User response needed please: Please help me get rid of trojan-spy.html.smitfraud.c

Unknown

When my computer boots up, my desktop has a blue background with the message below:

SECURITY WARNING

A fatal error in IE has occurred at 0028:C0011E36 in VXD VMM<01> + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c

System can not function in normal mode. Please check your security settings.
Scan your PC with any available antivirus/spyware remover program to fix the problem.

I cannot run anything in normal Windows (XP Professional) mode. In safe mode I have run Norton which finds a couple of instance of Trojan Startpage that it cannot delete or repair. I have run a program called Avast!, I have run adaware and spybot. Below is my hijackthis log.

Any help will be greatly appreciated. I have no idea what to do.
Richard

Logfile of HijackThis v1.99.1
Scan saved at 9:12:29 AM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ewizard.cc/cn/?r=53afacd898f95dc2&pin=1
F1 - win.ini: run=fntldr.exe C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,userinit.exe
O1 - Hosts: 66.98.142.165 lycos.com
O2 - BHO: (no name) - {4014CE60-DD98-0C49-2BB5-2DBB9CBA9B94} - C:\DOCUME~1\RICHAR~1.SCH\APPLIC~1\OOZEBI~1\BagsHeart.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A9BF44BA-04C4-4C46-923F-C97672F13F0C} - C:\WINDOWS\System32\oebp.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Citymedia - {FF4EEF75-A4F5-C0D4-F421-2F6FE1A8F169} - C:\PROGRA~1\OOZEBI~1\tons style.dll (file missing)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Tapicfg.exe] \tapicfg.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [0smP33O] lmhrc32r.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [insidewindowbeepone] C:\Documents and Settings\All Users\Application Data\Soft Delete Inside Window\curblite.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmg.exe
O4 - HKLM\..\Run: [Agent WebControl] C:\WINDOWS\System32\wiavg12n.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Richard G. Schwartz"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Intellisync For NEC Wireless Phones.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: system32.dll.lnk = ?
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://c:\\foo.mht!http://67.15.130.39/x/us/exe.chm::/exe
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O18 - Protocol: bw+0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\windows\system32\kbd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: Terminal Connection - {2513B026-E8A9-415E-BED0-5C651ACBAC90} - C:\WINDOWS\System32\ialmcdec.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Buckeye_Sam

Please download CWShredder but don't run it yet.
http://cwshredder.net/bin/CWSInstall.exe


Download Ad-aware SE 1.05 from: http://www.majorgeeks.com/download506.html
Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.


Make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ewizard.cc/cn/?r=53afacd898f95dc2&pin=1
F1 - win.ini: run=fntldr.exe C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\in fo32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,userinit .exe
O1 - Hosts: 66.98.142.165 lycos.com
O2 - BHO: (no name) - {4014CE60-DD98-0C49-2BB5-2DBB9CBA9B94} - C:\DOCUME~1\RICHAR~1.SCH\APPLIC~1\OOZEBI~1\BagsHea rt.exe
O2 - BHO: (no name) - {A9BF44BA-04C4-4C46-923F-C97672F13F0C} - C:\WINDOWS\System32\oebp.dll (file missing)
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [0smP33O] lmhrc32r.exe
O4 - HKLM\..\Run: [insidewindowbeepone] C:\Documents and Settings\All Users\Application Data\Soft Delete Inside Window\curblite.exe
O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmg.exe
O4 - HKLM\..\Run: [Agent WebControl] C:\WINDOWS\System32\wiavg12n.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://c:\\foo.mht!http://67.15.130.39/x/us/exe.chm::/exe
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O18 - Protocol: bw+0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7492EEC7-41D3-495B-8438-3ACA4F08A021} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\windows\system32\kbd.dll
O21 - SSODL: Terminal Connection - {2513B026-E8A9-415E-BED0-5C651ACBAC90} - C:\WINDOWS\System32\ialmcdec.dll


Reboot your computer into Safe Mode


Now run CWShredder, making sure to click "Fix".


Then delete these files or directories (Do not be concerned if they do not exist)

c:\windows\system32\kbd.dll
C:\WINDOWS\System32\ialmcdec.dll
C:\DOCUME~1\RICHAR~1.SCH\APPLIC~1\OOZEBI~1\BagsHea rt.exe
C:\WINDOWS\System32\oebp.dll
C:\WINDOWS\System32\IEHost.exe
lmhrc32r.exe
C:\Documents and Settings\All Users\Application Data\Soft Delete Inside Window\curblite.exe
c:\windows\system32\taskmg.exe
C:\WINDOWS\System32\wiavg12n.exe
C:\WINDOWS\System32\spoolsrv32.exe


Run a full scan with Adaware.

Reboot your computer to go back to normal mode and post a new log.

