] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [mjackvp] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [gavxllc] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [kfsuwjl] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [qnwkkmo] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [ohvlvpq] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [vbbunch] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [lenvqmx] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [dhfokyb] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [pdogdqa] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [dwxofkw] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [ixqesxe] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [fmcshfr] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [hdmjvhl] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [yotlmal] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [ckdmtyp] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [oxyatqe] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [fohkeyj] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [lnlrrhh] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [qqtqlrh] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [vjsrblo] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [cdwjcin] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [lybrqos] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [nadfdyq] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [fwmsavj] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [msmfuph] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [axbhgjv] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [bnlccwm] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [rcvpvlh] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [ydjsjrh] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [umgqtnm] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [xtpheqd] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [qclwkef] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [srxdxho] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [lynyolc] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [qjypaby] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [gwfasqf] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [wxpsifi] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [fdacfgv] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [yamjpmu] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [upcxjhl] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [dnsqima] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [djtebxl] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [fomxtdo] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [hleswnd] c:\windows\fjiwxyi.exe
O
  • 0

Advertisements

#2
Daemon
Posted 04 August 2005 - 03:14 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
We'll use some clean-up tools first - if you already have any of these and you are sure they are the latest version then just skip and move on to the next one.

Click here to download Spybot Search & Destroy v1.4 - install, update, scan and fix all RED items it finds. Reboot when done.

Click here to download Ad-Aware SE and install. Before scanning click on "check for updates now" to make sure you have the latest reference file.
  • Click "Start"
  • Select "Perform Full System scan"
  • Click "Next" to start the scan.
When the scan is finished, the screen will tell you if anything has been found.
  • Click "Next". The bad files will be listed.
  • Right click the pane and click "Select all objects" - this will put a check mark in the box at the side.
  • Click "Next" again
  • Click "OK" at the prompt "# objects will be removed. Continue?".
Reboot when done.

Click here to download Microsoft AntiSpyware Beta, check for updates and run it. Reboot when done.

Click here to download ewido security suite - it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update ewido. Then:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.
  • 0

#3
Don P
Posted 04 August 2005 - 06:52 PM

Don P

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi, thanks for the reply. I followed the steps and things seem to be smooth for now... these are the logs you asked for:

HJK--

Logfile of HijackThis v1.99.1
Scan saved at 7:49:14 PM, on 8/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.156\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [onnnymv] c:\windows\yfujjws.exe
O4 - HKCU\..\Run: [xmnyssk] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [hwjdmiy] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [lbxiqjg] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [rdxmdpi] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [gbovknc] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [rjwmkmp] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [ceetnuo] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [njdhlwr] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [iweylci] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [gsjjerb] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [mcxkouw] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [pohxhjf] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [lkpwgeo] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [rqoigri] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [puwtnnf] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [qhwmqqq] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [tanntmm] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [rnpqbeh] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [ufsvvpf] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [nfiqafl] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [hskkpnn] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [bjbwhpb] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [wvatsvr] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [hgoxrjg] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [gllkmkt] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [wwghxkx] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [lcswlgi] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [lhwjygs] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [frfwban] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [uehfpsc] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [bvanoxl] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [afoshsc] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [fncklqa] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [dwlnnhb] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [ioygacr] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [wvkeihx] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [bpkxgic] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [baddaqo] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [tatener] c:\windows\wcllitb.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [darbynr] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [afftqrh] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [hctafic] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [vynuuyu] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [uccuscf] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ummlovv] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ulcdnjw] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [icpmjvy] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [occhlpn] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [gdrlyes] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [uwqspoi] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [kwrmrtc] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ahagapp] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [idcrubb] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [haehkjw] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [pvpwngr] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [mtcqoav] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [kaugbbj] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [pffrxdw] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [bkolcbo] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [kqkdkev] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [mnkytrm] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [qbaqqfc] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [mrommtq] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [gylmlua] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [mtuponc] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [dtyiptm] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [soebtdo] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [yntadyg] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [jvqnnak] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [rllmoqw] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [pogjfni] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ywswvat] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [hcicqkx] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [dxmfgos] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ktmljkc] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [mjeuxhp] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [txkyrwe] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [qpkdmup] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [uuhhkuv] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [pudgaml] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [yrlrrfe] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [uppxlef] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [fujnhmx] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [psladef] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [wrsbbwj] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [boduucp] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [xfjttxb] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [acoovat] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [kcunnbf] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [pnkyxkl] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [hwravcn] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [vicqqos] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [qvgusgv] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ubyxbkd] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [xxcdrml] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [uhrlvgy] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [arjcdpt] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ddputmr] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [owuvyow] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [omntfec] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [udkdaps] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [hcitxoo] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [gqcuuur] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [idxikoh] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [hyqlqcp] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [uyoifrn] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [buqpito] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [rabncst] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [veeoiru] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [gcdtlfd] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [xoyddwm] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [mngoexw] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [iepauah] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [gqnmmjm] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [hlobeeq] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [gujypqx] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [viuqvkb] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [uiqogyb] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [wsnbypx] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [mmjerpu] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [fcndgbp] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [lnhebmc] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [gaimvst] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [tvdwalq] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [xtgmfsx] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [jdaxquo] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [uhiowts] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [arcouuq] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [optimtx] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [spsjnis] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [yaqylmg] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [pgusbjo] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [vqynnef] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [srmmawu] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [ntuhdfi] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [pexpuom] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [tohkpht] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [uoyanqs] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [plhjase] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [xhnjdrq] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [xwtldxr] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [wqmytxu] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [ybjsvcv] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [nwbrpuw] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [pqkmtiw] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [oqibvlk] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [hruehte] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [shaffol] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [blagrwo] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [hksdnxq] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [elkcynd] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [bckusis] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [nkwvqjf] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [kvinhgc] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [ilvuwet] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [uvueuyv] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [jrhliis] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [jerujdy] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [joydrlv] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [cwpbadp] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [ifuyjit] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [gepjxfl] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [ufjejdm] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [enchtdd] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [ddtecsp] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [cadggiu] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ndvsagd] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ejlshnj] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [xgqgvil] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [pylxffx] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [hchecgr] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [dprltra] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [uvnayud] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [oelqjyx] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [lysscfy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [qxnmifo] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ckdfnrt] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [nkwedry] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [jfstlmu] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [jlnymov] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [xduonle] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ijnwkts] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [lishhjr] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [wcjunbi] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [sxbwflq] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [klxeavc] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [iatemyj] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [bmgeoqd] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [efiscwo] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [xtetust] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [bxgswin] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [vystyxr] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [mxttjqb] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ydmfwjf] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [eujblak] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [amkljeg] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [lotevku] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [tuylsqb] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ehdnmkt] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [vlolvbs] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [xxsekko] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [tqgbkqv] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [lwthvle] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ntvaiuk] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [qfsivmb] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [bwesugy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [nyqnaoy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [kwyvlbm] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [tugemal] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [fgoxtfy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [jmtclta] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [clmharx] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [tktkxtg] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [uruxhdn] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ihourjy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [oljcbyx] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [uvoopwt] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [mlppsiy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [pqnyldn] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [odppagx] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [wyjisxy] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [yxosatb] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [hnbsbar] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ovfibex] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [xrayqpe] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [psbkrdp] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [niuoihp] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [ddnhbjo] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [cxcuuxo] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [gcxpkud] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [leqwbbq] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [ggiwmhd] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [lixgiif] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [ltobcpn] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [mgfysxw] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [pgqygjx] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [auewflj] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [wyciexj] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [kubobhb] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [wqjrrvh] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [vmswhuh] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [axjvrmh] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [ujbllmq] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [prxgycj] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [eqaywsd] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [ivdilsv] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [rfajuoe] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [tnftawo] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [wgepmhg] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [visstvb] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [vntjouo] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [bamjycn] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [nqrrcxq] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [busldfe] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [uckkdst] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [wjuyutc] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [msdjvmf] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [yypjjce] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [eidoome] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [rernhco] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [xigtsyr] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [jmlsrhi] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [chwllww] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [nfsadul] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [guiteiv] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [dxrivia] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [tiaoyei] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [rsdueia] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [jyvkmpd] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [equfhee] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [jlwvgyu] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [penfmme] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [vbhiynh] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ttyajhf] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [lurymgl] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ghosrpa] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [emrfyse] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [vyuhlqq] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [wyawdfr] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [evrrcln] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [tdkcgog] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [wrxdhlr] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [hqohaja] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [tttmuaj] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [kwsddbl] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [lwwmyfa] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [dtaxshr] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [jcugbpl] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [gwrqpwt] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [bymqitm] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [tkienqk] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [opnbgqr] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [chptqha] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ovxqaas] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [xnwjtfa] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [iggnhup] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [liwyhwk] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [jrbupyv] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [pguhypa] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [eoleptf] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [xbqfuwj] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [kdhyasi] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [mnwoclp] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [jalvnfk] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [hmlrate] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [pvjdlji] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [xccgndc] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [dsehhuw] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [pnwbjin] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [txutuur] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ipkyovp] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [umskjbv] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [osmwepm] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [aitjqxn] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ejjrimx] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [brgtnil] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [nidisww] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [whssngv] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [gjayeoy] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [belcers] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [viwfqmg] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [nwaoefj] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [aeejqhq] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [qihpkae] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [yessvtj] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ufrtpsb] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [lynyyho] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [pxuofrm] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [qwesyfw] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [offakmw] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ohdwvrm] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [sbsptsf] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [bxxiicg] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [xoxbvpr] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [kgambyi] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [cbchmqj] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [dcpdfpd] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [fubgcql] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [hdcahbn] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [emajjkh] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [qonueui] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ututmnk] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [nlfmwrl] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [savfirs] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [kkewtjm] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [skbhmft] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [atgivdx] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [uhismfc] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [mcwrvsu] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [xoitrlg] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [henbace] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [mnqtifq] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [rlkkemg] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [fqkdmol] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [tlbioyr] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [oxmqaen] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [tqdjckq] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ykexten] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [jyfdgdh] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [faqlpha] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [fwpomxe] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [xrsottp] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [epgqjio] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [bdmgbxe] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [faxytyb] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [gdbpdre] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ngumoqd] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [xhlhdrc] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [rjfnrku] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [jukutos] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [xmdcabi] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [bulfhsq] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [fgbolxv] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [wwsirdw] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [wkrqbcl] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [sxgbsrm] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [vwxskrt] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [qkabfue] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [beollrg] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [mqbsghx] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [dwpmgyx] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [nwwqqmd] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [xuxyaqm] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [wfsafab] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [dasyuvr] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ncysifa] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [asjfuoe] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [nymrlth] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [exalayc] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [mphfptc] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [nrlrvgd] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [wbcyfsv] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ysvhudd] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [irugrld] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ofatgpj] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [jxllete] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [luukebg] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [sttsovu] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [xjuvbjq] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [gebkglg] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [rkvexat] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [egceege] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [bnsjepr] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [kffyrlh] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ylytunh] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [wfabypb] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [valgjkw] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [qwthvhx] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [namihdf] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ryiafdm] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [yrpxcvm] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [eikuegt] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [qfpeqxd] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ixbraks] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [krbwtnl] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [ykxnrog] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [gcdleuy] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [aayqram] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [hdttwpk] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [punaanq] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [ixgpehd] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [ufqhscw] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [bkooegn] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [pknjejg] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [jaxpxlp] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [nxpmhst] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [mostvac] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [lrbjbeh] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [wavgfap] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [tsuqinc] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [vhrwyte] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [kcjrgir] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [wjdpoyy] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [vvvievo] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [cotgsgl] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [gmmjhgw] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [yrrwfaj] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ojretem] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ugtgutx] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [tvonpmt] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [raurmlw] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ylkapnp] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ayrhcha] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [tfdlpll] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [mnugvxh] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [vwvwnci] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [yygxhwg] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [yxpspyh] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [njipsfp] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ybwiuui] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [gqcfgpn] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [xwqqvcu] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [qetunsm] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [yixoyfv] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ohlssyr] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ysuefsr] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ltuynit] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [ewjqwcg] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [svpugvu] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [dvrfikp] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [acusubt] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [pkaqlam] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [pldtebs] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [fvqumuh] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [fycqbps] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [cejehis] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [vkdtyai] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [qhjohtf] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [uhgwqnl] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [oxcqixw] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [bjoyvvt] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [uclxipb] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [fpkevum] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [qmnskww] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [dpmyyvi] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [fkpycra] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [akertan] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [iaoeksy] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [cmrcogv] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [ysdafls] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [wjgpbwl] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [dgbwhrk] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [vevmppm] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [qirbxkw] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [averfov] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [dqjsgtm] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [ngoqyyv] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [wgcepoc] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [oyhvasg] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [usvchym] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [xlhefxw] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [qpmkamw] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [dawxetk] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [eyoloil] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [skkmfxf] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [vgtgysm] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [lcgqusa] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [dcoywuw] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [srunutr] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [vxfhqsd] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [howcgbe] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [fyxiibs] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [ncxhisg] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [festotj] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [mpfpqxo] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [thxlcih] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [tdkepns] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [xbipfvv] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [dkqpjea] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [ngjkafr] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [cnvewek] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [yybsmny] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [cnyomoo] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [oxojhda] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [vrgnpjo] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [uvcemjf] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [xmersmr] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [qttldri] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [wbbaael] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [dseahjd] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [lcvcuej] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [gccumcc] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [dphpwdm] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [mglclls] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [hwjqmeo] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [bjviutd] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [giyohan] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [bxygutq] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [wocbywd] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [ostwnnb] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [lobibya] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [hqqaegd] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [wpkltac] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [cmcayhf] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [doslrfd] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [pepqabl] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [bicshvv] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [emvywgb] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [lvpnahb] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [bmgecxa] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [srkgpti] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [gmwqgpf] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [foxesob] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [cjocero] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [rpivbth] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [pthnurt] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [jeqwhrt] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [cpfntrh] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [vhrsaui] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [vkkowqk] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [vosejcj] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [gsrcrdc] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [utilnge] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [nubedso] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [fujcufs] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [uwuhase] c:\windows\baoyvaw.exe
O4 - HKCU\..\Run: [prqvrtm] c:\windows\baoyvaw.exe
O4 - HKCU\..\Run: [rkoehhj] c:\windows\baoyvaw.exe
O4 - HKCU\..\Run: [nnkyghc] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [hgrgfdc] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [sxgmeoe] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [mpbfdxe] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [rdophfm] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [hoacubm] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [rdstxcd] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [qotwrqy] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [uoqrjxp] c:\windows\cfxrcuh.exe
O4 - HKCU\..\Run: [wtcpcnl] c:\windows\cfxrcuh.exe
O4 - HKCU\..\Run: [petlkky] c:\windows\cfxrcuh.exe
O4 - HKCU\..\Run: [jlyvgpa] c:\windows\jkxoxxq.exe
O4 - HKCU\..\Run: [wtvbbeh] c:\windows\dktblyk.exe
O4 - HKCU\..\Run: [mbqnejf] c:\windows\gyhnalc.exe
O4 - HKCU\..\Run: [uxdvjit] c:\windows\xicmwqr.exe
O4 - HKCU\..\Run: [nkqiacc] c:\windows\eyafsuy.exe
O4 - HKCU\..\Run: [kembrat] c:\windows\gcniagk.exe
O4 - HKCU\..\Run: [jvulopy] c:\windows\bxkbvtx.exe
O4 - HKCU\..\Run: [bquddhn] c:\windows\juqptnt.exe
O4 - HKCU\..\Run: [lwmrorx] c:\windows\cifkqqo.exe
O4 - HKCU\..\Run: [hnbwebc] c:\windows\bllwenh.exe
O4 - HKCU\..\Run: [cbhhplv] c:\windows\sqxgvdb.exe
O4 - HKCU\..\Run: [rcogdwr] c:\windows\efuabms.exe
O4 - HKCU\..\Run: [arwgbdb] c:\windows\bicucpy.exe
O4 - HKCU\..\Run: [dmbcgjj] c:\windows\peeojso.exe
O4 - HKCU\..\Run: [mxdqcby] c:\windows\vbtdxum.exe
O4 - HKCU\..\Run: [eyivlps] c:\windows\bcsxmfd.exe
O4 - HKCU\..\Run: [skwrxci] c:\windows\cwsvcnc.exe
O4 - HKCU\..\Run: [lyjdhgl] c:\windows\jiyucgp.exe
O4 - HKCU\..\Run: [mqfpieg] c:\windows\fdrfjww.exe
O4 - HKCU\..\Run: [swrqvyl] c:\windows\fkcptiw.exe
O4 - HKCU\..\Run: [ywyhvvx] c:\windows\qlnaqwi.exe
O4 - HKCU\..\Run: [wywldwl] c:\windows\kcqvebk.exe
O4 - HKCU\..\Run: [xrpticd] c:\windows\fkhxqst.exe
O4 - HKCU\..\Run: [ohweagj] c:\windows\pirexgc.exe
O4 - HKCU\..\Run: [lxxirdh] c:\windows\icrbgki.exe
O4 - HKCU\..\Run: [pxisgyr] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ikyfhbk] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [bhrkmau] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [tqgaabo] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [qufnpcr] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [xixecds] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ylbtbuk] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [bbnqrgm] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [vhlsrlm] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [qiwrvfg] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [oodrqmi] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [kgxwobc] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [cfdebht] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [poikfwy] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [rdldppd] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [lfwxfkj] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [wvxqwpe] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [yvvxaxi] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [sskylkb] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [hjwymwi] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jyaober] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [yoaande] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [vudgauo] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [uuduwnn] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [msiiign] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [crshpig] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [gsyuphg] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [sacdlwt] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [lpptqvt] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [imikvfy] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [eokohxj] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [wwladwa] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [nkamhhy] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ktyqxlb] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jhqbagm] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [kuojats] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ndqoxny] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [wpklnki] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [alftufk] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [tgihjcx] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [vwlpyto] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jgtmwgh] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [aeutyco] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [gbrqyoo] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [tvtoqod] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [qgcnouu] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ggvvhmv] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [vemieei] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [mjawhvf] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [bgcqymw] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [pxghdfi] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [praxdum] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [kondloo] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [lywrkkh] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ivbasfx] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [urtxcog] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [loahbwl] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [mdnqgxh] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [dbffipa] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [dgegkjs] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [wimiscm] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [xkxgfdf] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jvcslne] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [tkgtvco] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [wpsowjl] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [njjikei] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [gwkmxcx] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [saeqtlm] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [osedvxs] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [okggqsk] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [yvqufgh] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [brfrfxf] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [cwjhfwf] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [tqrhprk] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [cryelwp] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ttdcgsw] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [yracwcu] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [rxjdayf] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jhuhxre] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jjdmasa] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [hieqifi] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ssdkrug] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [kpnswbv] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [vbjraha] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [rmkqtoy] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [lbrxckh] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jmejyyx] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [ubryfku] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [veftiff] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [rlfgbwc] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [nrdukdp] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [wykmgnv] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [kusagqf] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [uyecily] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [hrurbsv] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jxjosie] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [vnuttsu] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [txspnlm] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [xmfnlul] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [ttihtsk] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [fgmuiui] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [seonyhn] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [infsqis] c:\windows\knosnvo.exe
O4 - HKCU\..\Run: [cafalxh] c:\windows\knosnvo.exe
O4 - HKCU\..\Run: [kcnknov] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [wedoory] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [pkfkmfa] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [mjackvp] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [gavxllc] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [kfsuwjl] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [qnwkkmo] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [ohvlvpq] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [vbbunch] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [lenvqmx] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [dhfokyb] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [pdogdqa] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [dwxofkw] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [ixqesxe] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [fmcshfr] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [hdmjvhl] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [yotlmal] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [ckdmtyp] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [oxyatqe] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [fohkeyj] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [lnlrrhh] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [qqtqlrh] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [vjsrblo] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [cdwjcin] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [lybrqos] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [nadfdyq] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [fwmsavj] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [msmfuph] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [axbhgjv] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [bnlccwm] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [rcvpvlh] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [ydjsjrh] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [umgqtnm] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [xtpheqd] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [qclwkef] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [srxdxho] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [lynyolc] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [qjypaby] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [gwfasqf] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [wxpsifi] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [fdacfgv] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [yamjpmu] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [upcxjhl] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [dnsqima] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [djtebxl] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [fomxtdo] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [hleswnd] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [xnqnhoh] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [svamsry] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [vnqnmhf] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [tbllgyk] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [ankelos] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [fruymvd] c:\windows�

Edited by Don P, 04 August 2005 - 07:03 PM.

  • 0

#4
Don P
Posted 04 August 2005 - 07:04 PM

Don P

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
continued...

O4 - HKCU\..\Run: [awxhkhb] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [bhebqiu] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [hxulyeh] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [xfafldq] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [qxudoqv] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [mhveeri] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [lgnprfs] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [bsrxkre] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [hdidoqp] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [txkqwie] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [ncyvbqf] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [cmaknlh] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [cnkykva] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [lyjsxiv] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [qxqhdcb] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [amnehvo] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [emrssrr] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [tynmlkv] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [xsfqtuv] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [kovjpmj] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [tcxaoor] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [jhcvulu] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [cvvbcre] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [ytbdxus] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [igvyods] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [nxrmaui] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [hxhidou] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [tqlkdhe] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [metqoom] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [gcofpao] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [kopoeyo] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [viiisio] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [lejcbat] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [ohxcngj] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [qdjvxob] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [mbtsfxy] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [hminood] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [ppkyced] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [fashyae] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [chmfnhk] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [abbbpty] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [vmykwot] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [coqidui] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [nmaeucl] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [hbukfxs] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [qbtvtrw] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [rpdnbel] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [dluvdql] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [bfebqpx] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [bjppgux] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [tskpaci] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [avofems] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [hjuwdyo] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [hhbmkph] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [swejpbp] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [apeubur] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [rxdmljc] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [tlmdkpr] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [qqpnijd] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [kiewuuc] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [iccuurs] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [lbnokpg] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [uusujoc] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [ivsgefd] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [jnngiup] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [qaamacp] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [jtpsgyc] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [ukychrv] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [rsjotxb] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [vshxath] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [dyjqnyp] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [ckyblhy] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [qjvrkhp] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [fekjfwt] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [ffmslmx] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [pshcovk] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [twovlgi] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [iohoytp] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [ricsqpj] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [toawdoh] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [tuqyngc] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [swdrela] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [ogomyiv] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [ojkvhuy] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [uoctfdj] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [labvjno] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [oqamcmo] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [jnbgsej] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [dkyivyr] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [aeskbqw] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [isjossg] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [bconpbt] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [bmcnfsf] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [cqweqto] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [mwebtiw] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [hhwtlac] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [bjulgdf] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [iugxvnn] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [pmglnhv] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [coikpur] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [liuckvs] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [vlbexli] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [tfxactx] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [ctgyvul] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [soechuq] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [svkvbev] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [ygqlved] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [cliqmyo] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [ftsutmb] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [liigmoc] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [xmdnexh] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [cjkkpcb] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [cljtdgc] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [eotpqua] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [mvwined] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [qvvqxlw] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [mbplhlj] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [tisftgw] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [cayqnvr] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [cphiuiy] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [pepiaub] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [lkrkmhh] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [feaqsfd] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [qxabcrb] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [hnsoegx] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [wphyqss] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [rtuqfjy] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [guyxqaq] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [qepdhfr] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [tijasds] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [pyseyte] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [ilxjwuq] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [venskfe] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [oqgwske] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [waryunl] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [kquymdd] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [rvjnnfk] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [jewhtyg] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [uslvyag] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [vgsqfvt] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [gkbllyx] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [eecxuow] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [aysptee] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [kpehjgy] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [temsnsx] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [acruiks] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [yymblyb] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [faiasja] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [dewdfjk] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [jdqtxqo] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [swcvowc] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [badualj] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [snbutbi] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [xlmteag] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [nfjnbie] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [kcosskr] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [ywgdama] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [ivepfac] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [sdakpbx] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [aurqvhe] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [dxttapy] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [sxlakmw] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [daplmpa] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [lpahipo] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [wpwortn] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [rudjcch] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [bwwjfug] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [auodbwq] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [dvamohp] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [ojayhnu] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [tyfkyrt] c:\windows\jmvdpnw.exe
O4 - HKCU\..\Run: [stloxim] c:\windows\jmvdpnw.exe
O4 - HKCU\..\Run: [idnggjp] c:\windows\jmvdpnw.exe
O4 - HKCU\..\Run: [ycrnldv] c:\windows\jmvdpnw.exe
O4 - HKCU\..\Run: [unhcmbt] c:\windows\jmvdpnw.exe
O4 - HKCU\..\Run: [nmqtedl] c:\windows\jmvdpnw.exe
O4 - HKCU\..\Run: [mfuscjg] c:\windows\jmvdpnw.exe
O4 - HKCU\..\Run: [xhgdbhh] c:\windows\jmvdpnw.exe
O4 - HKCU\..\Run: [dcyiqrj] c:\windows\jmvdpnw.exe
O4 - HKCU\..\Run: [xbqohlg] c:\windows\jmvdpnw.exe
O4 - HKCU\..\Run: [ijdbdar] c:\windows\jmvdpnw.exe
O4 - HKCU\..\Run: [pimdsgg] c:\windows\liufdod.exe
O4 - HKCU\..\Run: [rwujrgk] c:\windows\liufdod.exe
O4 - HKCU\..\Run: [sscvjix] c:\windows\liufdod.exe
O4 - HKCU\..\Run: [ryngvud] c:\windows\ssvfqtn.exe
O4 - HKCU\..\Run: [pvmjfam] c:\windows\ssvfqtn.exe
O4 - HKCU\..\Run: [uufcdej] c:\windows\ssvfqtn.exe
O4 - HKCU\..\Run: [exgxwrw] c:\windows\lcjwgas.exe
O4 - HKCU\..\Run: [wrrxelk] c:\windows\lcjwgas.exe
O4 - HKCU\..\Run: [ffefupp] c:\windows\lcjwgas.exe
O4 - HKCU\..\Run: [bdjnaje] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [rkkisat] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [emklcjk] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [xpywdfn] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [ugftlpm] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [ysayggn] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [bewfije] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [qpsmqpo] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [xiptlal] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [doxcdom] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [xnyuxku] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [lxlnmhi] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [ypqtlca] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [qkkvdqu] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [jgxemtx] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [oyqblnc] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [sryrohf] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [gmhagat] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [wqgpxlg] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [nemfihq] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [aelixlb] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [bshahma] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [vnpvive] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [oxbvgdm] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [diotljf] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [hifxtob] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [mvbyqxt] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [svkrirp] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [ixqtypk] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [ovvsscq] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [qussjwg] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [apbmlan] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [fyxyvmr] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [kmvepyu] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [cwrbmbn] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [hvrrrkc] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [rmijdwh] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [lyhlmnv] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [oojiwva] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [rfssghc] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [ipdstgd] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [pimmgdt] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [ajnbmsc] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [sheqsgb] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [mopawmp] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [fbljxig] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [tvscicc] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [mlegnau] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [pluxuyj] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [kyuvosa] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [skegwhu] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [txqwtav] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [khjqlef] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [yohxden] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [mbktvcs] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [bbajbsc] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [ygsibkh] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [gotfqoy] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [kfuismf] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [okkghll] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [wucjikw] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [gxfnjne] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [fourfhi] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [hjoqjaj] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [fenbfbh] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [xnopfik] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [citjted] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [mdssbea] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [vutgmyw] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [ufrjvsj] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [utkfrig] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [hyjhmvb] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [bqxaxlw] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [rojqaah] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [kbifefx] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [wwicwtt] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [rkdndak] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [legyecx] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [btjeexm] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [yfemhei] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [uujovpm] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [bsayose] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [lflkult] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [qhoxkrm] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [arurmsp] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [jwljgtb] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [ntjbtbc] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [elugrws] c:\windows\ctpqvnb.exe
O4 - HKCU\..\Run: [lwryknh] c:\windows\ctpqvnb.exe
O4 - HKCU\..\Run: [hlavufl] c:\windows\wrwohok.exe
O4 - HKCU\..\Run: [ugatgtx] c:\windows\wrwohok.exe
O4 - HKCU\..\Run: [fapyndl] c:\windows\wrwohok.exe
O4 - HKCU\..\Run: [ukmmkft] c:\windows\osonuwx.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D001E66-390D-4BF8-A45A-8947B4A138E3}: NameServer = 206.141.192.60 206.141.193.55
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#5
Don P
Posted 04 August 2005 - 07:05 PM