Richard114

Hi,
First, thank you very much for your help. I don't know if this is relevant but I am having troubling booting-up in normal mode and had to do it several times before it worked. I get the logo and then it hangs at a blank screen. I also cannot get rid of the blue background with the error message. I can't find the tab for selecting a new background and I tried to use a photo as background and it didn't work. Here's the log
Logfile of HijackThis v1.99.1
Scan saved at 12:14:40 AM, on 4/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cookie Washer\aolwasher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\SpOrder842n.exe
C:\windows\cfgyvay.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Pumatech\Intellisync For NEC Wireless Phones\Intellisync For NEC.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Richard G. Schwartz\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gysfyxjsgcomhikewrqbeme.com/W7/n5CBPomuVMUEK3LaiCDHxCyy9n_eVf30qutzx8qTPK6Lqo1kHsRwIWP5HhKhS.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.vubsbxdahlwvff.info/W7/n5CBPomvTMrSibjQjJE56JyE9ZuKVrFMR81_DK_8.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Richard G. Schwartz\Application Data\Mozilla\Profiles\default\kbb5xacz.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Citymedia - {FF4EEF75-A4F5-C0D4-F421-2F6FE1A8F169} - C:\PROGRA~1\OOZEBI~1\tons style.dll (file missing)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Administrator"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe
O4 - HKCU\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - HKCU\..\Run: [Ace mp3] C:\DOCUME~1\RICHAR~1.SCH\APPLIC~1\LESSAX~1\soft exit.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [OCMANAGE347e.exe] "C:\WINDOWS\System32\OCMANAGE347e.exe"
O4 - HKCU\..\Run: [SpOrder842n.exe] "C:\WINDOWS\System32\SpOrder842n.exe"
O4 - HKCU\..\Run: [rmdkxfk] c:\windows\cfgyvay.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [rifyoms] c:\windows\cfgyvay.exe
O4 - HKCU\..\Run: [yjlvehr] c:\windows\cfgyvay.exe
O4 - HKCU\..\Run: [dxofpas] c:\windows\cfgyvay.exe
O4 - HKCU\..\Run: [oekpfql] c:\windows\cfgyvay.exe
O4 - HKCU\..\Run: [cpjkkmk] c:\windows\cfgyvay.exe
O4 - HKCU\..\Run: [icotybt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vwfxgav] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [msxvylw] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bvjjavq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ccvlpxl] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [easasmg] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [nxihbpc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [epxrctb] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xhbvkia] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [milyrrc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [hdwccpi] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ngulssm] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wswaouk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [yokpxan] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [anjjlkw] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [swvnwcv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [prnkacq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bpyriea] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [etdxrbn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ypythvi] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [svuujnw] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [csdudtg] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [hcikhww] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [qoixceo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [sylfiot] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [yeqoatn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mayegcp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [dtinnpu] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mddtoek] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xregmvy] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [fqhgtal] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jfywquf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ejvujhv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [crowsxo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vdtfasp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pmabxua] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [rwysfew] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [iabfhml] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pfldvks] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [fcdpcln] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pqkuqbr] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [scinscc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [blaqish] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ccburvq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ruyksfn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ontqful] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [swbrolq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ohxitws] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mcipbvj] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [qnqyjqf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bhfpkri] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bvhjrpa] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jgjjcfv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jhlexbw] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [uskxxjc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [sqkmqor] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vmjlack] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [blujhdd] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [baankvf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [crknnma] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mxbeojs] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xptxkjs] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mxyhudp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wrlqlkt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mbwojio] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [qqenixa] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [lychmkf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pjxeojc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [keifadi] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xeovwcy] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [lnenblt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [hvrnpty] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wrwckjy] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mbpvmpg] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vnfctdl] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [cidhtsg] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [fuhrsgf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ltckskr] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [qspvntt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bfoyfpw] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [fruwwiy] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [fwgkaqf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bdhphqw] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vvfcwmc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [sejvksg] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bowrlod] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [hpxvajt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [irmyclq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [kxtxypk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vtoxioj] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ceevbii] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [hyevhdv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [kdusgtn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [syvowvo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [rkumegr] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [dxoqsex] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [asmxjvj] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ukjtbwh] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ebwgajj] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pltadof] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [lahgvyq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wpekaph] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [khcctei] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [litgjhd] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jyfmdyg] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [cvsxaep] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [rfoobqk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [cvrfgjo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [tschick] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [nmjhyct] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [gkpmjti] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [icxfyub] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mbsfvdv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [cleygya] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [gdjbbvu] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xmjddnv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [arcofey] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ysjwfqm] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [eaispgb] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [oeqcdge] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bwlmnte] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ptkgawi] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [rhmgulp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [gleqaom] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ktsslou] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bvhphpa] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [hjilast] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [dhloeqo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [lwkrqpq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xqoqtnk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [aehecps] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [epeuvmq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [albgovt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [aorjbja] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [brrmbcp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [uxomdnt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vaexcoa] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vfdseme] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mhdfrhx] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [soishww] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [nqqojwa] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pvlvkff] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [afoefvm] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jidtsyb] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [brvkhyi] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ovtrajq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ndmbeht] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wrlspvn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [kvsyhtx] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [yasgqpl] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xhggvmc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [omcplod] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [nwebaga] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [rerijwa] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [sfywfcr] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [qddfxwh] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [syapbxk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [unandxo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [tdctjcb] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bfgflkj] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ndksoft] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jcfenqi] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [yeegkyx] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xvuuxeq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [iowoyyo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [dfdgmpo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ucmgbns] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [lcexncr] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ajnhqvp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [dudixjx] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [gnvcgyo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [nltedhm] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [sqgvsuv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mcgnncn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [imyndnk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jiikgsp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [odxhmnx] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [asmngse] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vvrrhwk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ikbepkk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [erpimrb] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wnwggtn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [aqcxvmc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jcxgvaf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [nmqjssk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [lpteikk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [fsruwgh] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bxrugdm] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [otarvah] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [tcvwvdt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pynciqq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wedgiad] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xyhyljd] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [kjpigde] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xurnmlr] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [kbifprm] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wfueqac] c:\windows\jdjffef.exe
O4 - HKCU\..\Run: [olokhiv] c:\windows\fgqhjxd.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Intellisync For NEC Wireless Phones.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: system32.dll.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {05EA8C09-76BF-448B-A1CC-659C290A368F} - (no file) (HKCU)
O9 - Extra button: (no name) - {09D73420-A629-46E6-BF22-195D4B4A3946} - (no file) (HKCU)
O9 - Extra button: (no name) - {0D0B910B-20C0-468F-A984-E86F74CBB7FD} - C:\WINDOWS\System32\url320v.dll (HKCU)
O9 - Extra button: (no name) - {11BD56EC-C4A6-4069-ADB2-A69F7EE3806B} - (no file) (HKCU)
O9 - Extra button: (no name) - {1246935D-5B07-410D-A896-1FD4CF338939} - (no file) (HKCU)
O9 - Extra button: (no name) - {142373F6-2AF2-4977-80A0-DCF96D653D47} - (no file) (HKCU)
O9 - Extra button: (no name) - {178E8E06-7ABF-46E9-8611-40546BFC78EB} - (no file) (HKCU)
O9 - Extra button: (no name) - {1AE8298E-80D6-47A6-9436-83DCCFD3EF8F} - (no file) (HKCU)
O9 - Extra button: (no name) - {23CBC957-673F-4B1F-804D-1509F367596C} - (no file) (HKCU)
O9 - Extra button: (no name) - {2B866617-09EA-46E3-9DEF-A6E7BE45D839} - (no file) (HKCU)
O9 - Extra button: (no name) - {2FE90ADE-3471-4FA4-B195-AC44B478AAED} - C:\WINDOWS\System32\dpcdll239m.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {334D07F8-B1C9-43A1-9592-CDE4AB3B6FD5} - (no file) (HKCU)
O9 - Extra button: (no name) - {39DEE477-7F2D-4F0C-A14A-30F21CE39AF6} - (no file) (HKCU)
O9 - Extra button: (no name) - {39FFE61E-DAAE-4F26-8AE2-48848F9006FA} - (no file) (HKCU)
O9 - Extra button: (no name) - {4A5BECDC-162A-4A00-A1DA-428783ADC7DD} - (no file) (HKCU)
O9 - Extra button: (no name) - {4B3C29C6-EB25-4452-901F-63F2067966DD} - (no file) (HKCU)
O9 - Extra button: (no name) - {4BB33423-64D5-4FB9-9EA8-954F73FD76D5} - (no file) (HKCU)
O9 - Extra button: (no name) - {52311F1F-9260-4657-8F41-443E64B51861} - (no file) (HKCU)
O9 - Extra button: (no name) - {623347E4-7FF5-43F9-99D9-DDECFC539223} - (no file) (HKCU)
O9 - Extra button: (no name) - {66A81C8B-CE93-4C09-A585-41F0E5154539} - (no file) (HKCU)
O9 - Extra button: (no name) - {6813652F-9FF6-4FB9-924C-4CAA15381BD5} - (no file) (HKCU)
O9 - Extra button: (no name) - {6A37892F-9EC0-4551-95D2-F4E518BBB467} - (no file) (HKCU)
O9 - Extra button: (no name) - {6BDFEEEE-DF0F-4A27-B99F-FA0DDCF87D3E} - (no file) (HKCU)
O9 - Extra button: (no name) - {73A8A8D3-C185-46CC-A95A-3F5E4C837FE5} - (no file) (HKCU)
O9 - Extra button: (no name) - {73D19D13-3783-4660-8BF0-EF614B8CCE66} - (no file) (HKCU)
O9 - Extra button: (no name) - {74B892F1-8440-4AD8-8F3C-9167ABFB8FA2} - (no file) (HKCU)
O9 - Extra button: (no name) - {74C089DD-E92B-4371-A16B-3CA367826CE0} - (no file) (HKCU)
O9 - Extra button: (no name) - {817D37D7-0F87-4BCD-92CF-FF976CDFF741} - (no file) (HKCU)
O9 - Extra button: (no name) - {86030AB5-48AE-4D08-8C26-F23A7E0C6358} - (no file) (HKCU)
O9 - Extra button: (no name) - {86638BBD-52B0-409E-87AC-0D5D50EB01EF} - (no file) (HKCU)
O9 - Extra button: (no name) - {877C8882-559B-4746-967F-0F804FF0070F} - (no file) (HKCU)
O9 - Extra button: (no name) - {899189FC-5E05-4E45-83D3-1EE9B3E5D096} - (no file) (HKCU)
O9 - Extra button: (no name) - {909E7785-B8B1-4A33-A77E-47528E439A4A} - C:\WINDOWS\System32\lmrt293h.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {93B70D99-B57A-4E2E-BCCB-DC8C77D0FA3F} - (no file) (HKCU)
O9 - Extra button: (no name) - {95438016-5D73-4B7F-9E0D-10FEDB2598AA} - (no file) (HKCU)
O9 - Extra button: (no name) - {9DC0153F-16D7-424F-87F5-480940CBF762} - (no file) (HKCU)
O9 - Extra button: (no name) - {A47939B3-5761-47C3-99CE-551A0926EE91} - (no file) (HKCU)
O9 - Extra button: (no name) - {AAFB16FA-BD6B-451D-B8FA-104ACDC5D5B6} - (no file) (HKCU)
O9 - Extra button: (no name) - {ABCC60C0-3F72-4E0E-9EB2-3E460EDED76F} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: (no name) - {B6D0A645-114D-48C6-A64E-77100BFAAE8D} - (no file) (HKCU)
O9 - Extra button: (no name) - {B792ABF7-5484-48C1-AB9F-52A17213754C} - (no file) (HKCU)
O9 - Extra button: (no name) - {B9D6047A-E103-44BE-8C63-DB03767AABE2} - (no file) (HKCU)
O9 - Extra button: (no name) - {BC1230E4-114D-4CAF-BA28-66CC0313A830} - (no file) (HKCU)
O9 - Extra button: (no name) - {BD7F1464-DD5E-455E-9742-48F090B9B30A} - (no file) (HKCU)
O9 - Extra button: (no name) - {CFF52F5A-405C-46C6-8B2B-D6C368319AB6} - (no file) (HKCU)
O9 - Extra button: (no name) - {D18853DF-4DCE-4EFD-8574-A12C4EF29335} - (no file) (HKCU)
O9 - Extra button: (no name) - {D41F2F8A-B020-4EC8-9A21-E95F8005C24B} - (no file) (HKCU)
O9 - Extra button: (no name) - {D5EE9F97-DB36-4390-9402-2A1C38D633C6} - (no file) (HKCU)
O9 - Extra button: (no name) - {D621CE18-62A7-48AC-A652-31CB938F4E1C} - (no file) (HKCU)
O9 - Extra button: (no name) - {D7B76616-7A09-4551-A68E-182B3AB6FF69} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D9FE4B7B-8FA3-467E-9A6A-DC32351B9EEE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D9FE4B7B-8FA3-467E-9A6A-DC32351B9EEE} - (no file) (HKCU)
O9 - Extra button: (no name) - {DCE287C8-798B-4B77-8D1D-948C432483BE} - (no file) (HKCU)
O9 - Extra button: (no name) - {E21FA0B4-33B3-44EA-9CF5-5090706599C3} - (no file) (HKCU)
O9 - Extra button: (no name) - {E4063474-F07F-409B-91CD-046A1C438CC8} - (no file) (HKCU)
O9 - Extra button: (no name) - {E5BE7425-6382-45E9-81C9-640D3FEA7B7F} - (no file) (HKCU)
O9 - Extra button: (no name) - {EB7AC4B9-738E-4661-9C0A-DF1D4AE987A9} - (no file) (HKCU)
O9 - Extra button: (no name) - {EBC421AA-9E7C-4CA3-B3CA-6C94A1B815ED} - (no file) (HKCU)
O9 - Extra button: (no name) - {EC9D0FED-4AEF-4239-8D62-9C8CB16BE98A} - (no file) (HKCU)
O9 - Extra button: (no name) - {F13AF362-DCEA-47A9-B2DE-A7BCB3F628ED} - (no file) (HKCU)
O9 - Extra button: (no name) - {F63D09ED-0305-4EF5-AEEC-DF70793F23FE} - (no file) (HKCU)
O9 - Extra button: (no name) - {F9D8BB3A-81B0-4CBA-BB5C-A0F28E2C5EE7} - (no file) (HKCU)
O9 - Extra button: (no name) - {FCC8154B-8998-48CF-8C53-3DE267B730B7} - (no file) (HKCU)
O9 - Extra button: (no name) - {FD7C6AC0-7300-47F0-B3C4-0A477A2A8067} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O15 - Trusted Zone: http://phobos.apple.com
O15 - Trusted Zone: www.apple.com
O15 - Trusted Zone: phobos.apple.com.edgesuite.net
O15 - Trusted Zone: http://phobos.apple.com.edgesuite.net
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdth1912e.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks again!

Richard114

Good morning,
I just want to let you know things seems to be much better, with the exception of two things: the persistent blue screen which I can't change (I seem to have lost the background tap on the display options and I can't use a photo). Also, there's something wrong about the connection from itunes to the network. It can't find track information when I put in a new CD even though I'm logged on to the internet. I also went to a site of a band (the stands) and tried to play a song using windows and realplayer and it wouldn't work with either. I'm not sure what I lost.
Thanks again. I really appreciate your generosity in helping.
R
PS I wanted to add a couple of things. Google and Google desktop search seem to be working oddly. When I do a search on google, I seem to get some general default search as if I had typed nothing in. There is an error message upon boot-up that google desktop search is not working properly. Also, I tried to buy tickets online to a concert and I couldn't progress through the website (worked ok on my laptop).

Buckeye_Sam

I'm afraid you have some substantial issues that will still have to be dealt with. This will probably take a few more steps before you are completely clean.


Download LSPFix from http://www.cexx.org/lspfix.zip and run it.

Check the I know what I'm doing box.

In the Keep box you should see one or more instances of the following files.

flsmngr.dll

Select every instance of this file, but no others, and move each one to the Remove box by clicking the >> button.

When you are done click Finish>>.



Please download CWShredder but don't run it yet.
http://cwshredder.net/bin/CWSInstall.exe




Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gysfyxjsgcomhikewrqbeme....wIWP5HhKhS.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: Citymedia - {FF4EEF75-A4F5-C0D4-F421-2F6FE1A8F169} - C:\PROGRA~1\OOZEBI~1\tons style.dll (file missing)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKCU\..\Run: [rmdkxfk] c:\windows\cfgyvay.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [rifyoms] c:\windows\cfgyvay.exe
O4 - HKCU\..\Run: [yjlvehr] c:\windows\cfgyvay.exe
O4 - HKCU\..\Run: [dxofpas] c:\windows\cfgyvay.exe
O4 - HKCU\..\Run: [oekpfql] c:\windows\cfgyvay.exe
O4 - HKCU\..\Run: [cpjkkmk] c:\windows\cfgyvay.exe
O4 - HKCU\..\Run: [icotybt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vwfxgav] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [msxvylw] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bvjjavq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ccvlpxl] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [easasmg] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [nxihbpc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [epxrctb] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xhbvkia] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [milyrrc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [hdwccpi] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ngulssm] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wswaouk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [yokpxan] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [anjjlkw] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [swvnwcv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [prnkacq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bpyriea] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [etdxrbn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ypythvi] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [svuujnw] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [csdudtg] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [hcikhww] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [qoixceo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [sylfiot] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [yeqoatn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mayegcp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [dtinnpu] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mddtoek] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xregmvy] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [fqhgtal] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jfywquf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ejvujhv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [crowsxo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vdtfasp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pmabxua] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [rwysfew] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [iabfhml] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pfldvks] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [fcdpcln] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pqkuqbr] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [scinscc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [blaqish] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ccburvq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ruyksfn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ontqful] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [swbrolq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ohxitws] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mcipbvj] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [qnqyjqf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bhfpkri] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bvhjrpa] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jgjjcfv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jhlexbw] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [uskxxjc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [sqkmqor] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vmjlack] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [blujhdd] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [baankvf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [crknnma] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mxbeojs] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xptxkjs] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mxyhudp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wrlqlkt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mbwojio] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [qqenixa] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [lychmkf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pjxeojc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [keifadi] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xeovwcy] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [lnenblt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [hvrnpty] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wrwckjy] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mbpvmpg] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vnfctdl] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [cidhtsg] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [fuhrsgf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ltckskr] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [qspvntt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bfoyfpw] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [fruwwiy] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [fwgkaqf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bdhphqw] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vvfcwmc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [sejvksg] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bowrlod] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [hpxvajt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [irmyclq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [kxtxypk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vtoxioj] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ceevbii] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [hyevhdv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [kdusgtn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [syvowvo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [rkumegr] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [dxoqsex] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [asmxjvj] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ukjtbwh] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ebwgajj] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pltadof] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [lahgvyq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wpekaph] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [khcctei] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [litgjhd] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jyfmdyg] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [cvsxaep] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [rfoobqk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [cvrfgjo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [tschick] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [nmjhyct] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [gkpmjti] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [icxfyub] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mbsfvdv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [cleygya] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [gdjbbvu] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xmjddnv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [arcofey] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ysjwfqm] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [eaispgb] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [oeqcdge] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bwlmnte] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ptkgawi] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [rhmgulp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [gleqaom] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ktsslou] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bvhphpa] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [hjilast] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [dhloeqo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [lwkrqpq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xqoqtnk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [aehecps] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [epeuvmq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [albgovt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [aorjbja] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [brrmbcp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [uxomdnt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vaexcoa] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vfdseme] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mhdfrhx] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [soishww] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [nqqojwa] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pvlvkff] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [afoefvm] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jidtsyb] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [brvkhyi] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ovtrajq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ndmbeht] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wrlspvn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [kvsyhtx] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [yasgqpl] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xhggvmc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [omcplod] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [nwebaga] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [rerijwa] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [sfywfcr] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [qddfxwh] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [syapbxk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [unandxo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [tdctjcb] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bfgflkj] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ndksoft] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jcfenqi] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [yeegkyx] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xvuuxeq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [iowoyyo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [dfdgmpo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ucmgbns] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [lcexncr] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ajnhqvp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [dudixjx] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [gnvcgyo] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [nltedhm] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [sqgvsuv] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [mcgnncn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [imyndnk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jiikgsp] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [odxhmnx] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [asmngse] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [vvrrhwk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [ikbepkk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [erpimrb] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wnwggtn] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [aqcxvmc] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [jcxgvaf] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [nmqjssk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [lpteikk] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [fsruwgh] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [bxrugdm] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [otarvah] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [tcvwvdt] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [pynciqq] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wedgiad] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xyhyljd] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [kjpigde] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [xurnmlr] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [kbifprm] c:\windows\kahkacs.exe
O4 - HKCU\..\Run: [wfueqac] c:\windows\jdjffef.exe
O4 - HKCU\..\Run: [olokhiv] c:\windows\fgqhjxd.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: system32.dll.lnk = ?
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: (no name) - {05EA8C09-76BF-448B-A1CC-659C290A368F} - (no file) (HKCU)
O9 - Extra button: (no name) - {09D73420-A629-46E6-BF22-195D4B4A3946} - (no file) (HKCU)
O9 - Extra button: (no name) - {0D0B910B-20C0-468F-A984-E86F74CBB7FD} - C:\WINDOWS\System32\url320v.dll (HKCU)
O9 - Extra button: (no name) - {11BD56EC-C4A6-4069-ADB2-A69F7EE3806B} - (no file) (HKCU)
O9 - Extra button: (no name) - {1246935D-5B07-410D-A896-1FD4CF338939} - (no file) (HKCU)
O9 - Extra button: (no name) - {142373F6-2AF2-4977-80A0-DCF96D653D47} - (no file) (HKCU)
O9 - Extra button: (no name) - {178E8E06-7ABF-46E9-8611-40546BFC78EB} - (no file) (HKCU)
O9 - Extra button: (no name) - {1AE8298E-80D6-47A6-9436-83DCCFD3EF8F} - (no file) (HKCU)
O9 - Extra button: (no name) - {23CBC957-673F-4B1F-804D-1509F367596C} - (no file) (HKCU)
O9 - Extra button: (no name) - {2B866617-09EA-46E3-9DEF-A6E7BE45D839} - (no file) (HKCU)
O9 - Extra button: (no name) - {2FE90ADE-3471-4FA4-B195-AC44B478AAED} - C:\WINDOWS\System32\dpcdll239m.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {334D07F8-B1C9-43A1-9592-CDE4AB3B6FD5} - (no file) (HKCU)
O9 - Extra button: (no name) - {39DEE477-7F2D-4F0C-A14A-30F21CE39AF6} - (no file) (HKCU)
O9 - Extra button: (no name) - {39FFE61E-DAAE-4F26-8AE2-48848F9006FA} - (no file) (HKCU)
O9 - Extra button: (no name) - {4A5BECDC-162A-4A00-A1DA-428783ADC7DD} - (no file) (HKCU)
O9 - Extra button: (no name) - {4B3C29C6-EB25-4452-901F-63F2067966DD} - (no file) (HKCU)
O9 - Extra button: (no name) - {4BB33423-64D5-4FB9-9EA8-954F73FD76D5} - (no file) (HKCU)
O9 - Extra button: (no name) - {52311F1F-9260-4657-8F41-443E64B51861} - (no file) (HKCU)
O9 - Extra button: (no name) - {623347E4-7FF5-43F9-99D9-DDECFC539223} - (no file) (HKCU)
O9 - Extra button: (no name) - {66A81C8B-CE93-4C09-A585-41F0E5154539} - (no file) (HKCU)
O9 - Extra button: (no name) - {6813652F-9FF6-4FB9-924C-4CAA15381BD5} - (no file) (HKCU)
O9 - Extra button: (no name) - {6A37892F-9EC0-4551-95D2-F4E518BBB467} - (no file) (HKCU)
O9 - Extra button: (no name) - {6BDFEEEE-DF0F-4A27-B99F-FA0DDCF87D3E} - (no file) (HKCU)
O9 - Extra button: (no name) - {73A8A8D3-C185-46CC-A95A-3F5E4C837FE5} - (no file) (HKCU)
O9 - Extra button: (no name) - {73D19D13-3783-4660-8BF0-EF614B8CCE66} - (no file) (HKCU)
O9 - Extra button: (no name) - {74B892F1-8440-4AD8-8F3C-9167ABFB8FA2} - (no file) (HKCU)
O9 - Extra button: (no name) - {74C089DD-E92B-4371-A16B-3CA367826CE0} - (no file) (HKCU)
O9 - Extra button: (no name) - {817D37D7-0F87-4BCD-92CF-FF976CDFF741} - (no file) (HKCU)
O9 - Extra button: (no name) - {86030AB5-48AE-4D08-8C26-F23A7E0C6358} - (no file) (HKCU)
O9 - Extra button: (no name) - {86638BBD-52B0-409E-87AC-0D5D50EB01EF} - (no file) (HKCU)
O9 - Extra button: (no name) - {877C8882-559B-4746-967F-0F804FF0070F} - (no file) (HKCU)
O9 - Extra button: (no name) - {899189FC-5E05-4E45-83D3-1EE9B3E5D096} - (no file) (HKCU)
O9 - Extra button: (no name) - {909E7785-B8B1-4A33-A77E-47528E439A4A} - C:\WINDOWS\System32\lmrt293h.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {93B70D99-B57A-4E2E-BCCB-DC8C77D0FA3F} - (no file) (HKCU)
O9 - Extra button: (no name) - {95438016-5D73-4B7F-9E0D-10FEDB2598AA} - (no file) (HKCU)
O9 - Extra button: (no name) - {9DC0153F-16D7-424F-87F5-480940CBF762} - (no file) (HKCU)
O9 - Extra button: (no name) - {A47939B3-5761-47C3-99CE-551A0926EE91} - (no file) (HKCU)
O9 - Extra button: (no name) - {AAFB16FA-BD6B-451D-B8FA-104ACDC5D5B6} - (no file) (HKCU)
O9 - Extra button: (no name) - {ABCC60C0-3F72-4E0E-9EB2-3E460EDED76F} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: (no name) - {B6D0A645-114D-48C6-A64E-77100BFAAE8D} - (no file) (HKCU)
O9 - Extra button: (no name) - {B792ABF7-5484-48C1-AB9F-52A17213754C} - (no file) (HKCU)
O9 - Extra button: (no name) - {B9D6047A-E103-44BE-8C63-DB03767AABE2} - (no file) (HKCU)
O9 - Extra button: (no name) - {BC1230E4-114D-4CAF-BA28-66CC0313A830} - (no file) (HKCU)
O9 - Extra button: (no name) - {BD7F1464-DD5E-455E-9742-48F090B9B30A} - (no file) (HKCU)
O9 - Extra button: (no name) - {CFF52F5A-405C-46C6-8B2B-D6C368319AB6} - (no file) (HKCU)
O9 - Extra button: (no name) - {D18853DF-4DCE-4EFD-8574-A12C4EF29335} - (no file) (HKCU)
O9 - Extra button: (no name) - {D41F2F8A-B020-4EC8-9A21-E95F8005C24B} - (no file) (HKCU)
O9 - Extra button: (no name) - {D5EE9F97-DB36-4390-9402-2A1C38D633C6} - (no file) (HKCU)
O9 - Extra button: (no name) - {D621CE18-62A7-48AC-A652-31CB938F4E1C} - (no file) (HKCU)
O9 - Extra button: (no name) - {D7B76616-7A09-4551-A68E-182B3AB6FF69} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D9FE4B7B-8FA3-467E-9A6A-DC32351B9EEE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D9FE4B7B-8FA3-467E-9A6A-DC32351B9EEE} - (no file) (HKCU)
O9 - Extra button: (no name) - {DCE287C8-798B-4B77-8D1D-948C432483BE} - (no file) (HKCU)
O9 - Extra button: (no name) - {E21FA0B4-33B3-44EA-9CF5-5090706599C3} - (no file) (HKCU)
O9 - Extra button: (no name) - {E4063474-F07F-409B-91CD-046A1C438CC8} - (no file) (HKCU)
O9 - Extra button: (no name) - {E5BE7425-6382-45E9-81C9-640D3FEA7B7F} - (no file) (HKCU)
O9 - Extra button: (no name) - {EB7AC4B9-738E-4661-9C0A-DF1D4AE987A9} - (no file) (HKCU)
O9 - Extra button: (no name) - {EBC421AA-9E7C-4CA3-B3CA-6C94A1B815ED} - (no file) (HKCU)
O9 - Extra button: (no name) - {EC9D0FED-4AEF-4239-8D62-9C8CB16BE98A} - (no file) (HKCU)
O9 - Extra button: (no name) - {F13AF362-DCEA-47A9-B2DE-A7BCB3F628ED} - (no file) (HKCU)
O9 - Extra button: (no name) - {F63D09ED-0305-4EF5-AEEC-DF70793F23FE} - (no file) (HKCU)
O9 - Extra button: (no name) - {F9D8BB3A-81B0-4CBA-BB5C-A0F28E2C5EE7} - (no file) (HKCU)
O9 - Extra button: (no name) - {FCC8154B-8998-48CF-8C53-3DE267B730B7} - (no file) (HKCU)
O9 - Extra button: (no name) - {FD7C6AC0-7300-47F0-B3C4-0A477A2A8067} - (no file) (HKCU)
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\kbdth1912e.dll


Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist):

c:\wp.exe
c:\windows\cfgyvay.exe
c:\windows\kahkacs.exe
c:\windows\jdjffef.exe
c:\windows\fgqhjxd.exe


Reboot your computer to go back to normal mode and post a new log.

Richard114

Once again, thank you for helping me to work through this.

I did not find any instances of flsmngr.dll on the first step. My new log is below:
Logfile of HijackThis v1.99.1
Scan saved at 3:20:09 AM, on 4/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Cookie Washer\aolwasher.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\SpOrder842n.exe
C:\windows\ocfeodd.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Pumatech\Intellisync For NEC Wireless Phones\Intellisync For NEC.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Documents and Settings\Richard G. Schwartz\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thebestse.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dcuwhwngzqkavidjlhmmtmxqq.com/W7/n5CBPomuVMUEK3LaiCDHxCyy9n_eVf30qutzx8qT6HZroZSo/3BwIWP5HhKhS.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.thebestse.com/search.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.vubsbxdahlwvff.info/W7/n5CBPomvTMrSibjQjJE56JyE9ZuKVrFMR81_DK_8.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Richard G. Schwartz\Application Data\Mozilla\Profiles\default\kbb5xacz.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Richard G. Schwartz"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe
O4 - HKCU\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - HKCU\..\Run: [Ace mp3] C:\DOCUME~1\RICHAR~1.SCH\APPLIC~1\LESSAX~1\soft exit.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [OCMANAGE347e.exe] "C:\WINDOWS\System32\OCMANAGE347e.exe"
O4 - HKCU\..\Run: [SpOrder842n.exe] "C:\WINDOWS\System32\SpOrder842n.exe"
O4 - HKCU\..\Run: [coiijhi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lnwspbb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [mmulrkt] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wvtqvgj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vhawsob] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [tymeuqb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xumcehn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rwocdgj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ksnbvrn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cgvcrxo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [sqgdxai] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vwuvuom] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ikqnlkm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xvxjdtc] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xehijps] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [tkygpct] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qqwcqsn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [mdwcyyo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ulsyvct] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [yxlvfvx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pounuee] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [odgltor] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rrwwbpg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wyohsjk] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jufpxhj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cqftlmb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [tsgguhq] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jvyfmht] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rvdbqgj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wyviwwj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lpvrwjo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [punhrpr] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lnhisac] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [hbciunp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [kuidmst] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ptwbeef] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qkertxf] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xfcyhgg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [bvgrdhl] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [amixyga] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vgdfafl] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jjlcnml] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [hodrdoi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [recdcum] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xlslvgp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [toelmpd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [dstokyy] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ntrpexa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ulsqsca] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pkdlrjh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [niivhiv] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cquwfka] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cenppxk] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [kkacslf] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ydqawio] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [erugedh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [smdnvnh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [iqsadrn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cahmbwd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qdpkrjd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [urmarod] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vyliwtm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [nltobpy] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [fpcoxko] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [fvnaefm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pmtnikb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [nauiagj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [uvgjyyk] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [dhnsplg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [yecqqbi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [opmpxeh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [obitskp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [bbeqmpt] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [raovpcj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [efjydsa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jgbcpnj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ffsiyrb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qskthkt] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [maumasx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [nwqubri] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jnjmqxy] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [oaeauto] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [bbaxuxx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pckpkls] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lrethco] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rcsmwim] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [kpilfio] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vgmfmwp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [humvjcx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jdpdpyh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vniqarg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [fihmjcd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ixbhxhs] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wpdvewq] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [dvdnwci] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rlpfxpn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [hkcmgwe] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ctqnjus] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [abmjbel] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jgubrvm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [shppipi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [afoxnqa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [eraswpo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [sfbpkne] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [avqoxvd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qbvqcvs] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qphissh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [sjmfucp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pafwwgv] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qrvafsx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [spfymqa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [snewafp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hekmwjj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [opkbfgp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fwgadic] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [eggqkbp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [icvwltx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yfsvrwb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [chgaotd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qwymcmx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [oegnssb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rsvbdcu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yrnbnvl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gaovrqp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [usrsriq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fegftvi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [efirkxt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wuewglg] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lsfdunh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [phogjmi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ddjwvnu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dnatvud] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jbvunrl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pcpjegu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cqddjsd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vxufhil] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mewgdbp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wkpalpd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qawddqm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [voturnm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nieeiaq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cbnqewl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ndxvnxa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rksojns] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [sddoxrr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ikbavlt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hxwnyah] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fgofjfe] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jyaopiq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uywsbid] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [avskput] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iyfwevl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rkckote] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [unyldqu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wgdyvxq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qhuemlc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jswkevy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cwpqyyn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [culnegi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gudavgo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ifhtrsv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pbrtquo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fccnufm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ivlrgcn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jqtqxpd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kutwcxc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fuscjmg] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uqyrxyc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [avodaxo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cflwtcf] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xjfiqfj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dsxsdhy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vaxabvu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ovjhmde] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vicbdlo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xruommo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pbdtqth] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ujpdwor] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [stqtvtm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qekddki] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [phxsvrr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lyrbgdx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jsypalb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hrgeart] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lrlosry] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ousdfaw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [erjhpfn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dwnoteu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wjrtyjo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fiwvjlj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [calaikv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hymwjnu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hajbrer] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ivgabaj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wihlwmt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nemqwmx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mhkrdaj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fyhrvff] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [haprbqw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ygibbje] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jkaheor] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iwvenvq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jqbcfyc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pufxxoo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ojsthva] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [aakxoke] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hjggydn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dvdutuo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hpweymd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ygfnupb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [bjeaxox] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rcaspuy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ugntqem] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hopljsq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fkcikgt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hovgxqf] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fqtadhj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vicgadq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kaxgbsj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vwxjhbo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [guyhnea] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ctnjdqa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ffnunye] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qtakfal] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [stvyvou] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [snibebk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tuoahkx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ymmareh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mdrkodr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mutiolh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lsyrdrw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ahqcvhb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vlosoux] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qfwxhtd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ntaobaw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ltusxng] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nqnxnit] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wvbgmen] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xpndslq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [blncnce] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cmsqxoh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uwuhhkl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wrdklox] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ncrlqpa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ubrhkbr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vafmmmk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qgfioss] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cevagke] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iylssjm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qxcxdws] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ddmdink] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [diiayej] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gfsmipt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cocvgbp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pvurola] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [bulkriu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yfeobug] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tuxbpwi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lkpjgyh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uwqdkim] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gjmhtjo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qsqljdn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [sjyvify] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rhsstie] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wsrldlk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ybpgpvh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yptdjja] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xrcmxjv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [oaeagor] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rqwuiuk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vncleaq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kbshbcr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ikchkwt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hbknwyo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uodhqtr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [leqobxi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [muirprr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nravrxj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [utohfkq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iayhjqb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cjvrmth] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yksfcgv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yxqdsry] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [chatoua] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tttvvak] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tacwvci] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jjlkcme] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fqpudei] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iyrthqb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [koccyku] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ncbvxhb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hlhkxdk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nfrvdxp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fymqgqa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gjrwhty] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rwjvdey] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [svskvgc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gdyhdat] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [idywicu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [eqgpvhh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mppnwwe] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vtmgfua] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [emcyajj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vgnhrlo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jyjbjfp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ipcjdfa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kawwrfn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [olgnqyv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qsimshd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uumcckr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [sigbyxj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ssaxnbh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vljwkfv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rocgnep] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nkbmjgh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ytfcybl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [orbvmol] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [njcdbei] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [neorvok] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wugkvfl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [esuonxe] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ppuhupl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ntnppjo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qepdbsy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xogoolj] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [rgtqnto] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [ktlykrk] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [lvggkfk] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [ygbtfku] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [jdjgbhf] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [llvxiog] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hmiexhu] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [roywfia] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [aiaulec] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hgjwvqn] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [fxojrhc] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hvydbbi] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [qkwjiet] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [heuwmlc] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [wwunrlq] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [bxwcohj] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [asyford] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hrskfbh] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [detpoxo] c:\windows\ujycslo.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Intellisync For NEC Wireless Phones.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {FB088FE0-BEFD-4B75-B632-53BD323948E3} - C:\WINDOWS\System32\sccsccp689g.dll (HKCU)
O13 - DefaultPrefix: http://www.thebestse.com/?q=
O15 - Trusted Zone: http://phobos.apple.com
O15 - Trusted Zone: www.apple.com
O15 - Trusted Zone: phobos.apple.com.edgesuite.net
O15 - Trusted Zone: http://phobos.apple.com.edgesuite.net
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O19 - User stylesheet: C:\WINDOWS\default.css (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wpdsp739u.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Buckeye_Sam