Don P

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ewido log--

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:46:10 PM, 8/4/2005
+ Report-Checksum: CA8BEB4F

+ Scan result:

C:\hp\drivers\video_Intel\igfxtray.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\WINDOWS\system32\igfxtray.exe -> TrojanDropper.Paradrop.a : Cleaned with backup
C:\WINDOWS\system32\vcftlaaa.exe -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End
  • 0

#6
Don P
Posted 04 August 2005 - 07:16 PM

Don P

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry I forgot to tell ya this... like I said, everything looks sweet so far but when I reboot the computer an error-like message started popping up... it says:

"Invalid Backweb application id "1940576" then it prompts me to click "ok"... which is the only option.

I dont know if thats a big issue but I thought you'd want that too.

Thanks for the helps so far.
  • 0

#7
Daemon
Posted 05 August 2005 - 12:37 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
OK, let's make your log a bit more manageable, there are hundreds of random seven letter O4 trojan entries that need to be removed. There isn't a quick way of doing this. Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

O4 - HKCU\..\Run: [onnnymv] c:\windows\yfujjws.exe
O4 - HKCU\..\Run: [xmnyssk] c:\windows\tqloebw.exe to O4 - HKCU\..\Run: [baddaqo] c:\windows\tqloebw.exe
O4 - HKCU\..\Run: [tatener] c:\windows\wcllitb.exe
O4 - HKCU\..\Run: [darbynr] c:\windows\gelibqn.exe to O4 - HKCU\..\Run: [arjcdpt] c:\windows\gelibqn.exe
O4 - HKCU\..\Run: [ddputmr] c:\windows\cnhqeyf.exe to O4 - HKCU\..\Run: [uvueuyv] c:\windows\cnhqeyf.exe
O4 - HKCU\..\Run: [jrhliis] c:\windows\rqcjigl.exe to O4 - HKCU\..\Run: [enchtdd] c:\windows\rqcjigl.exe
O4 - HKCU\..\Run: [jerujdy] c:\windows\rqcjigl.exe to O4 - HKCU\..\Run: [cxcuuxo] c:\windows\eriwcgh.exe
O4 - HKCU\..\Run: [gcxpkud] c:\windows\nlfpvpn.exe to O4 - HKCU\..\Run: [eqaywsd] c:\windows\nlfpvpn.exe
O4 - HKCU\..\Run: [ivdilsv] c:\windows\nqamwhn.exe to O4 - HKCU\..\Run: [qonueui] c:\windows\nqamwhn.exe
O4 - HKCU\..\Run: [ututmnk] c:\windows\rsysmga.exe to O4 - HKCU\..\Run: [qfpeqxd] c:\windows\rsysmga.exe
O4 - HKCU\..\Run: [ixbraks] c:\windows\kkfviej.exe to O4 - HKCU\..\Run: [bkooegn] c:\windows\kkfviej.exe
O4 - HKCU\..\Run: [pknjejg] c:\windows\ppyagvm.exe to O4 - HKCU\..\Run: [fvqumuh] c:\windows\ppyagvm.exe
O4 - HKCU\..\Run: [fycqbps] c:\windows\xhasiaa.exe to O4 - HKCU\..\Run: [qpmkamw] c:\windows\xhasiaa.exe
O4 - HKCU\..\Run: [dawxetk] c:\windows\ruaouim.exe to O4 - HKCU\..\Run: [fujcufs] c:\windows\ruaouim.exe
O4 - HKCU\..\Run: [uwuhase] c:\windows\baoyvaw.exe to O4 - HKCU\..\Run: [rkoehhj] c:\windows\baoyvaw.exe
O4 - HKCU\..\Run: [nnkyghc] c:\windows\oprmero.exe to O4 - HKCU\..\Run: [qotwrqy] c:\windows\oprmero.exe
O4 - HKCU\..\Run: [uoqrjxp] c:\windows\cfxrcuh.exe to O4 - HKCU\..\Run: [petlkky] c:\windows\cfxrcuh.exe
O4 - HKCU\..\Run: [jlyvgpa] c:\windows\jkxoxxq.exe
O4 - HKCU\..\Run: [wtvbbeh] c:\windows\dktblyk.exe
O4 - HKCU\..\Run: [mbqnejf] c:\windows\gyhnalc.exe
O4 - HKCU\..\Run: [uxdvjit] c:\windows\xicmwqr.exe
O4 - HKCU\..\Run: [nkqiacc] c:\windows\eyafsuy.exe
O4 - HKCU\..\Run: [kembrat] c:\windows\gcniagk.exe
O4 - HKCU\..\Run: [jvulopy] c:\windows\bxkbvtx.exe
O4 - HKCU\..\Run: [bquddhn] c:\windows\juqptnt.exe
O4 - HKCU\..\Run: [lwmrorx] c:\windows\cifkqqo.exe
O4 - HKCU\..\Run: [hnbwebc] c:\windows\bllwenh.exe
O4 - HKCU\..\Run: [cbhhplv] c:\windows\sqxgvdb.exe
O4 - HKCU\..\Run: [rcogdwr] c:\windows\efuabms.exe
O4 - HKCU\..\Run: [arwgbdb] c:\windows\bicucpy.exe
O4 - HKCU\..\Run: [dmbcgjj] c:\windows\peeojso.exe
O4 - HKCU\..\Run: [mxdqcby] c:\windows\vbtdxum.exe
O4 - HKCU\..\Run: [eyivlps] c:\windows\bcsxmfd.exe
O4 - HKCU\..\Run: [skwrxci] c:\windows\cwsvcnc.exe
O4 - HKCU\..\Run: [lyjdhgl] c:\windows\jiyucgp.exe
O4 - HKCU\..\Run: [mqfpieg] c:\windows\fdrfjww.exe
O4 - HKCU\..\Run: [swrqvyl] c:\windows\fkcptiw.exe
O4 - HKCU\..\Run: [ywyhvvx] c:\windows\qlnaqwi.exe
O4 - HKCU\..\Run: [wywldwl] c:\windows\kcqvebk.exe
O4 - HKCU\..\Run: [xrpticd] c:\windows\fkhxqst.exe
O4 - HKCU\..\Run: [ohweagj] c:\windows\pirexgc.exe
O4 - HKCU\..\Run: [lxxirdh] c:\windows\icrbgki.exe
O4 - HKCU\..\Run: [pxisgyr] c:\windows\iitpray.exe to O4 - HKCU\..\Run: [hrurbsv] c:\windows\iitpray.exe
O4 - HKCU\..\Run: [jxjosie] c:\windows\gnkncbh.exe to O4 - HKCU\..\Run: [seonyhn] c:\windows\gnkncbh.exe
O4 - HKCU\..\Run: [infsqis] c:\windows\knosnvo.exe
O4 - HKCU\..\Run: [cafalxh] c:\windows\knosnvo.exe
O4 - HKCU\..\Run: [kcnknov] c:\windows\fjiwxyi.exe to O4 - HKCU\..\Run: [txkqwie] c:\windows\fjiwxyi.exe
O4 - HKCU\..\Run: [igvyods] c:\windows\khhmmti.exe to O4 - HKCU\..\Run: [ricsqpj] c:\windows\khhmmti.exe
O4 - HKCU\..\Run: [toawdoh] c:\windows\smgebuk.exe to O4 - HKCU\..\Run: [cliqmyo] c:\windows\smgebuk.exe
O4 - HKCU\..\Run: [ftsutmb] c:\windows\mnpfvqi.exe to O4 - HKCU\..\Run: [ojayhnu] c:\windows\mnpfvqi.exe
O4 - HKCU\..\Run: [tyfkyrt] c:\windows\jmvdpnw.exe to O4 - HKCU\..\Run: [ijdbdar] c:\windows\jmvdpnw.exe
O4 - HKCU\..\Run: [pimdsgg] c:\windows\liufdod.exe to O4 - HKCU\..\Run: [sscvjix] c:\windows\liufdod.exe
O4 - HKCU\..\Run: [ryngvud] c:\windows\ssvfqtn.exe to O4 - HKCU\..\Run: [uufcdej] c:\windows\ssvfqtn.exe
O4 - HKCU\..\Run: [exgxwrw] c:\windows\lcjwgas.exe to O4 - HKCU\..\Run: [ffefupp] c:\windows\lcjwgas.exe
O4 - HKCU\..\Run: [bdjnaje] c:\windows\oytcsdb.exe to O4 - HKCU\..\Run: [qkkvdqu] c:\windows\oytcsdb.exe
O4 - HKCU\..\Run: [jgxemtx] c:\windows\bqkqqxp.exe to O4 - HKCU\..\Run: [skegwhu] c:\windows\bqkqqxp.exe
O4 - HKCU\..\Run: [txqwtav] c:\windows\wwoeour.exe to O4 - HKCU\..\Run: [bqxaxlw] c:\windows\wwoeour.exe
O4 - HKCU\..\Run: [rojqaah] c:\windows\xwryywy.exe to O4 - HKCU\..\Run: [ntjbtbc] c:\windows\xwryywy.exe
O4 - HKCU\..\Run: [elugrws] c:\windows\ctpqvnb.exe
O4 - HKCU\..\Run: [lwryknh] c:\windows\ctpqvnb.exe
O4 - HKCU\..\Run: [hlavufl] c:\windows\wrwohok.exe to O4 - HKCU\..\Run: [fapyndl] c:\windows\wrwohok.exe
O4 - HKCU\..\Run: [ukmmkft] c:\windows\osonuwx.exe