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Richard114

Hi,
Here's the log
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=&quot;"
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{38353274-E4E9-49A3-A03A-4CA501E320ED}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BCA691CA-C20D-4828-A3B1-3A830EC058EB}"=""
"{FB845428-9652-4E78-A415-F9D98E73726F}"=""
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
asferror.dll Fri Jan 28 2005 2:44:28p A.... 8,192 8.00 K
audiodev.dll Fri Jan 28 2005 2:44:28p A.... 484,352 473.00 K
blackbox.dll Fri Jan 28 2005 2:44:28p A.... 294,912 288.00 K
cewmdm.dll Fri Jan 28 2005 2:44:28p A.... 164,864 161.00 K
drmclien.dll Fri Jan 28 2005 2:44:28p A.... 258,296 252.24 K
drmstor.dll Fri Jan 28 2005 2:44:28p A.... 96,768 94.50 K
drmv2clt.dll Fri Jan 28 2005 2:44:28p A.... 502,272 490.50 K
flsmngr.dll Sun Apr 24 2005 6:13:12p A.... 126,976 124.00 K
kasgfka.dll Tue Apr 26 2005 9:28:48p A.... 145,138 141.73 K
kbdth1~1.dll Wed Apr 27 2005 12:12:14a A.... 3,584 3.50 K
kbdycc~1.dll Tue Apr 26 2005 9:24:32p A.... 3,584 3.50 K
laprxy.dll Fri Jan 28 2005 2:44:28p A.... 6,656 6.50 K
msnetobj.dll Fri Jan 28 2005 2:44:28p A.... 142,336 139.00 K
mspmsnsv.dll Fri Jan 28 2005 2:44:28p A.... 25,088 24.50 K
mspmsp.dll Fri Jan 28 2005 2:44:28p A.... 173,568 169.50 K
msscp.dll Fri Jan 28 2005 2:44:28p A.... 364,784 356.23 K
mswmdm.dll Fri Jan 28 2005 2:44:28p A.... 315,904 308.50 K
noqztmwa.dll Sun Apr 24 2005 6:12:52p A.... 2,630 2.57 K
odbccu~1.dll Mon Apr 25 2005 10:40:12a A.... 3,584 3.50 K
oofnzesa.dll Tue Apr 26 2005 9:24:30p A.... 15,437 15.07 K
qasf.dll Fri Jan 28 2005 2:44:28p A.... 221,184 216.00 K
sccscc~1.dll Thu Apr 28 2005 1:45:02a A.... 5,632 5.50 K
srpcsr~1.dll Sun Apr 24 2005 6:13:12p A.... 12,288 12.00 K
thun.dll Sun Apr 24 2005 6:13:14p A.... 32 0.03 K
thun32.dll Sun Apr 24 2005 6:13:14p A.... 13,312 13.00 K
txfdb32.dll Sun Apr 24 2005 6:13:12p A.... 12,288 12.00 K
vbame7~1.dll Thu Apr 28 2005 1:45:02a A.... 3,584 3.50 K
wdfapi.dll Fri Jan 28 2005 2:44:28p A.... 15,872 15.50 K
wmadmod.dll Fri Jan 28 2005 2:44:28p A.... 396,528 387.23 K
wmadmoe.dll Fri Jan 28 2005 2:44:28p A.... 716,288 699.50 K
wmasf.dll Fri Jan 28 2005 2:44:28p A.... 224,768 219.50 K
wmdmlog.dll Fri Jan 28 2005 2:44:28p A.... 28,160 27.50 K
wmdmps.dll Fri Jan 28 2005 2:44:28p A.... 33,792 33.00 K
wmdrmdev.dll Fri Jan 28 2005 2:44:28p A.... 335,872 328.00 K
wmdrmnet.dll Fri Jan 28 2005 2:44:28p A.... 290,816 284.00 K
wmerror.dll Fri Jan 28 2005 2:44:28p A.... 189,440 185.00 K
wmidx.dll Fri Jan 28 2005 2:44:28p A.... 150,016 146.50 K
wmnetmgr.dll Fri Jan 28 2005 2:44:28p A.... 1,027,072 1003.00 K
wmp.dll Fri Jan 28 2005 2:44:28p A.... 5,525,504 5.27 M
wmpasf.dll Fri Jan 28 2005 2:44:28p A.... 135,168 132.00 K
wmpcd.dll Fri Jan 28 2005 2:44:28p A.... 20,480 20.00 K
wmpcore.dll Fri Jan 28 2005 2:44:28p A.... 20,480 20.00 K
wmpdxm.dll Fri Jan 28 2005 2:44:28p A.... 282,624 276.00 K
wmpencen.dll Fri Jan 28 2005 2:44:28p A.... 1,594,880 1.52 M
wmploc.dll Fri Jan 28 2005 2:44:28p A.... 3,371,008 3.21 M
wmpshell.dll Fri Jan 28 2005 2:44:28p A.... 86,016 84.00 K
wmpsrcwp.dll Fri Jan 28 2005 2:44:28p A.... 175,104 171.00 K
wmpui.dll Fri Jan 28 2005 2:44:28p A.... 20,480 20.00 K
wmsdmod.dll Fri Jan 28 2005 2:44:28p A.... 774,904 756.74 K
wmsdmoe2.dll Fri Jan 28 2005 2:44:28p A.... 1,119,744 1.07 M
wmspdmod.dll Fri Jan 28 2005 2:44:28p A.... 413,944 404.24 K
wmspdmoe.dll Fri Jan 28 2005 2:44:28p A.... 940,544 918.50 K
wmvadvd.dll Fri Jan 28 2005 2:44:28p A.... 1,218,808 1.16 M
wmvadve.dll Fri Jan 28 2005 2:44:28p A.... 1,512,448 1.44 M
wmvcore.dll Fri Jan 28 2005 2:44:28p A.... 2,370,296 2.26 M
wmvdmod.dll Fri Jan 28 2005 2:44:28p A.... 895,736 874.74 K
wmvdmoe2.dll Fri Jan 28 2005 2:44:28p A.... 1,003,008 979.50 K
wpdconns.dll Fri Jan 28 2005 2:44:28p A.... 61,952 60.50 K
wpdmtp.dll Fri Jan 28 2005 2:44:28p A.... 114,176 111.50 K
wpdmtpdr.dll Fri Jan 28 2005 2:44:28p A.... 331,776 324.00 K
wpdmtpus.dll Fri Jan 28 2005 2:44:28p A.... 66,560 65.00 K
wpdsp.dll Fri Jan 28 2005 2:44:28p A.... 331,264 323.50 K
wpdsp7~1.dll Thu Apr 28 2005 3:17:56a A.... 3,584 3.50 K
wpdtrace.dll Fri Jan 28 2005 2:44:28p A.... 10,752 10.50 K
wpd_ci.dll Fri Jan 28 2005 2:44:28p A.... 38,912 38.00 K
wzcsvc~2.dll Sat Feb 26 2005 1:12:02p A.... 81 0.08 K

66 items found: 66 files, 0 directories.
Total of file sizes: 29,256,102 bytes 27.90 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
set4eb.tmp Fri Jan 28 2005 2:44:28p A.... 5,525,504 5.27 M
set4f1.tmp Fri Jan 28 2005 2:44:28p A.... 282,624 276.00 K
set4fa.tmp Fri Jan 28 2005 2:44:28p A.... 3,371,008 3.21 M

3 items found: 3 files, 0 directories.
Total of file sizes: 9,179,136 bytes 8.75 M
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is ACD8-484E

Directory of C:\WINDOWS\System32

04/21/2005 08:44 AM <DIR> DLLCACHE
12/23/2004 09:07 PM 512 Yfk8.ct6
10/27/2004 02:59 PM 512 Kpg76.ffa
10/21/2004 01:48 AM 512 Fkco.5ba
10/20/2004 03:46 AM 1,104 VarEdQ6.4sn
07/26/2004 09:58 PM 512 Wdi7.06p
05/13/2003 04:36 PM <DIR> Microsoft
5 File(s) 3,152 bytes
2 Dir(s) 13,327,437,824 bytes free

Buckeye_Sam

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

Richard114

I ran l2mfix twice, because I thought it was interrupted by an automatic failed attempt to boot up Google desktop search and connect to internet and I thought it had been interrupted:
Here's run 1:
L2Mfix 1.03

Running From:
C:\Documents and Settings\Richard G. Schwartz\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C

---

BUILTIN\Administrators
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\Richard G. Schwartz\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Richard G. Schwartz\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1344 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (164 bytes security) (deflated 37%)
adding: echo.reg (164 bytes security) (deflated 10%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 71%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 75%)
adding: test.txt (164 bytes security) (stored 0%)
adding: test2.txt (164 bytes security) (deflated 16%)
adding: test3.txt (164 bytes security) (deflated 16%)
adding: test5.txt (164 bytes security) (deflated 16%)
adding: backregs/shell.reg (164 bytes security) (deflated 60%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=&quot;"
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{BCA691CA-C20D-4828-A3B1-3A830EC058EB}"=-
"{FB845428-9652-4E78-A415-F9D98E73726F}"=-
[-HKEY_CLASSES_ROOT\CLSID\{BCA691CA-C20D-4828-A3B1-3A830EC058EB}]
[-HKEY_CLASSES_ROOT\CLSID\{FB845428-9652-4E78-A415-F9D98E73726F}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************



Here's run 2 of l2mfix
L2Mfix 1.03

Running From:
C:\Documents and Settings\Richard G. Schwartz\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C

---

BUILTIN\Administrators
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\Richard G. Schwartz\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Richard G. Schwartz\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1304 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
updating: clear.reg (164 bytes security) (deflated 2%)
updating: echo.reg (164 bytes security) (deflated 10%)
updating: direct.txt (164 bytes security) (stored 0%)
updating: lo2.txt (164 bytes security) (deflated 71%)
updating: readme.txt (164 bytes security) (deflated 49%)
updating: report.txt (164 bytes security) (deflated 75%)
updating: test.txt (164 bytes security) (stored 0%)
updating: test2.txt (164 bytes security) (stored 0%)
updating: test3.txt (164 bytes security) (stored 0%)
updating: test5.txt (164 bytes security) (stored 0%)
adding: log.txt (164 bytes security) (deflated 79%)
adding: log1.txt (164 bytes security) (deflated 79%)
updating: backregs/shell.reg (164 bytes security) (deflated 59%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=&quot;"
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


The hijackthis log is in the next reply

Thanks.
Richard

Richard114

Here's the hijackthis log:
Here's the hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 11:01:29 PM, on 4/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Cookie Washer\aolwasher.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Richard G. Schwartz\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thebestse.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ogxnzfcbkwelbjwxyzqnj.com/W7/n5CBPomuVMUEK3LaiCDHxCyy9n_eVf30qutzx8qTuB/6DreOOthwIWP5HhKhS.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.thebestse.com/search.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.vubsbxdahlwvff.info/W7/n5CBPomvTMrSibjQjJE56JyE9ZuKVrFMR81_DK_8.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Richard G. Schwartz\Application Data\Mozilla\Profiles\default\kbb5xacz.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Richard G. Schwartz"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe
O4 - HKCU\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - HKCU\..\Run: [Ace mp3] C:\DOCUME~1\RICHAR~1.SCH\APPLIC~1\LESSAX~1\soft exit.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [OCMANAGE347e.exe] "C:\WINDOWS\System32\OCMANAGE347e.exe"
O4 - HKCU\..\Run: [SpOrder842n.exe] "C:\WINDOWS\System32\SpOrder842n.exe"
O4 - HKCU\..\Run: [coiijhi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lnwspbb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [mmulrkt] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wvtqvgj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vhawsob] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [tymeuqb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xumcehn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rwocdgj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ksnbvrn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cgvcrxo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [sqgdxai] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vwuvuom] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ikqnlkm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xvxjdtc] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xehijps] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [tkygpct] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qqwcqsn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [mdwcyyo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ulsyvct] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [yxlvfvx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pounuee] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [odgltor] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rrwwbpg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wyohsjk] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jufpxhj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cqftlmb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [tsgguhq] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jvyfmht] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rvdbqgj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wyviwwj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lpvrwjo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [punhrpr] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lnhisac] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [hbciunp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [kuidmst] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ptwbeef] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qkertxf] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xfcyhgg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [bvgrdhl] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [amixyga] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vgdfafl] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jjlcnml] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [hodrdoi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [recdcum] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xlslvgp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [toelmpd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [dstokyy] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ntrpexa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ulsqsca] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pkdlrjh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [niivhiv] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cquwfka] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cenppxk] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [kkacslf] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ydqawio] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [erugedh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [smdnvnh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [iqsadrn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cahmbwd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qdpkrjd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [urmarod] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vyliwtm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [nltobpy] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [fpcoxko] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [fvnaefm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pmtnikb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [nauiagj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [uvgjyyk] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [dhnsplg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [yecqqbi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [opmpxeh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [obitskp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [bbeqmpt] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [raovpcj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [efjydsa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jgbcpnj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ffsiyrb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qskthkt] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [maumasx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [nwqubri] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jnjmqxy] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [oaeauto] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [bbaxuxx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pckpkls] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lrethco] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rcsmwim] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [kpilfio] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vgmfmwp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [humvjcx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jdpdpyh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vniqarg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [fihmjcd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ixbhxhs] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wpdvewq] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [dvdnwci] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rlpfxpn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [hkcmgwe] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ctqnjus] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [abmjbel] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jgubrvm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [shppipi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [afoxnqa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [eraswpo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [sfbpkne] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [avqoxvd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qbvqcvs] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qphissh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [sjmfucp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pafwwgv] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qrvafsx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [spfymqa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [snewafp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hekmwjj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [opkbfgp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fwgadic] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [eggqkbp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [icvwltx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yfsvrwb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [chgaotd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qwymcmx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [oegnssb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rsvbdcu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yrnbnvl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gaovrqp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [usrsriq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fegftvi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [efirkxt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wuewglg] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lsfdunh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [phogjmi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ddjwvnu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dnatvud] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jbvunrl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pcpjegu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cqddjsd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vxufhil] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mewgdbp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wkpalpd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qawddqm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [voturnm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nieeiaq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cbnqewl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ndxvnxa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rksojns] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [sddoxrr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ikbavlt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hxwnyah] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fgofjfe] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jyaopiq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uywsbid] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [avskput] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iyfwevl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rkckote] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [unyldqu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wgdyvxq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qhuemlc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jswkevy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cwpqyyn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [culnegi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gudavgo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ifhtrsv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pbrtquo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fccnufm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ivlrgcn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jqtqxpd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kutwcxc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fuscjmg] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uqyrxyc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [avodaxo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cflwtcf] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xjfiqfj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dsxsdhy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vaxabvu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ovjhmde] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vicbdlo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xruommo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pbdtqth] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ujpdwor] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [stqtvtm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qekddki] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [phxsvrr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lyrbgdx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jsypalb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hrgeart] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lrlosry] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ousdfaw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [erjhpfn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dwnoteu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wjrtyjo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fiwvjlj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [calaikv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hymwjnu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hajbrer] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ivgabaj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wihlwmt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nemqwmx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mhkrdaj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fyhrvff] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [haprbqw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ygibbje] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jkaheor] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iwvenvq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jqbcfyc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pufxxoo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ojsthva] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [aakxoke] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hjggydn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dvdutuo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hpweymd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ygfnupb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [bjeaxox] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rcaspuy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ugntqem] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hopljsq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fkcikgt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hovgxqf] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fqtadhj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vicgadq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kaxgbsj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vwxjhbo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [guyhnea] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ctnjdqa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ffnunye] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qtakfal] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [stvyvou] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [snibebk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tuoahkx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ymmareh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mdrkodr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mutiolh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lsyrdrw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ahqcvhb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vlosoux] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qfwxhtd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ntaobaw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ltusxng] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nqnxnit] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wvbgmen] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xpndslq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [blncnce] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cmsqxoh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uwuhhkl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wrdklox] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ncrlqpa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ubrhkbr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vafmmmk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qgfioss] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cevagke] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iylssjm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qxcxdws] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ddmdink] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [diiayej] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gfsmipt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cocvgbp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pvurola] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [bulkriu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yfeobug] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tuxbpwi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lkpjgyh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uwqdkim] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gjmhtjo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qsqljdn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [sjyvify] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rhsstie] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wsrldlk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ybpgpvh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yptdjja] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xrcmxjv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [oaeagor] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rqwuiuk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vncleaq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kbshbcr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ikchkwt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hbknwyo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uodhqtr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [leqobxi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [muirprr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nravrxj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [utohfkq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iayhjqb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cjvrmth] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yksfcgv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yxqdsry] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [chatoua] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tttvvak] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tacwvci] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jjlkcme] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fqpudei] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iyrthqb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [koccyku] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ncbvxhb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hlhkxdk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nfrvdxp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fymqgqa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gjrwhty] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rwjvdey] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [svskvgc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gdyhdat] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [idywicu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [eqgpvhh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mppnwwe] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vtmgfua] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [emcyajj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vgnhrlo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jyjbjfp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ipcjdfa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kawwrfn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [olgnqyv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qsimshd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uumcckr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [sigbyxj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ssaxnbh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vljwkfv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rocgnep] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nkbmjgh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ytfcybl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [orbvmol] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [njcdbei] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [neorvok] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wugkvfl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [esuonxe] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ppuhupl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ntnppjo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qepdbsy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xogoolj] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [rgtqnto] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [ktlykrk] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [lvggkfk] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [ygbtfku] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [jdjgbhf] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [llvxiog] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hmiexhu] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [roywfia] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [aiaulec] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hgjwvqn] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [fxojrhc] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hvydbbi] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [qkwjiet] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [heuwmlc] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [wwunrlq] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [bxwcohj] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [asyford] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hrskfbh] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [detpoxo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jdmlkps] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [chpdwnf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fwisdib] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jirnxhc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ewqatwv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xotltpl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pyujqdm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ixsxtpw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mdawbhq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [raugijq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [uynqxfv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [phcoegt] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qkhktna] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jqwjiof] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tkfkojp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dgftnme] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cmslsdy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cpjkfpn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ybojfto] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ufnjbjb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [bkaynis] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pfnaibd] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rydsyvq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xmmefby] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [urcsxlo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vdsslnn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ovjwxuu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pfnqybu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ekifjax] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [frftida] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wembnob] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cvwtoiv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wqhvjxb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [yxamxlt] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hfkawbg] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [kdtorlq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fkrfxqh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wwaibxu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xoqwojf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pjyyawc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cxlibmq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nqvgovv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [aylqpxp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jqcfpdd] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wxlndpb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [suuocrd] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hvjvhvu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hxiwjxy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [prodile] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [yhsqhep] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mdqmiux] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [khlgnis] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mgsbdpf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [awanfqs] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qttlonq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qdshbeq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [gqqqskc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [afoqacj] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pspjeug] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fjxdxwu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tbtgjrh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ixsmchw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [neieero] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [boeswye] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hajwbip] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pacjrfv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [euhwwvu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hduvpcn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [aqlyofl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mxpxkyg] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nyyjlnq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pnqkigk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [msnbinl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xsmcjge] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cratcuy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ummicxb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [bysmqwp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qicmwhv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [icakrxb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dejfhlh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [gfqbaob] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nquixcs] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fnonegh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tilafyk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fmjqure] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dudbjud] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nqerwre] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hntsfrk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hlgbqkl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cjnwmpl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ktcterj] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [yijdlgm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hhapqai] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pljrnfw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tulksml] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [lkgibpk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [bbquchj] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rxwpyuo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qtbyaja] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xxcotmc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rxgcvnv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xqcseii] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tsjvtsm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tllygku] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [igdlouc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ppsrmrs] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vbkoike] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wlnbqyw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [gsnflfc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [icfobxb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [estehsb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [eeelvxx] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nsupkxq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jyokbka] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xgmaosw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wbttcmm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ikfnsld] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [euiybya] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rexmhnb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [iuhdhmc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nvthivp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tbnjsev] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vaxqwek] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vrcvomh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wjldhvq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ffpuylq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [anmxqcm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rowepcl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [soxbgeh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xbjgoha] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [obvufgc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [geuydys] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hollxly] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jxwdplr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xjlmxen] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mjdkjfb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [chbvktn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fqnbtcs] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [desrgkk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [melpima] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mmflsnb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xarhwch] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dfgfkko] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [sakiobv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [adxcgww] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [esavjcp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [lilpnxa] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rbrvgfh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [whpobtn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [iudtpra] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [kusyhdy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ddcgugq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [lrdqmdo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [spobmsq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qmgqgvq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rehnjvo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [npmpndq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ibxhsmt] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nxbsjqj] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fewbdce] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xgcweij] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [aunfiqh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rruakdh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fofgvsu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vtlvawh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [aqorcwx] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ijviian] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [gjmjekb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jpgnost] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [kivcaof] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qbdruly] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ohnfgtt] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [uoedrsy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [paadqjf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ndcoodh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [iwupaqu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hcwvewu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qieprep] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ptquxkv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [bakjsjf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ykboyow] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ssaxilr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [addfgrr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fqwtiuv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rrdmuqi] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qlsypib] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qffieki] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [njhjwpq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ihlwnsv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ewvocuw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qmuyhiw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ljxpelk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dxbqngp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [opkmyyn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vradnqv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rtoowdq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [kvpehth] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [asnuwdr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fiemlje] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mqfphtr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ryowret] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xytuych] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [yddbavc] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [alqmxbo] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [kuxljis] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [qduwryw] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [tlqceqy] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [sqyrgak] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [ymacpie] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [jsdvpdh] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [rdvaucp] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [tomjffv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [pcuwxyc] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [mkcbbxy] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [csiyhnx] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [uxdushq] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [erxqeye] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [upkvapx] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [ogynoqc] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [jpfwnca] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [pfqgmec] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [txhkhby] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [vfaxlfa] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [injilli] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [iruaknh] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [qvwcvmm] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [elhstce] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [xqbmjeu] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [gulfacl] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [rvdxxtv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [mdkamgf] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [wrhlpwa] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [dclkixi] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [gijbgxj] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [opyycor] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [wjkrddv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [nvgchbk] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [fnbcfjv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [fmrkoxs] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [jdrlngb] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [gxnvyhr] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [uhkqauj] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [llsyrys] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [beyckev] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [juyawkc] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [dieuwcv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [sgnsfey] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [ximqmpt] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [mmtccwm] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [fxfkjdv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [hodwvsv] c:\windows\srmklcp.exe
O4 - HKCU\..\Run: [yoccqwo] c:\windows\srmklcp.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Intellisync For NEC Wireless Phones.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {FB088FE0-BEFD-4B75-B632-53BD323948E3} - C:\WINDOWS\System32\sccsccp689g.dll (HKCU)
O13 - DefaultPrefix: http://www.thebestse.com/?q=
O15 - Trusted Zone: http://phobos.apple.com
O15 - Trusted Zone: www.apple.com
O15 - Trusted Zone: phobos.apple.com.edgesuite.net
O15 - Trusted Zone: http://phobos.apple.com.edgesuite.net
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O19 - User stylesheet: C:\WINDOWS\default.css (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wpdsp739u.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Richard114

Here's the hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 11:01:29 PM, on 4/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Cookie Washer\aolwasher.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Richard G. Schwartz\Desktop\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thebestse.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ogxnzfcbkwelbjwxyzqnj.com/W7/n5CBPomuVMUEK3LaiCDHxCyy9n_eVf30qutzx8qTuB/6DreOOthwIWP5HhKhS.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.thebestse.com/search.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.vubsbxdahlwvff.info/W7/n5CBPomvTMrSibjQjJE56JyE9ZuKVrFMR81_DK_8.html");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Richard G. Schwartz\Application Data\Mozilla\Profiles\default\kbb5xacz.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Richard G. Schwartz"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe
O4 - HKCU\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - HKCU\..\Run: [Ace mp3] C:\DOCUME~1\RICHAR~1.SCH\APPLIC~1\LESSAX~1\soft exit.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [OCMANAGE347e.exe] "C:\WINDOWS\System32\OCMANAGE347e.exe"
O4 - HKCU\..\Run: [SpOrder842n.exe] "C:\WINDOWS\System32\SpOrder842n.exe"
O4 - HKCU\..\Run: [coiijhi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lnwspbb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [mmulrkt] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wvtqvgj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vhawsob] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [tymeuqb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xumcehn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rwocdgj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ksnbvrn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cgvcrxo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [sqgdxai] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vwuvuom] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ikqnlkm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xvxjdtc] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xehijps] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [tkygpct] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qqwcqsn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [mdwcyyo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ulsyvct] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [yxlvfvx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pounuee] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [odgltor] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rrwwbpg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wyohsjk] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jufpxhj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cqftlmb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [tsgguhq] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jvyfmht] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rvdbqgj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wyviwwj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lpvrwjo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [punhrpr] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lnhisac] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [hbciunp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [kuidmst] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ptwbeef] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qkertxf] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xfcyhgg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [bvgrdhl] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [amixyga] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vgdfafl] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jjlcnml] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [hodrdoi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [recdcum] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xlslvgp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [toelmpd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [dstokyy] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ntrpexa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ulsqsca] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pkdlrjh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [niivhiv] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cquwfka] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cenppxk] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [kkacslf] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ydqawio] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [erugedh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [smdnvnh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [iqsadrn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cahmbwd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qdpkrjd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [urmarod] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vyliwtm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [nltobpy] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [fpcoxko] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [fvnaefm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pmtnikb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [nauiagj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [uvgjyyk] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [dhnsplg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [yecqqbi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [opmpxeh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [obitskp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [bbeqmpt] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [raovpcj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [efjydsa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jgbcpnj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ffsiyrb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qskthkt] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [maumasx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [nwqubri] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jnjmqxy] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [oaeauto] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [bbaxuxx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pckpkls] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lrethco] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rcsmwim] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [kpilfio] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vgmfmwp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [humvjcx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jdpdpyh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vniqarg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [fihmjcd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ixbhxhs] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wpdvewq] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [dvdnwci] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rlpfxpn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [hkcmgwe] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ctqnjus] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [abmjbel] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jgubrvm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [shppipi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [afoxnqa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [eraswpo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [sfbpkne] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [avqoxvd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qbvqcvs] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qphissh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [sjmfucp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pafwwgv] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qrvafsx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [spfymqa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [snewafp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hekmwjj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [opkbfgp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fwgadic] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [eggqkbp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [icvwltx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yfsvrwb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [chgaotd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qwymcmx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [oegnssb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rsvbdcu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yrnbnvl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gaovrqp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [usrsriq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fegftvi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [efirkxt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wuewglg] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lsfdunh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [phogjmi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ddjwvnu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dnatvud] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jbvunrl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pcpjegu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cqddjsd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vxufhil] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mewgdbp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wkpalpd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qawddqm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [voturnm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nieeiaq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cbnqewl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ndxvnxa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rksojns] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [sddoxrr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ikbavlt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hxwnyah] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fgofjfe] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jyaopiq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uywsbid] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [avskput] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iyfwevl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rkckote] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [unyldqu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wgdyvxq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qhuemlc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jswkevy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cwpqyyn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [culnegi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gudavgo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ifhtrsv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pbrtquo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fccnufm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ivlrgcn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jqtqxpd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kutwcxc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fuscjmg] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uqyrxyc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [avodaxo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cflwtcf] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xjfiqfj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dsxsdhy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vaxabvu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ovjhmde] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vicbdlo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xruommo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pbdtqth] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ujpdwor] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [stqtvtm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qekddki] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [phxsvrr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lyrbgdx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jsypalb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hrgeart] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lrlosry] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ousdfaw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [erjhpfn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dwnoteu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wjrtyjo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fiwvjlj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [calaikv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hymwjnu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hajbrer] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ivgabaj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wihlwmt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nemqwmx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mhkrdaj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fyhrvff] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [haprbqw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ygibbje] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jkaheor] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iwvenvq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jqbcfyc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pufxxoo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ojsthva] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [aakxoke] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hjggydn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dvdutuo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hpweymd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ygfnupb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [bjeaxox] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rcaspuy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ugntqem] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hopljsq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fkcikgt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hovgxqf] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fqtadhj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vicgadq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kaxgbsj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vwxjhbo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [guyhnea] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ctnjdqa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ffnunye] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qtakfal] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [stvyvou] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [snibebk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tuoahkx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ymmareh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mdrkodr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mutiolh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lsyrdrw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ahqcvhb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vlosoux] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qfwxhtd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ntaobaw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ltusxng] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nqnxnit] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wvbgmen] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xpndslq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [blncnce] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cmsqxoh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uwuhhkl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wrdklox] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ncrlqpa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ubrhkbr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vafmmmk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qgfioss] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cevagke] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iylssjm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qxcxdws] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ddmdink] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [diiayej] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gfsmipt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cocvgbp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pvurola] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [bulkriu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yfeobug] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tuxbpwi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lkpjgyh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uwqdkim] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gjmhtjo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qsqljdn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [sjyvify] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rhsstie] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wsrldlk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ybpgpvh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yptdjja] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xrcmxjv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [oaeagor] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rqwuiuk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vncleaq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kbshbcr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ikchkwt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hbknwyo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uodhqtr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [leqobxi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [muirprr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nravrxj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [utohfkq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iayhjqb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cjvrmth] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yksfcgv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yxqdsry] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [chatoua] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tttvvak] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tacwvci] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jjlkcme] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fqpudei] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iyrthqb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [koccyku] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ncbvxhb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hlhkxdk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nfrvdxp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fymqgqa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gjrwhty] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rwjvdey] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [svskvgc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gdyhdat] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [idywicu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [eqgpvhh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mppnwwe] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vtmgfua] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [emcyajj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vgnhrlo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jyjbjfp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ipcjdfa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kawwrfn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [olgnqyv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qsimshd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uumcckr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [sigbyxj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ssaxnbh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vljwkfv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rocgnep] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nkbmjgh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ytfcybl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [orbvmol] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [njcdbei] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [neorvok] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wugkvfl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [esuonxe] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ppuhupl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ntnppjo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qepdbsy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xogoolj] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [rgtqnto] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [ktlykrk] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [lvggkfk] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [ygbtfku] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [jdjgbhf] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [llvxiog] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hmiexhu] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [roywfia] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [aiaulec] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hgjwvqn] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [fxojrhc] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hvydbbi] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [qkwjiet] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [heuwmlc] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [wwunrlq] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [bxwcohj] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [asyford] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hrskfbh] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [detpoxo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jdmlkps] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [chpdwnf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fwisdib] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jirnxhc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ewqatwv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xotltpl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pyujqdm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ixsxtpw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mdawbhq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [raugijq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [uynqxfv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [phcoegt] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qkhktna] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jqwjiof] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tkfkojp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dgftnme] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cmslsdy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cpjkfpn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ybojfto] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ufnjbjb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [bkaynis] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pfnaibd] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rydsyvq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xmmefby] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [urcsxlo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vdsslnn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ovjwxuu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pfnqybu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ekifjax] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [frftida] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wembnob] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cvwtoiv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wqhvjxb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [yxamxlt] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hfkawbg] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [kdtorlq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fkrfxqh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wwaibxu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xoqwojf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pjyyawc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cxlibmq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nqvgovv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [aylqpxp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jqcfpdd] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wxlndpb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [suuocrd] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hvjvhvu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hxiwjxy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [prodile] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [yhsqhep] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mdqmiux] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [khlgnis] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mgsbdpf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [awanfqs] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qttlonq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qdshbeq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [gqqqskc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [afoqacj] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pspjeug] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fjxdxwu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tbtgjrh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ixsmchw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [neieero] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [boeswye] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hajwbip] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pacjrfv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [euhwwvu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hduvpcn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [aqlyofl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mxpxkyg] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nyyjlnq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pnqkigk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [msnbinl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xsmcjge] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cratcuy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ummicxb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [bysmqwp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qicmwhv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [icakrxb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dejfhlh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [gfqbaob] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nquixcs] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fnonegh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tilafyk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fmjqure] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dudbjud] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nqerwre] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hntsfrk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hlgbqkl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cjnwmpl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ktcterj] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [yijdlgm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hhapqai] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pljrnfw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tulksml] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [lkgibpk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [bbquchj] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rxwpyuo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qtbyaja] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xxcotmc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rxgcvnv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xqcseii] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tsjvtsm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tllygku] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [igdlouc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ppsrmrs] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vbkoike] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wlnbqyw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [gsnflfc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [icfobxb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [estehsb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [eeelvxx] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nsupkxq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jyokbka] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xgmaosw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wbttcmm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ikfnsld] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [euiybya] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rexmhnb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [iuhdhmc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nvthivp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tbnjsev] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vaxqwek] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vrcvomh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wjldhvq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ffpuylq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [anmxqcm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rowepcl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [soxbgeh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xbjgoha] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [obvufgc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [geuydys] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hollxly] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jxwdplr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xjlmxen] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mjdkjfb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [chbvktn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fqnbtcs] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [desrgkk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [melpima] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mmflsnb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xarhwch] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dfgfkko] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [sakiobv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [adxcgww] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [esavjcp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [lilpnxa] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rbrvgfh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [whpobtn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [iudtpra] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [kusyhdy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ddcgugq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [lrdqmdo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [spobmsq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qmgqgvq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rehnjvo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [npmpndq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ibxhsmt] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nxbsjqj] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fewbdce] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xgcweij] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [aunfiqh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rruakdh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fofgvsu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vtlvawh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [aqorcwx] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ijviian] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [gjmjekb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jpgnost] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [kivcaof] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qbdruly] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ohnfgtt] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [uoedrsy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [paadqjf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ndcoodh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [iwupaqu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hcwvewu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qieprep] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ptquxkv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [bakjsjf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ykboyow] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ssaxilr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [addfgrr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fqwtiuv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rrdmuqi] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qlsypib] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qffieki] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [njhjwpq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ihlwnsv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ewvocuw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qmuyhiw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ljxpelk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dxbqngp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [opkmyyn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vradnqv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rtoowdq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [kvpehth] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [asnuwdr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fiemlje] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mqfphtr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ryowret] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xytuych] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [yddbavc] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [alqmxbo] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [kuxljis] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [qduwryw] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [tlqceqy] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [sqyrgak] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [ymacpie] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [jsdvpdh] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [rdvaucp] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [tomjffv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [pcuwxyc] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [mkcbbxy] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [csiyhnx] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [uxdushq] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [erxqeye] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [upkvapx] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [ogynoqc] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [jpfwnca] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [pfqgmec] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [txhkhby] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [vfaxlfa] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [injilli] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [iruaknh] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [qvwcvmm] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [elhstce] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [xqbmjeu] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [gulfacl] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [rvdxxtv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [mdkamgf] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [wrhlpwa] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [dclkixi] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [gijbgxj] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [opyycor] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [wjkrddv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [nvgchbk] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [fnbcfjv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [fmrkoxs] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [jdrlngb] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [gxnvyhr] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [uhkqauj] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [llsyrys] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [beyckev] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [juyawkc] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [dieuwcv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [sgnsfey] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [ximqmpt] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [mmtccwm] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [fxfkjdv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [hodwvsv] c:\windows\srmklcp.exe
O4 - HKCU\..\Run: [yoccqwo] c:\windows\srmklcp.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Intellisync For NEC Wireless Phones.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {FB088FE0-BEFD-4B75-B632-53BD323948E3} - C:\WINDOWS\System32\sccsccp689g.dll (HKCU)
O13 - DefaultPrefix: http://www.thebestse.com/?q=
O15 - Trusted Zone: http://phobos.apple.com
O15 - Trusted Zone: www.apple.com
O15 - Trusted Zone: phobos.apple.com.edgesuite.net
O15 - Trusted Zone: http://phobos.apple.com.edgesuite.net
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O19 - User stylesheet: C:\WINDOWS\default.css (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wpdsp739u.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Buckeye_Sam

Please download and install A-Squared. You will have to register with them in order to install the updates, but it's free. Once updated, run a full scan and remove everything that is found.

http://www.majorgeeks.com/download4281.html



Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thebestse.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ogxnzfcbkwelbjwxyzqnj.co...wIWP5HhKhS.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.thebestse.com/search.shtml
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.thebestse.com/search.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe
O4 - HKCU\..\Run: [OCMANAGE347e.exe] "C:\WINDOWS\System32\OCMANAGE347e.exe"
O4 - HKCU\..\Run: [SpOrder842n.exe] "C:\WINDOWS\System32\SpOrder842n.exe"
O4 - HKCU\..\Run: [coiijhi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lnwspbb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [mmulrkt] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wvtqvgj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vhawsob] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [tymeuqb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xumcehn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rwocdgj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ksnbvrn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cgvcrxo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [sqgdxai] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vwuvuom] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ikqnlkm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xvxjdtc] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xehijps] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [tkygpct] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qqwcqsn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [mdwcyyo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ulsyvct] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [yxlvfvx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pounuee] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [odgltor] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rrwwbpg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wyohsjk] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jufpxhj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cqftlmb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [tsgguhq] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jvyfmht] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rvdbqgj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wyviwwj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lpvrwjo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [punhrpr] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lnhisac] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [hbciunp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [kuidmst] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ptwbeef] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qkertxf] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xfcyhgg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [bvgrdhl] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [amixyga] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vgdfafl] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jjlcnml] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [hodrdoi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [recdcum] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [xlslvgp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [toelmpd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [dstokyy] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ntrpexa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ulsqsca] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pkdlrjh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [niivhiv] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cquwfka] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cenppxk] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [kkacslf] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ydqawio] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [erugedh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [smdnvnh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [iqsadrn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [cahmbwd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qdpkrjd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [urmarod] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vyliwtm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [nltobpy] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [fpcoxko] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [fvnaefm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pmtnikb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [nauiagj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [uvgjyyk] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [dhnsplg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [yecqqbi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [opmpxeh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [obitskp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [bbeqmpt] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [raovpcj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [efjydsa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jgbcpnj] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ffsiyrb] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qskthkt] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [maumasx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [nwqubri] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jnjmqxy] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [oaeauto] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [bbaxuxx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pckpkls] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [lrethco] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rcsmwim] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [kpilfio] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vgmfmwp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [humvjcx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jdpdpyh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [vniqarg] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [fihmjcd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ixbhxhs] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [wpdvewq] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [dvdnwci] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [rlpfxpn] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [hkcmgwe] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [ctqnjus] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [abmjbel] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [jgubrvm] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [shppipi] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [afoxnqa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [eraswpo] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [sfbpkne] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [avqoxvd] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qbvqcvs] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qphissh] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [sjmfucp] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [pafwwgv] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [qrvafsx] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [spfymqa] c:\windows\fgqhjxd.exe
O4 - HKCU\..\Run: [snewafp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hekmwjj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [opkbfgp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fwgadic] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [eggqkbp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [icvwltx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yfsvrwb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [chgaotd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qwymcmx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [oegnssb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rsvbdcu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yrnbnvl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gaovrqp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [usrsriq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fegftvi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [efirkxt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wuewglg] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lsfdunh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [phogjmi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ddjwvnu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dnatvud] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jbvunrl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pcpjegu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cqddjsd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vxufhil] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mewgdbp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wkpalpd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qawddqm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [voturnm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nieeiaq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cbnqewl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ndxvnxa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rksojns] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [sddoxrr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ikbavlt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hxwnyah] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fgofjfe] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jyaopiq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uywsbid] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [avskput] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iyfwevl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rkckote] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [unyldqu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wgdyvxq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qhuemlc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jswkevy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cwpqyyn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [culnegi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gudavgo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ifhtrsv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pbrtquo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fccnufm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ivlrgcn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jqtqxpd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kutwcxc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fuscjmg] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uqyrxyc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [avodaxo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cflwtcf] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xjfiqfj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dsxsdhy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vaxabvu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ovjhmde] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vicbdlo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xruommo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pbdtqth] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ujpdwor] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [stqtvtm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qekddki] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [phxsvrr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lyrbgdx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jsypalb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hrgeart] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lrlosry] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ousdfaw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [erjhpfn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dwnoteu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wjrtyjo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fiwvjlj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [calaikv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hymwjnu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hajbrer] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ivgabaj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wihlwmt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nemqwmx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mhkrdaj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fyhrvff] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [haprbqw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ygibbje] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jkaheor] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iwvenvq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jqbcfyc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pufxxoo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ojsthva] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [aakxoke] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hjggydn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [dvdutuo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hpweymd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ygfnupb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [bjeaxox] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rcaspuy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ugntqem] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hopljsq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fkcikgt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hovgxqf] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fqtadhj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vicgadq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kaxgbsj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vwxjhbo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [guyhnea] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ctnjdqa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ffnunye] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qtakfal] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [stvyvou] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [snibebk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tuoahkx] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ymmareh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mdrkodr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mutiolh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lsyrdrw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ahqcvhb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vlosoux] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qfwxhtd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ntaobaw] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ltusxng] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nqnxnit] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wvbgmen] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xpndslq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [blncnce] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cmsqxoh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uwuhhkl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wrdklox] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ncrlqpa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ubrhkbr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vafmmmk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qgfioss] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cevagke] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iylssjm] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qxcxdws] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ddmdink] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [diiayej] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gfsmipt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cocvgbp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [pvurola] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [bulkriu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yfeobug] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tuxbpwi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [lkpjgyh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uwqdkim] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gjmhtjo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qsqljdn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [sjyvify] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rhsstie] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wsrldlk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ybpgpvh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yptdjja] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xrcmxjv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [oaeagor] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rqwuiuk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vncleaq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kbshbcr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ikchkwt] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hbknwyo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uodhqtr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [leqobxi] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [muirprr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nravrxj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [utohfkq] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iayhjqb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [cjvrmth] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yksfcgv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [yxqdsry] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [chatoua] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tttvvak] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [tacwvci] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jjlkcme] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fqpudei] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [iyrthqb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [koccyku] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ncbvxhb] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [hlhkxdk] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nfrvdxp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [fymqgqa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gjrwhty] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rwjvdey] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [svskvgc] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [gdyhdat] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [idywicu] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [eqgpvhh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [mppnwwe] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vtmgfua] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [emcyajj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vgnhrlo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [jyjbjfp] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ipcjdfa] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [kawwrfn] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [olgnqyv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qsimshd] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [uumcckr] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [sigbyxj] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ssaxnbh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [vljwkfv] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [rocgnep] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [nkbmjgh] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ytfcybl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [orbvmol] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [njcdbei] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [neorvok] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [wugkvfl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [esuonxe] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ppuhupl] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [ntnppjo] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [qepdbsy] c:\windows\ocfeodd.exe
O4 - HKCU\..\Run: [xogoolj] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [rgtqnto] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [ktlykrk] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [lvggkfk] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [ygbtfku] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [jdjgbhf] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [llvxiog] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hmiexhu] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [roywfia] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [aiaulec] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hgjwvqn] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [fxojrhc] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hvydbbi] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [qkwjiet] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [heuwmlc] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [wwunrlq] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [bxwcohj] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [asyford] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [hrskfbh] c:\windows\vffnwim.exe
O4 - HKCU\..\Run: [detpoxo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jdmlkps] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [chpdwnf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fwisdib] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jirnxhc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ewqatwv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xotltpl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pyujqdm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ixsxtpw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mdawbhq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [raugijq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [uynqxfv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [phcoegt] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qkhktna] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jqwjiof] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tkfkojp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dgftnme] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cmslsdy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cpjkfpn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ybojfto] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ufnjbjb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [bkaynis] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pfnaibd] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rydsyvq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xmmefby] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [urcsxlo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vdsslnn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ovjwxuu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pfnqybu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ekifjax] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [frftida] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wembnob] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cvwtoiv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wqhvjxb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [yxamxlt] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hfkawbg] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [kdtorlq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fkrfxqh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wwaibxu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xoqwojf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pjyyawc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cxlibmq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nqvgovv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [aylqpxp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jqcfpdd] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wxlndpb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [suuocrd] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hvjvhvu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hxiwjxy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [prodile] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [yhsqhep] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mdqmiux] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [khlgnis] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mgsbdpf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [awanfqs] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qttlonq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qdshbeq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [gqqqskc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [afoqacj] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pspjeug] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fjxdxwu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tbtgjrh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ixsmchw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [neieero] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [boeswye] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hajwbip] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pacjrfv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [euhwwvu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hduvpcn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [aqlyofl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mxpxkyg] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nyyjlnq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pnqkigk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [msnbinl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xsmcjge] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cratcuy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ummicxb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [bysmqwp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qicmwhv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [icakrxb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dejfhlh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [gfqbaob] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nquixcs] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fnonegh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tilafyk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fmjqure] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dudbjud] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nqerwre] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hntsfrk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hlgbqkl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [cjnwmpl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ktcterj] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [yijdlgm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hhapqai] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [pljrnfw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tulksml] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [lkgibpk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [bbquchj] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rxwpyuo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qtbyaja] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xxcotmc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rxgcvnv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xqcseii] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tsjvtsm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tllygku] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [igdlouc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ppsrmrs] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vbkoike] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wlnbqyw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [gsnflfc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [icfobxb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [estehsb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [eeelvxx] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nsupkxq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jyokbka] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xgmaosw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wbttcmm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ikfnsld] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [euiybya] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rexmhnb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [iuhdhmc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nvthivp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [tbnjsev] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vaxqwek] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vrcvomh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [wjldhvq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ffpuylq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [anmxqcm] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rowepcl] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [soxbgeh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xbjgoha] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [obvufgc] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [geuydys] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hollxly] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jxwdplr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xjlmxen] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mjdkjfb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [chbvktn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fqnbtcs] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [desrgkk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [melpima] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mmflsnb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xarhwch] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dfgfkko] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [sakiobv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [adxcgww] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [esavjcp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [lilpnxa] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rbrvgfh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [whpobtn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [iudtpra] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [kusyhdy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ddcgugq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [lrdqmdo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [spobmsq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qmgqgvq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rehnjvo] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [npmpndq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ibxhsmt] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [nxbsjqj] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fewbdce] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xgcweij] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [aunfiqh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rruakdh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fofgvsu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vtlvawh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [aqorcwx] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ijviian] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [gjmjekb] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [jpgnost] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [kivcaof] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qbdruly] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ohnfgtt] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [uoedrsy] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [paadqjf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ndcoodh] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [iwupaqu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [hcwvewu] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qieprep] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ptquxkv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [bakjsjf] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ykboyow] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ssaxilr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [addfgrr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fqwtiuv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rrdmuqi] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qlsypib] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qffieki] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [njhjwpq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ihlwnsv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ewvocuw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [qmuyhiw] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ljxpelk] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [dxbqngp] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [opkmyyn] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [vradnqv] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [rtoowdq] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [kvpehth] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [asnuwdr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [fiemlje] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [mqfphtr] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [ryowret] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [xytuych] c:\windows\ujycslo.exe
O4 - HKCU\..\Run: [yddbavc] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [alqmxbo] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [kuxljis] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [qduwryw] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [tlqceqy] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [sqyrgak] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [ymacpie] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [jsdvpdh] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [rdvaucp] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [tomjffv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [pcuwxyc] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [mkcbbxy] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [csiyhnx] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [uxdushq] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [erxqeye] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [upkvapx] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [ogynoqc] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [jpfwnca] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [pfqgmec] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [txhkhby] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [vfaxlfa] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [injilli] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [iruaknh] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [qvwcvmm] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [elhstce] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [xqbmjeu] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [gulfacl] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [rvdxxtv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [mdkamgf] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [wrhlpwa] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [dclkixi] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [gijbgxj] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [opyycor] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [wjkrddv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [nvgchbk] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [fnbcfjv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [fmrkoxs] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [jdrlngb] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [gxnvyhr] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [uhkqauj] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [llsyrys] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [beyckev] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [juyawkc] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [dieuwcv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [sgnsfey] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [ximqmpt] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [mmtccwm] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [fxfkjdv] c:\windows\ajuewuw.exe
O4 - HKCU\..\Run: [hodwvsv] c:\windows\srmklcp.exe
O4 - HKCU\..\Run: [yoccqwo] c:\windows\srmklcp.exe
O9 - Extra button: (no name) - {FB088FE0-BEFD-4B75-B632-53BD323948E3} - C:\WINDOWS\System32\sccsccp689g.dll (HKCU)
O13 - DefaultPrefix: http://www.thebestse.com/?q=
O19 - User stylesheet: C:\WINDOWS\default.css (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\wpdsp739u.dll


Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist):

C:\WINDOWS\System32\wpdsp739u.dll
C:\WINDOWS\System32\sccsccp689g.dll
C:\WINDOWS\System32\SpOrder842n.exe
C:\WINDOWS\System32\OCMANAGE347e.exe
c:\windows\srmklcp.exe
c:\windows\ajuewuw.exe
c:\windows\ujycslo.exe
c:\windows\vffnwim.exe
c:\windows\ocfeodd.exe
c:\windows\fgqhjxd.exe
C:\WINDOWS\editpad.exe



Reboot your computer to go back to normal mode.



Please run at least two of these online scans.
Make sure they are set to clean automatically:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

http://www.bitdefender.com/scan/licence.php

http://housecall.trendmicro.com/housecall/start_corp.asp

There will be files that these scans will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log.