Click here, for instructions on how to enable hidden files and folders to be visible. After enabling, reboot into safe mode by tapping F8 after the BIOS has loaded and delete the following if found:

c:\windows\yfujjws.exe
c:\windows\tqloebw.exe
c:\windows\wcllitb.exe
c:\windows\gelibqn.exe
c:\windows\cnhqeyf.exe
c:\windows\rqcjigl.exe
c:\windows\rqcjigl.exe
c:\windows\nlfpvpn.exe
c:\windows\nqamwhn.exe
c:\windows\rsysmga.exe
c:\windows\kkfviej.exe
c:\windows\ppyagvm.exe
c:\windows\xhasiaa.exe
c:\windows\ruaouim.exe
c:\windows\baoyvaw.exe
c:\windows\oprmero.exe
c:\windows\cfxrcuh.exe
c:\windows\jkxoxxq.exe
c:\windows\dktblyk.exe
c:\windows\gyhnalc.exe
c:\windows\xicmwqr.exe
c:\windows\eyafsuy.exe
c:\windows\gcniagk.exe
c:\windows\bxkbvtx.exe
c:\windows\juqptnt.exe
c:\windows\cifkqqo.exe
c:\windows\bllwenh.exe
c:\windows\sqxgvdb.exe
c:\windows\efuabms.exe
c:\windows\bicucpy.exe
c:\windows\peeojso.exe
c:\windows\vbtdxum.exe
c:\windows\bcsxmfd.exe
c:\windows\cwsvcnc.exe
c:\windows\jiyucgp.exe
c:\windows\fdrfjww.exe
c:\windows\fkcptiw.exe
c:\windows\qlnaqwi.exe
c:\windows\kcqvebk.exe
c:\windows\fkhxqst.exe
c:\windows\pirexgc.exe
c:\windows\icrbgki.exe
c:\windows\iitpray.exe
c:\windows\gnkncbh.exe
c:\windows\knosnvo.exe
c:\windows\fjiwxyi.exe
c:\windows\khhmmti.exe
c:\windows\smgebuk.exe
c:\windows\mnpfvqi.exe
c:\windows\jmvdpnw.exe
c:\windows\liufdod.exe
c:\windows\ssvfqtn.exe
c:\windows\lcjwgas.exe
c:\windows\oytcsdb.exe
c:\windows\bqkqqxp.exe
c:\windows\wwoeour.exe
c:\windows\xwryywy.exe
c:\windows\ctpqvnb.exe
c:\windows\wrwohok.exe
c:\windows\osonuwx.exe

Reboot when done, rescan with HJT and post a new log here for a final check over.
  • 0

#8
Don P
Posted 05 August 2005 - 10:01 AM

Don P

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Alright, I have followed those steps.. I am posting the hjk log below but I have to ask about that runner error again ... its still popping up when i startup the computer: "Runner Error" then it says "Invalid Backweb application id '1940576'" and makes me click ok.

Anyway, heres the log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:00 AM, on 8/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX03.016\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ncyvbqf] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [cmaknlh] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [cnkykva] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [lyjsxiv] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [qxqhdcb] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [amnehvo] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [emrssrr] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [tynmlkv] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [xsfqtuv] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [kovjpmj] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [tcxaoor] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [jhcvulu] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [cvvbcre] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [ytbdxus] c:\windows\feythvy.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#9
Don P
Posted 05 August 2005 - 10:03 AM

Don P

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Oh and also, should that abcsearch4u be in the system? or should I delete it with hjk?

Thanks for your help so far.
  • 0

#10
Daemon
Posted 05 August 2005 - 10:10 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder for it and place the program into that new folder.

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ncyvbqf] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [cmaknlh] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [cnkykva] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [lyjsxiv] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [qxqhdcb] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [amnehvo] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [emrssrr] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [tynmlkv] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [xsfqtuv] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [kovjpmj] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [tcxaoor] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [jhcvulu] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [cvvbcre] c:\windows\feythvy.exe
O4 - HKCU\..\Run: [ytbdxus] c:\windows\feythvy.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

Exit HijackThis when done. Reboot into Safe Mode by tapping F8 after the BIOS has loaded. Using Windows Explorer, find and delete the following:

c:\windows\feythvy.exe

Exit Explorer and reboot into Normal Mode. Rescan with HijackThis and post a new log here.
  • 0

#11
Don P
Posted 05 August 2005 - 11:08 AM

Don P

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hey man it's looking sweet! The Runner error didnt show up on start up this time... but I couldn't find the c:\windows\feythvy.exe and i have my hidden files showing and all that. Anyway, heres the new HJK log:

Logfile of HijackThis v1.99.1
Scan saved at 12:06:24 PM, on 8/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Owner\Desktop\HJK\HijackThis.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#12
Daemon
Posted 05 August 2005 - 11:20 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Looks good - everything running OK now?
  • 0

#13
Don P
Posted 05 August 2005 - 11:50 AM

Don P

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
yea everything's running great! thanks a lot man.
  • 0

#14
Daemon
Posted 05 August 2005 - 11:53 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
You're welcome - glad to help :tazz:

To help keep you clean follow the recommendations in Tony's article here:

So how did I get infected in the first place?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP