Browser Hijack!!
I have very limited computer knowledge. One day my firewall was disabled for a short time. I used the internet through out the day before realizing this. Now I have spyware/trojan problems.
I believe what I have is called a browser hijack.
Everytime I get on internet explorier, www.w-find.com/index.htm pops up as my homepage. I reset my homepage to yahoo. I wait around 5 min, and I am back to square 1 with www.w-find.com/index.htm as my homepage. It also loads 3 porn sites in my Favorites folder. I delete them, and they come back.
I have done numerousNorton Antivirus scans, Adaware, Microsoft Internet security. A trojan was found in my C:\windows\system32 folder.
The file name was thn32.dll. It got quarentined and deleted, but the problem still persists. Even with using the Microsoft internet Security browser hijack feature. I set my homepage etc. back to yahoo, and the end up changing back to www.w-find etc.
HELP ME PLEASE!!!!
I believe what I have is called a browser hijack.
Everytime I get on internet explorier, www.w-find.com/index.htm pops up as my homepage. I reset my homepage to yahoo. I wait around 5 min, and I am back to square 1 with www.w-find.com/index.htm as my homepage. It also loads 3 porn sites in my Favorites folder. I delete them, and they come back.
I have done numerousNorton Antivirus scans, Adaware, Microsoft Internet security. A trojan was found in my C:\windows\system32 folder.
The file name was thn32.dll. It got quarentined and deleted, but the problem still persists. Even with using the Microsoft internet Security browser hijack feature. I set my homepage etc. back to yahoo, and the end up changing back to www.w-find etc.
HELP ME PLEASE!!!!
0
This discussion has been closed.
Comments
http://www.short-media.com/forum/showpost.php?p=172584&postcount=2
Scan saved at 3:33:39 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\gcasServ.exe
C:\windows\bkhaook.exe
D:\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\David\Desktop\hijackthis_199\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.excite.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LSASS Authority] lshosts32.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [gcasServ] "D:\gcasServ.exe"
O4 - HKLM\..\RunServices: [LSASS Authority] lshosts32.exe
O4 - HKCU\..\Run: [mcplkev] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [yewttkr] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [lfawdyd] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [kuuotyi] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [nkrguch] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [strpqyk] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [tqwreyw] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [gotvnda] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [wrynpjq] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [emksgns] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [eagdeav] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [kjwmqtc] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [jrqclou] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qmjwkfa] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qsbgqpq] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [jggkxsg] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qhcdupp] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [tedoafp] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [fulfhon] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [xkotprk] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [ktevoif] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [hmfyibj] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [svcpxtx] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [fvfvqdm] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [hauonju] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [ytbkuyg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [hsbyogo] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wqtooke] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [rxylypa] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [lvvjdvs] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yyorvtx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wucaqtc] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [qxttvlj] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bgmjjve] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [dwdcoyj] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [elipwel] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [sphgfsq] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ldcpipw] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [rxuohcy] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [encpidi] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [vplfwgn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yndmwfg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [btgtxlb] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ubsxsnq] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [vxplcpn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [pagscdm] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [gkbauuc] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [xbaupob] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yrxtoam] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [hrvypcf] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [cwtuvvh] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [itwxqti] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [uekeuhh] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [aeufpbd] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [nljevng] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bgcdsti] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ntiocvs] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bnddfbx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [pidcnrr] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [mnvrdjo] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [fvayyoy] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ggpsmlp] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [utddwgg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ojnutmx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [tsnceui] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [aysosjn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [gwcnhxw] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [allbjyg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [moivxfa] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [orahoew] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wxohjiq] c:\windows\lgsxoke.exe
O4 - HKCU\..\Run: [yrgxcbm] c:\windows\lgsxoke.exe
O4 - HKCU\..\Run: [sjlwtgr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [cawbllg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [itcblfc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ridwqwi] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gxwytbs] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [chfursj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ifrmuxg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [wwvtcix] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gwoowln] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fxmcfjv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [worenva] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xscbswt] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [duvjdjw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qoncvit] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [karugjv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [cgiveeb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ppllhhe] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [exmgtlt] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ptbowdp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qjechhw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [nddiueu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [dmnniwy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hafgkhy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ycusjrc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xvwjsbq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kecnhba] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jhdlxrp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kfnysvd] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vsnsqtm] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fcjpmbr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vkutnbw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ecdmxuy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lqdsrpi] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ggufupm] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pesajdg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gefnocj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qgjakyc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kckahrs] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [nsekjyo] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [owwefee] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lqcqsdu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [yhiyvyg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jstriyr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [peyllgb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pynhvxf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [flgtjvu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [opxjxiu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [oempraq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ngbpeja] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qtstpyj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jnfvkuv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fyhffge] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [mwifkjn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vruhbwr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [rwtusjb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vkdkalu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hnwwhma] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jrgwxtu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [afxbkah] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gllduqf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [irpxqlc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pughfff] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kqjbogp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pdqdxds] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [niaegbg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ammxjsp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [itvvsyn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jgoihvd] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fttgvrf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pfaulne] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [sdllucn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hvuyimu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [eeguadk] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jcgwaix] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xfaxbdq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kckuxvl] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kgspgek] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [usteytj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lvrmaaq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vwaeire] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gfospwv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vlhxmpr] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vdakdrp] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kgnlbkq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jjijbai] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [agttmxh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sxjjbmj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ejcibng] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dokappc] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kmvtyjm] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rubnoqt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bltrfid] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [glcvltf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sqakldq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uucqpbn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aevvhrb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vhwoyac] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [eqikbex] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hssieob] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rhqyjjg] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [obkaspa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pygyrcy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gvcktfa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nlckrpk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sfykwhx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [tkegddo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gctmmxa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wclhcke] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nqechga] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [neevhfl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hpqjfrh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jpcucfw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [istqpco] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xrrgjps] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yenjten] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vayudah] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qegnqsl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mpggcdy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xrtvebi] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [tboctcg] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pypjmja] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jtdiuyl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qlbquob] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hckysgh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vjwpnmn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nacdtpe] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bvconul] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mbtphll] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vrcrwpd] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ygvaguj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imesyjj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nilnhxw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [fmnrnkj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vlcgumi] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kaaxpjl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vtiyndq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rgwqipv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [shxrjux] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [waiieou] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [loflrnf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imreltb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rlrbovm] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mdqrlaq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vfibsrh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yqbmjmx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [piolrug] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [awtvxfc] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nmgaacl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bagkedq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hyhueui] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rmsfpwt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xjiylfv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aoqiqwf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rewgmve] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [fcicjdl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uuprtha] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [meewoof] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bggopsh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ekviebx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gaieomf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jhbiwsk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ebxryad] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wuqlebn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xathsnn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [exqysmo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [lytcsam] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yhdkxmv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kwughxh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [atwqvld] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hqqfbpk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ehbtosk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dnrvatv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xtddqrt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bfdxdgt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wtmican] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rpqeeqh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [cnvolsd] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kycyoay] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dyllkor] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dprscra] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wvgvojo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [llnkifp] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ronnpjn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xqfdbip] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gvyfpsw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wjdyeti] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nlpkcci] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imrlrmh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pxtnrcu] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hmcppsh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uqowvev] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mliqdhu] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ioivkyy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [grqwhox] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [cjxbpov] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rgxxadb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uktsiwh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [lqxkcvr] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [oypvxxy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kfhjxns] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [oeksxlx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aclghhs] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gqoimge] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rvefleb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qllwwds] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [drswwyj] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [cveunym] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [ytwjyov] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [apqedvr] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [nydffjp] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [mounhkn] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [sujivro] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bheliep] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bnylahq] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [osuwiqu] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [ugtmtaj] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [sbkuort] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [dbywnrd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rxnalvl] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [uavlsve] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [xjeulsk] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [udgqbwt] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rfvdtlw] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [wbaolvs] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [mypivhq] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [stakdpc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [csuhtcr] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [cndkjyl] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [outhgdv] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [nqervvc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [dvfnqqc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [kpgdela] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rwlxtrp] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [yxfiwut] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [fdloixu] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bkcvqtb] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bjsdmtd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [aesatwd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [uxmwpld] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ibiiive] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [olbtler] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [aqnbskq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pboblfa] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gxwbwmn] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hnynrqr] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [dufhemb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [oyctuyt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ektwndo] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [jrogtti] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hvfgjqq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [atabbxs] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [rcygqrb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [nyohmoe] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gsapmnu] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [jnxqtni] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [cxxfwdt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hegaack] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pjalrrd] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bcyiatt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [mdivglp] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ubebedj] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [tfdoyrt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bhgjntx] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ccswknv] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ebvtjgg] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [mmoboyl] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [tnvdwbv] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hgkwrbe] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [rliteuu] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pakqctw] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ibdirgj] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ufuvmnb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bcdebsc] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pakfqdq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gashwmx] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [yudrerb] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [rwgtito] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [iilvsmr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [soqnwth] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [afbadhy] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [gaxbtir] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [qjyywrc] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [anywppm] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [bqmwuxq] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [fgmhapb] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [iqcvamx] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [ohlpbbc] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [nslwadr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [vnhlbjr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [mnmqubq] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [aohvbee] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [bfabgby] c:\windows\xodqbbs.exe
O4 - HKCU\..\Run: [mjepgpt] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [jvloxrc] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [mehedsn] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [soedgst] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [dkdpchq] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [hqqxqly] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [bhyvxwv] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [uulajvi] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [wqaukta] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [jmdrdfb] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [briajri] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [xrbwuqc] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [dxulwsh] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [ikcjkev] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [nfsdunq] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [xunlwkx] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [sxenjwm] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [veafspt] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [vexmvoy] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [fplbdtg] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [bwgjilr] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ydefsvr] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ofkqtmx] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [xlaghud] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ykmvwkk] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ebjnyjd] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [tbmucrw] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [yddfpkq] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [togaquf] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [jhwavsa] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [tguoqrd] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [jeeyuvo] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ciiahqj] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [fblmdtw] c:\windows\loplrjx.exe
O4 - HKCU\..\Run: [jmmfbfc] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [lledvbl] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bajhblm] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jryiggo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [cgwwvyi] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bplcscf] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [kgdgjav] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jnhdquj] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [rjabvqv] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [mptpegn] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hexwaqn] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ksmqafs] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [qaxojgg] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hxnrmld] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hhsfisg] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [xvmsnwd] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ixvxpst] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [onqjtga] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [qeqppns] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [fudpssf] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [lrwlxcb] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [orinehe] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [rxresqp] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [tebtfdq] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [pxggkri] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ckdqrls] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ifvrgyl] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [aeqnule] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ohvwdga] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [woukhyq] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [iiwdfxs] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jccvexj] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [sypauhx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [daijkra] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [wskniuo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [cfduhbt] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [socccbe] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [swupnfo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bvskmsx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ifeosot] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [pnoayxx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [mqtrvwe] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [ucvnfah] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [dpyjrhi] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [gukisxi] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [yihjvns] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [kbfoius] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [qkvhdyj] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [rfngxxi] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [ldyhwbq] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [xrmkgio] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [jkbomic] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [mqxxncw] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [vftxhjj] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [ffpnmdu] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [qhnqbwc] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [aymsubu] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [vpmnkar] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [liuanhb] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [nlnwplt] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [abtpiyq] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [asaupvs] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [fuhymdh] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [aawytvb] c:\windows\hbalrig.exe
O4 - HKCU\..\Run: [udfeyka] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qgmhbqt] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [usddech] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [tiaceil] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [cnjupkm] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [aoggsfo] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [mnlfxch] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [gfgkwds] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qnqinlx] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [bjjypjk] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [silcont] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [vwldeqm] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qywnvmq] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [enccuem] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [pgjwoxa] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [gvnsrnx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [udttxxa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ibbulnt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vkluosy] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cuprrjg] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ocwttie] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [fsmcbdl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ulolbxq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tsjdgsh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kxfiywa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [gvevmma] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [hvjsgda] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [qstussd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lkvtlcf] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [pwqmfxd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bvlheso] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [mebptxq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wboeqhd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [smtuoqd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jqxchut] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [esfviyd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dvkjgmd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [hilaleh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [djvlgwh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [uuipifo] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nwyigxy] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [auuelbi] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rnmmcqk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ojbqylb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jbyeswk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tpuessa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vuaauqp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rnyuhoj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ysloain] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [llqaxce] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ttqwrvx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jiebmih] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jnprlme] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [twfabcq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vlkgynl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ukqvnxe] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jwtnlsj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [msiynpi] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wcinvto] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wpqcfue] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [oufdhdx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bcnhdbu] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [swvvlfq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ksgmffv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [eokpecp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [trhgtat] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jpobuwj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [whottyp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [yimpdhu] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ouifqxk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [whjwsqe] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lamqxfb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [gyqeybv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cylrbyv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [iywiqbo] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wrwfeyl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tntdchk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [llprgmp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rgfqtxw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lveeqve] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ueogqyd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ickrpub] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vfxqwei] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ajsrwte] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tsgkiav] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vatbjwt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kuxuiis] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rgfbutj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nixtivd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [neddpde] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tvpnvku] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bdemskd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [agxbges] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [feyjivq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ckjiskr] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xfjldsq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kljodma] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xyeodeh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [avdxleh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kuhwwuj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [yjmmibg] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [akqekmd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tbpowws] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rbmlukp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xnedkij] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vboeckr] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [fpybdyw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dpflyvs] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nijaftb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wvwptil] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kcbdlqt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cinhjku] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vnlypnk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [srvpjyb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ybwmepx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xwcpyju] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xgupqch] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rihljkc] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [skgbqvw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xrhisik] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ljdgiyv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [euecpjf] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ulwcicq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dfaahea] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vhwgols] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tvftltk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hnqxfyb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ugqdtnr] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kmwjsgp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vtbyxfn] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [fycpbic] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [tsugyfp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [viewhwo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [dkutyxk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hiolwkk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [otmgnwr] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wmmexjx] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [objetqs] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ricrgke] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mhmlwuh] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [gnqnxhp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qjcwhlo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ypawpra] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qbxnfpm] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [dsvpcsm] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [iyiocpu] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [gfggooj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ebnqfyk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hsfwpge] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sevbgiq] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [emcunbw] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wiesder] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wgisffc] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kshhmga] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [otfkunb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kqknsxv] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ltnluvf] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [biqyuix] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vxmhojj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [bfryfdv] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rglsrqh] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mmnftkb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [lbduqqy] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qfaebgk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rtjqhfk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rduedyd] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ejjbpva] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sresbjo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [perxhvj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [pjxaxsg] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vrqrqob] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ffkwhpx] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sxkcjif] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ealckko] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kejjmep] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mjpsxxk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [aaexhie] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [firulcl] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [sryrdsf] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [elkblgo] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [yeskwpl] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [gheqtpy] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [gqmgudp] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [cekkklo] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [rsssbnd] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [hdjywcg] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [nsqbdtb] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [ilglggx] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [niolyin] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [kxacdfk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [hpuqspm] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [amjyggw] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [wauhkgu] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [lraskpp] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [eoslkmo] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [sjijilc] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [awajqlt] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [eghhjrb] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [ouoyedm] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [kgfvryk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [nbjirni] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [tfhqqvy] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [jixmorw] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [dkthnns] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [uhccauj] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [fmosifk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [vakmnqt] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [rscajsi] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [knenaoo] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [qvhqkja] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [vhsxina] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [tuoccjq] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [plbfflw] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [swmajvs] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [hruuqlc] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [cxjmwvj] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [wotxpre] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gklmiot] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qkhmwom] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [cbkmdro] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [rvnsahx] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [veguejs] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [xnrvcrj] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [loxdpxp] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [tknguid] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [fyutcuc] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gpvgund] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [vetvyqk] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qxxkepi] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [jdemsvw] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ytkvhmq] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [nybwqxh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gsstymm] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [guftxlg] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [rstwbla] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [mhceuui] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [jhnkjep] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [lglnsue] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [dxyiqfm] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [rrfdnci] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qjrxpuh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ndcswko] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [mmwramp] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [getoiox] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [caekrqv] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [oosveib] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [bjwrxka] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [bhfemcl] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [itquofg] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qimtbiw] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [msatlhh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [fjwjoyx] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [dwfwspw] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [edxhvfd] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gbsdjff] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [huxvwxa] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [uomrqpq] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [jtwajug] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ffcyqxh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [bajkvku] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ubnlcwt] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [sgnshfg] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [vwkntha] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [owyllvy] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [swwlenc] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ivfjivu] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [yqiivqw] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [kprtkfp] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [qbuxuey] c:\windows\qltxnwy.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120789196578
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
http://www.spywareinfo.dk/download/mwav.exe
Once it's done please post the log from the scan and a new hijackthis log.
If I format my PC, will that delete and Trojan('s) and browser hijack, and fix the problem???
(Im concidering doing this now, and just saving all my work onto an external harddrive)
Escan found 2 viruses called:
C:\windows\system32\flsmngr.bin
C:\windows\system32\flsmngr.dll
*it tagged them as spyware and not a virus...
Logfile of HijackThis v1.99.1
Scan saved at 5:43:42 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
D:\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\bkhaook.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\gcasDtServ.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\David\Desktop\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w-find.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.excite.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [gcasServ] "D:\gcasServ.exe"
O4 - HKCU\..\Run: [mcplkev] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [yewttkr] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [lfawdyd] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [kuuotyi] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [nkrguch] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [strpqyk] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [tqwreyw] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [gotvnda] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [wrynpjq] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [emksgns] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [eagdeav] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [kjwmqtc] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [jrqclou] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qmjwkfa] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qsbgqpq] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [jggkxsg] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qhcdupp] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [tedoafp] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [fulfhon] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [xkotprk] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [ktevoif] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [hmfyibj] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [svcpxtx] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [fvfvqdm] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [hauonju] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [ytbkuyg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [hsbyogo] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wqtooke] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [rxylypa] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [lvvjdvs] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yyorvtx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wucaqtc] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [qxttvlj] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bgmjjve] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [dwdcoyj] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [elipwel] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [sphgfsq] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ldcpipw] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [rxuohcy] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [encpidi] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [vplfwgn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yndmwfg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [btgtxlb] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ubsxsnq] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [vxplcpn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [pagscdm] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [gkbauuc] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [xbaupob] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yrxtoam] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [hrvypcf] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [cwtuvvh] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [itwxqti] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [uekeuhh] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [aeufpbd] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [nljevng] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bgcdsti] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ntiocvs] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bnddfbx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [pidcnrr] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [mnvrdjo] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [fvayyoy] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ggpsmlp] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [utddwgg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ojnutmx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [tsnceui] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [aysosjn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [gwcnhxw] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [allbjyg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [moivxfa] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [orahoew] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wxohjiq] c:\windows\lgsxoke.exe
O4 - HKCU\..\Run: [yrgxcbm] c:\windows\lgsxoke.exe
O4 - HKCU\..\Run: [sjlwtgr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [cawbllg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [itcblfc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ridwqwi] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gxwytbs] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [chfursj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ifrmuxg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [wwvtcix] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gwoowln] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fxmcfjv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [worenva] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xscbswt] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [duvjdjw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qoncvit] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [karugjv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [cgiveeb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ppllhhe] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [exmgtlt] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ptbowdp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qjechhw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [nddiueu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [dmnniwy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hafgkhy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ycusjrc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xvwjsbq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kecnhba] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jhdlxrp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kfnysvd] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vsnsqtm] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fcjpmbr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vkutnbw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ecdmxuy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lqdsrpi] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ggufupm] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pesajdg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gefnocj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qgjakyc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kckahrs] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [nsekjyo] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [owwefee] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lqcqsdu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [yhiyvyg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jstriyr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [peyllgb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pynhvxf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [flgtjvu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [opxjxiu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [oempraq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ngbpeja] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qtstpyj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jnfvkuv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fyhffge] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [mwifkjn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vruhbwr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [rwtusjb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vkdkalu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hnwwhma] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jrgwxtu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [afxbkah] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gllduqf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [irpxqlc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pughfff] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kqjbogp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pdqdxds] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [niaegbg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ammxjsp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [itvvsyn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jgoihvd] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fttgvrf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pfaulne] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [sdllucn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hvuyimu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [eeguadk] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jcgwaix] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xfaxbdq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kckuxvl] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kgspgek] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [usteytj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lvrmaaq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vwaeire] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gfospwv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vlhxmpr] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vdakdrp] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kgnlbkq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jjijbai] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [agttmxh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sxjjbmj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ejcibng] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dokappc] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kmvtyjm] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rubnoqt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bltrfid] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [glcvltf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sqakldq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uucqpbn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aevvhrb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vhwoyac] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [eqikbex] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hssieob] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rhqyjjg] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [obkaspa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pygyrcy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gvcktfa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nlckrpk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sfykwhx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [tkegddo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gctmmxa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wclhcke] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nqechga] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [neevhfl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hpqjfrh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jpcucfw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [istqpco] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xrrgjps] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yenjten] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vayudah] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qegnqsl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mpggcdy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xrtvebi] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [tboctcg] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pypjmja] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jtdiuyl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qlbquob] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hckysgh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vjwpnmn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nacdtpe] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bvconul] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mbtphll] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vrcrwpd] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ygvaguj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imesyjj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nilnhxw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [fmnrnkj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vlcgumi] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kaaxpjl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vtiyndq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rgwqipv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [shxrjux] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [waiieou] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [loflrnf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imreltb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rlrbovm] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mdqrlaq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vfibsrh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yqbmjmx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [piolrug] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [awtvxfc] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nmgaacl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bagkedq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hyhueui] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rmsfpwt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xjiylfv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aoqiqwf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rewgmve] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [fcicjdl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uuprtha] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [meewoof] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bggopsh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ekviebx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gaieomf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jhbiwsk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ebxryad] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wuqlebn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xathsnn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [exqysmo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [lytcsam] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yhdkxmv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kwughxh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [atwqvld] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hqqfbpk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ehbtosk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dnrvatv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xtddqrt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bfdxdgt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wtmican] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rpqeeqh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [cnvolsd] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kycyoay] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dyllkor] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dprscra] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wvgvojo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [llnkifp] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ronnpjn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xqfdbip] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gvyfpsw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wjdyeti] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nlpkcci] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imrlrmh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pxtnrcu] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hmcppsh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uqowvev] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mliqdhu] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ioivkyy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [grqwhox] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [cjxbpov] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rgxxadb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uktsiwh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [lqxkcvr] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [oypvxxy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kfhjxns] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [oeksxlx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aclghhs] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gqoimge] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rvefleb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qllwwds] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [drswwyj] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [cveunym] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [ytwjyov] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [apqedvr] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [nydffjp] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [mounhkn] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [sujivro] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bheliep] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bnylahq] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [osuwiqu] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [ugtmtaj] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [sbkuort] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [dbywnrd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rxnalvl] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [uavlsve] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [xjeulsk] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [udgqbwt] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rfvdtlw] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [wbaolvs] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [mypivhq] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [stakdpc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [csuhtcr] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [cndkjyl] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [outhgdv] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [nqervvc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [dvfnqqc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [kpgdela] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rwlxtrp] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [yxfiwut] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [fdloixu] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bkcvqtb] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bjsdmtd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [aesatwd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [uxmwpld] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ibiiive] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [olbtler] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [aqnbskq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pboblfa] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gxwbwmn] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hnynrqr] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [dufhemb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [oyctuyt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ektwndo] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [jrogtti] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hvfgjqq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [atabbxs] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [rcygqrb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [nyohmoe] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gsapmnu] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [jnxqtni] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [cxxfwdt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hegaack] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pjalrrd] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bcyiatt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [mdivglp] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ubebedj] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [tfdoyrt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bhgjntx] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ccswknv] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ebvtjgg] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [mmoboyl] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [tnvdwbv] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hgkwrbe] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [rliteuu] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pakqctw] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ibdirgj] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ufuvmnb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bcdebsc] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pakfqdq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gashwmx] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [yudrerb] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [rwgtito] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [iilvsmr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [soqnwth] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [afbadhy] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [gaxbtir] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [qjyywrc] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [anywppm] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [bqmwuxq] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [fgmhapb] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [iqcvamx] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [ohlpbbc] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [nslwadr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [vnhlbjr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [mnmqubq] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [aohvbee] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [bfabgby] c:\windows\xodqbbs.exe
O4 - HKCU\..\Run: [mjepgpt] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [jvloxrc] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [mehedsn] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [soedgst] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [dkdpchq] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [hqqxqly] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [bhyvxwv] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [uulajvi] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [wqaukta] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [jmdrdfb] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [briajri] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [xrbwuqc] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [dxulwsh] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [ikcjkev] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [nfsdunq] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [xunlwkx] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [sxenjwm] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [veafspt] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [vexmvoy] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [fplbdtg] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [bwgjilr] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ydefsvr] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ofkqtmx] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [xlaghud] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ykmvwkk] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ebjnyjd] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [tbmucrw] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [yddfpkq] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [togaquf] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [jhwavsa] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [tguoqrd] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [jeeyuvo] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ciiahqj] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [fblmdtw] c:\windows\loplrjx.exe
O4 - HKCU\..\Run: [jmmfbfc] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [lledvbl] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bajhblm] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jryiggo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [cgwwvyi] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bplcscf] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [kgdgjav] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jnhdquj] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [rjabvqv] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [mptpegn] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hexwaqn] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ksmqafs] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [qaxojgg] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hxnrmld] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hhsfisg] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [xvmsnwd] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ixvxpst] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [onqjtga] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [qeqppns] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [fudpssf] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [lrwlxcb] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [orinehe] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [rxresqp] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [tebtfdq] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [pxggkri] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ckdqrls] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ifvrgyl] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [aeqnule] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ohvwdga] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [woukhyq] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [iiwdfxs] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jccvexj] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [sypauhx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [daijkra] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [wskniuo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [cfduhbt] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [socccbe] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [swupnfo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bvskmsx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ifeosot] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [pnoayxx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [mqtrvwe] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [ucvnfah] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [dpyjrhi] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [gukisxi] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [yihjvns] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [kbfoius] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [qkvhdyj] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [rfngxxi] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [ldyhwbq] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [xrmkgio] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [jkbomic] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [mqxxncw] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [vftxhjj] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [ffpnmdu] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [qhnqbwc] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [aymsubu] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [vpmnkar] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [liuanhb] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [nlnwplt] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [abtpiyq] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [asaupvs] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [fuhymdh] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [aawytvb] c:\windows\hbalrig.exe
O4 - HKCU\..\Run: [udfeyka] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qgmhbqt] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [usddech] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [tiaceil] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [cnjupkm] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [aoggsfo] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [mnlfxch] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [gfgkwds] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qnqinlx] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [bjjypjk] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [silcont] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [vwldeqm] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qywnvmq] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [enccuem] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [pgjwoxa] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [gvnsrnx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [udttxxa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ibbulnt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vkluosy] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cuprrjg] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ocwttie] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [fsmcbdl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ulolbxq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tsjdgsh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kxfiywa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [gvevmma] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [hvjsgda] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [qstussd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lkvtlcf] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [pwqmfxd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bvlheso] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [mebptxq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wboeqhd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [smtuoqd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jqxchut] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [esfviyd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dvkjgmd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [hilaleh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [djvlgwh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [uuipifo] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nwyigxy] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [auuelbi] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rnmmcqk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ojbqylb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jbyeswk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tpuessa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vuaauqp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rnyuhoj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ysloain] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [llqaxce] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ttqwrvx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jiebmih] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jnprlme] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [twfabcq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vlkgynl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ukqvnxe] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jwtnlsj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [msiynpi] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wcinvto] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wpqcfue] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [oufdhdx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bcnhdbu] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [swvvlfq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ksgmffv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [eokpecp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [trhgtat] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jpobuwj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [whottyp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [yimpdhu] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ouifqxk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [whjwsqe] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lamqxfb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [gyqeybv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cylrbyv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [iywiqbo] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wrwfeyl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tntdchk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [llprgmp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rgfqtxw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lveeqve] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ueogqyd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ickrpub] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vfxqwei] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ajsrwte] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tsgkiav] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vatbjwt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kuxuiis] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rgfbutj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nixtivd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [neddpde] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tvpnvku] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bdemskd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [agxbges] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [feyjivq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ckjiskr] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xfjldsq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kljodma] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xyeodeh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [avdxleh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kuhwwuj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [yjmmibg] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [akqekmd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tbpowws] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rbmlukp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xnedkij] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vboeckr] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [fpybdyw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dpflyvs] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nijaftb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wvwptil] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kcbdlqt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cinhjku] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vnlypnk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [srvpjyb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ybwmepx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xwcpyju] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xgupqch] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rihljkc] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [skgbqvw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xrhisik] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ljdgiyv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [euecpjf] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ulwcicq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dfaahea] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vhwgols] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tvftltk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hnqxfyb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ugqdtnr] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kmwjsgp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vtbyxfn] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [fycpbic] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [tsugyfp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [viewhwo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [dkutyxk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hiolwkk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [otmgnwr] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wmmexjx] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [objetqs] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ricrgke] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mhmlwuh] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [gnqnxhp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qjcwhlo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ypawpra] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qbxnfpm] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [dsvpcsm] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [iyiocpu] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [gfggooj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ebnqfyk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hsfwpge] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sevbgiq] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [emcunbw] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wiesder] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wgisffc] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kshhmga] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [otfkunb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kqknsxv] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ltnluvf] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [biqyuix] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vxmhojj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [bfryfdv] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rglsrqh] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mmnftkb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [lbduqqy] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qfaebgk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rtjqhfk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rduedyd] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ejjbpva] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sresbjo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [perxhvj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [pjxaxsg] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vrqrqob] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ffkwhpx] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sxkcjif] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ealckko] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kejjmep] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mjpsxxk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [firulcl] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [elkblgo] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [gheqtpy] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [cekkklo] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [hdjywcg] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [ilglggx] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [kxacdfk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [amjyggw] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [lraskpp] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [sjijilc] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [eghhjrb] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [kgfvryk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [tfhqqvy] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [dkthnns] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [fmosifk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [rscajsi] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [knenaoo] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [qvhqkja] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [vhsxina] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [tuoccjq] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [plbfflw] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [swmajvs] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [hruuqlc] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [wotxpre] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qkhmwom] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [rvnsahx] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [xnrvcrj] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [tknguid] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gpvgund] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qxxkepi] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ytkvhmq] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gsstymm] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [rstwbla] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [jhnkjep] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [dxyiqfm] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qjrxpuh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [mmwramp] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [caekrqv] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [bjwrxka] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [itquofg] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [msatlhh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [dwfwspw] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gbsdjff] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [uomrqpq] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ffcyqxh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ubnlcwt] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [vwkntha] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [swwlenc] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ivfjivu] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [yqiivqw] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [kprtkfp] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [qbuxuey] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [bqoxgfi] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [riwrtxk] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [uycxpuf] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ocevmch] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [xoyekqp] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [dxbqjxf] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ipeolat] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [xopfcga] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ldeclbn] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [uovaaoj] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [vfgxxvp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [lrhccki] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [cllxxdp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [sqytkoc] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [uesqxns] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [twndmrd] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [kodxnph] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [sksuyoh] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [alqkhrl] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [evpybob] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [dkooetp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [iohmlhy] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ujyspkq] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [hipqyaa] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ooyrmpm] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ludowls] c:\windows\qgigasq.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120789196578
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
Check the I know what I'm doing box.
In the Keep box you should see one or more instances of the following files.
flsmngr.dll
Select every instance of this file, but no others, and move each one to the Remove box by clicking the >> button.
When you are done click Finish>>.
=============
Please download ewido security suite it is a trial version of the program.
- Install ewido security suite
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch ewido, there should be an icon on your desktop double-click it.
- The program will now go to the main screen
You will need to update ewido to the latest definition files.- On the left hand side of the main screen click update
- Then click on Start Update
The update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/
Once the updates are installed do the following:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- While the scan is in progress you will be prompted to clean files, click OK
- When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop.
Now close ewido security suite.=============
Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:
O4 - HKCU\..\Run: [mcplkev] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [yewttkr] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [lfawdyd] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [kuuotyi] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [nkrguch] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [strpqyk] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [tqwreyw] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [gotvnda] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [wrynpjq] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [emksgns] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [eagdeav] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [kjwmqtc] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [jrqclou] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qmjwkfa] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qsbgqpq] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [jggkxsg] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qhcdupp] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [tedoafp] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [fulfhon] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [xkotprk] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [ktevoif] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [hmfyibj] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [svcpxtx] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [fvfvqdm] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [hauonju] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [ytbkuyg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [hsbyogo] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wqtooke] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [rxylypa] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [lvvjdvs] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yyorvtx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wucaqtc] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [qxttvlj] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bgmjjve] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [dwdcoyj] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [elipwel] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [sphgfsq] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ldcpipw] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [rxuohcy] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [encpidi] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [vplfwgn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yndmwfg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [btgtxlb] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ubsxsnq] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [vxplcpn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [pagscdm] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [gkbauuc] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [xbaupob] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yrxtoam] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [hrvypcf] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [cwtuvvh] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [itwxqti] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [uekeuhh] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [aeufpbd] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [nljevng] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bgcdsti] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ntiocvs] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bnddfbx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [pidcnrr] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [mnvrdjo] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [fvayyoy] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ggpsmlp] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [utddwgg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ojnutmx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [tsnceui] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [aysosjn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [gwcnhxw] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [allbjyg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [moivxfa] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [orahoew] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wxohjiq] c:\windows\lgsxoke.exe
O4 - HKCU\..\Run: [yrgxcbm] c:\windows\lgsxoke.exe
O4 - HKCU\..\Run: [sjlwtgr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [cawbllg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [itcblfc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ridwqwi] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gxwytbs] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [chfursj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ifrmuxg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [wwvtcix] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gwoowln] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fxmcfjv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [worenva] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xscbswt] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [duvjdjw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qoncvit] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [karugjv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [cgiveeb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ppllhhe] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [exmgtlt] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ptbowdp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qjechhw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [nddiueu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [dmnniwy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hafgkhy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ycusjrc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xvwjsbq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kecnhba] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jhdlxrp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kfnysvd] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vsnsqtm] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fcjpmbr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vkutnbw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ecdmxuy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lqdsrpi] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ggufupm] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pesajdg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gefnocj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qgjakyc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kckahrs] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [nsekjyo] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [owwefee] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lqcqsdu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [yhiyvyg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jstriyr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [peyllgb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pynhvxf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [flgtjvu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [opxjxiu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [oempraq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ngbpeja] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qtstpyj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jnfvkuv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fyhffge] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [mwifkjn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vruhbwr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [rwtusjb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vkdkalu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hnwwhma] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jrgwxtu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [afxbkah] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gllduqf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [irpxqlc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pughfff] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kqjbogp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pdqdxds] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [niaegbg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ammxjsp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [itvvsyn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jgoihvd] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fttgvrf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pfaulne] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [sdllucn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hvuyimu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [eeguadk] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jcgwaix] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xfaxbdq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kckuxvl] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kgspgek] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [usteytj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lvrmaaq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vwaeire] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gfospwv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vlhxmpr] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vdakdrp] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kgnlbkq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jjijbai] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [agttmxh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sxjjbmj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ejcibng] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dokappc] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kmvtyjm] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rubnoqt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bltrfid] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [glcvltf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sqakldq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uucqpbn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aevvhrb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vhwoyac] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [eqikbex] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hssieob] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rhqyjjg] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [obkaspa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pygyrcy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gvcktfa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nlckrpk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sfykwhx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [tkegddo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gctmmxa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wclhcke] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nqechga] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [neevhfl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hpqjfrh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jpcucfw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [istqpco] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xrrgjps] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yenjten] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vayudah] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qegnqsl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mpggcdy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xrtvebi] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [tboctcg] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pypjmja] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jtdiuyl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qlbquob] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hckysgh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vjwpnmn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nacdtpe] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bvconul] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mbtphll] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vrcrwpd] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ygvaguj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imesyjj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nilnhxw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [fmnrnkj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vlcgumi] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kaaxpjl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vtiyndq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rgwqipv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [shxrjux] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [waiieou] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [loflrnf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imreltb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rlrbovm] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mdqrlaq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vfibsrh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yqbmjmx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [piolrug] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [awtvxfc] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nmgaacl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bagkedq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hyhueui] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rmsfpwt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xjiylfv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aoqiqwf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rewgmve] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [fcicjdl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uuprtha] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [meewoof] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bggopsh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ekviebx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gaieomf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jhbiwsk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ebxryad] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wuqlebn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xathsnn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [exqysmo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [lytcsam] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yhdkxmv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kwughxh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [atwqvld] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hqqfbpk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ehbtosk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dnrvatv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xtddqrt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bfdxdgt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wtmican] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rpqeeqh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [cnvolsd] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kycyoay] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dyllkor] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dprscra] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wvgvojo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [llnkifp] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ronnpjn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xqfdbip] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gvyfpsw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wjdyeti] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nlpkcci] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imrlrmh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pxtnrcu] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hmcppsh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uqowvev] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mliqdhu] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ioivkyy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [grqwhox] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [cjxbpov] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rgxxadb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uktsiwh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [lqxkcvr] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [oypvxxy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kfhjxns] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [oeksxlx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aclghhs] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gqoimge] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rvefleb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qllwwds] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [drswwyj] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [cveunym] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [ytwjyov] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [apqedvr] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [nydffjp] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [mounhkn] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [sujivro] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bheliep] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bnylahq] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [osuwiqu] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [ugtmtaj] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [sbkuort] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [dbywnrd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rxnalvl] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [uavlsve] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [xjeulsk] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [udgqbwt] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rfvdtlw] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [wbaolvs] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [mypivhq] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [stakdpc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [csuhtcr] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [cndkjyl] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [outhgdv] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [nqervvc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [dvfnqqc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [kpgdela] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rwlxtrp] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [yxfiwut] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [fdloixu] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bkcvqtb] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bjsdmtd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [aesatwd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [uxmwpld] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ibiiive] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [olbtler] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [aqnbskq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pboblfa] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gxwbwmn] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hnynrqr] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [dufhemb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [oyctuyt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ektwndo] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [jrogtti] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hvfgjqq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [atabbxs] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [rcygqrb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [nyohmoe] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gsapmnu] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [jnxqtni] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [cxxfwdt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hegaack] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pjalrrd] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bcyiatt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [mdivglp] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ubebedj] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [tfdoyrt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bhgjntx] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ccswknv] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ebvtjgg] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [mmoboyl] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [tnvdwbv] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hgkwrbe] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [rliteuu] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pakqctw] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ibdirgj] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ufuvmnb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bcdebsc] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pakfqdq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gashwmx] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [yudrerb] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [rwgtito] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [iilvsmr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [soqnwth] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [afbadhy] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [gaxbtir] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [qjyywrc] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [anywppm] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [bqmwuxq] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [fgmhapb] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [iqcvamx] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [ohlpbbc] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [nslwadr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [vnhlbjr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [mnmqubq] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [aohvbee] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [bfabgby] c:\windows\xodqbbs.exe
O4 - HKCU\..\Run: [mjepgpt] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [jvloxrc] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [mehedsn] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [soedgst] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [dkdpchq] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [hqqxqly] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [bhyvxwv] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [uulajvi] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [wqaukta] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [jmdrdfb] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [briajri] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [xrbwuqc] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [dxulwsh] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [ikcjkev] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [nfsdunq] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [xunlwkx] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [sxenjwm] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [veafspt] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [vexmvoy] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [fplbdtg] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [bwgjilr] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ydefsvr] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ofkqtmx] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [xlaghud] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ykmvwkk] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ebjnyjd] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [tbmucrw] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [yddfpkq] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [togaquf] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [jhwavsa] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [tguoqrd] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [jeeyuvo] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ciiahqj] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [fblmdtw] c:\windows\loplrjx.exe
O4 - HKCU\..\Run: [jmmfbfc] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [lledvbl] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bajhblm] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jryiggo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [cgwwvyi] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bplcscf] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [kgdgjav] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jnhdquj] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [rjabvqv] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [mptpegn] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hexwaqn] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ksmqafs] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [qaxojgg] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hxnrmld] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hhsfisg] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [xvmsnwd] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ixvxpst] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [onqjtga] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [qeqppns] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [fudpssf] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [lrwlxcb] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [orinehe] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [rxresqp] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [tebtfdq] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [pxggkri] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ckdqrls] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ifvrgyl] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [aeqnule] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ohvwdga] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [woukhyq] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [iiwdfxs] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jccvexj] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [sypauhx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [daijkra] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [wskniuo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [cfduhbt] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [socccbe] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [swupnfo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bvskmsx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ifeosot] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [pnoayxx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [mqtrvwe] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [ucvnfah] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [dpyjrhi] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [gukisxi] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [yihjvns] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [kbfoius] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [qkvhdyj] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [rfngxxi] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [ldyhwbq] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [xrmkgio] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [jkbomic] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [mqxxncw] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [vftxhjj] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [ffpnmdu] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [qhnqbwc] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [aymsubu] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [vpmnkar] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [liuanhb] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [nlnwplt] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [abtpiyq] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [asaupvs] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [fuhymdh] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [aawytvb] c:\windows\hbalrig.exe
O4 - HKCU\..\Run: [udfeyka] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qgmhbqt] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [usddech] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [tiaceil] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [cnjupkm] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [aoggsfo] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [mnlfxch] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [gfgkwds] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qnqinlx] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [bjjypjk] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [silcont] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [vwldeqm] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qywnvmq] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [enccuem] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [pgjwoxa] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [gvnsrnx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [udttxxa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ibbulnt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vkluosy] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cuprrjg] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ocwttie] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [fsmcbdl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ulolbxq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tsjdgsh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kxfiywa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [gvevmma] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [hvjsgda] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [qstussd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lkvtlcf] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [pwqmfxd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bvlheso] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [mebptxq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wboeqhd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [smtuoqd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jqxchut] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [esfviyd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dvkjgmd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [hilaleh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [djvlgwh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [uuipifo] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nwyigxy] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [auuelbi] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rnmmcqk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ojbqylb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jbyeswk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tpuessa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vuaauqp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rnyuhoj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ysloain] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [llqaxce] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ttqwrvx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jiebmih] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jnprlme] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [twfabcq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vlkgynl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ukqvnxe] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jwtnlsj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [msiynpi] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wcinvto] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wpqcfue] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [oufdhdx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bcnhdbu] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [swvvlfq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ksgmffv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [eokpecp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [trhgtat] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jpobuwj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [whottyp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [yimpdhu] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ouifqxk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [whjwsqe] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lamqxfb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [gyqeybv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cylrbyv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [iywiqbo] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wrwfeyl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tntdchk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [llprgmp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rgfqtxw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lveeqve] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ueogqyd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ickrpub] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vfxqwei] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ajsrwte] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tsgkiav] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vatbjwt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kuxuiis] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rgfbutj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nixtivd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [neddpde] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tvpnvku] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bdemskd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [agxbges] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [feyjivq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ckjiskr] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xfjldsq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kljodma] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xyeodeh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [avdxleh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kuhwwuj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [yjmmibg] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [akqekmd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tbpowws] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rbmlukp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xnedkij] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vboeckr] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [fpybdyw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dpflyvs] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nijaftb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wvwptil] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kcbdlqt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cinhjku] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vnlypnk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [srvpjyb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ybwmepx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xwcpyju] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xgupqch] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rihljkc] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [skgbqvw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xrhisik] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ljdgiyv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [euecpjf] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ulwcicq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dfaahea] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vhwgols] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tvftltk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hnqxfyb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ugqdtnr] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kmwjsgp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vtbyxfn] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [fycpbic] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [tsugyfp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [viewhwo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [dkutyxk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hiolwkk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [otmgnwr] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wmmexjx] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [objetqs] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ricrgke] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mhmlwuh] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [gnqnxhp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qjcwhlo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ypawpra] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qbxnfpm] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [dsvpcsm] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [iyiocpu] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [gfggooj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ebnqfyk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hsfwpge] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sevbgiq] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [emcunbw] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wiesder] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wgisffc] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kshhmga] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [otfkunb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kqknsxv] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ltnluvf] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [biqyuix] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vxmhojj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [bfryfdv] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rglsrqh] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mmnftkb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [lbduqqy] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qfaebgk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rtjqhfk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rduedyd] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ejjbpva] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sresbjo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [perxhvj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [pjxaxsg] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vrqrqob] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ffkwhpx] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sxkcjif] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ealckko] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kejjmep] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mjpsxxk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [firulcl] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [elkblgo] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [gheqtpy] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [cekkklo] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [hdjywcg] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [ilglggx] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [kxacdfk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [amjyggw] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [lraskpp] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [sjijilc] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [eghhjrb] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [kgfvryk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [tfhqqvy] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [dkthnns] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [fmosifk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [rscajsi] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [knenaoo] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [qvhqkja] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [vhsxina] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [tuoccjq] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [plbfflw] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [swmajvs] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [hruuqlc] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [wotxpre] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qkhmwom] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [rvnsahx] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [xnrvcrj] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [tknguid] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gpvgund] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qxxkepi] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ytkvhmq] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gsstymm] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [rstwbla] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [jhnkjep] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [dxyiqfm] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qjrxpuh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [mmwramp] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [caekrqv] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [bjwrxka] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [itquofg] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [msatlhh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [dwfwspw] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gbsdjff] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [uomrqpq] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ffcyqxh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ubnlcwt] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [vwkntha] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [swwlenc] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ivfjivu] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [yqiivqw] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [kprtkfp] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [qbuxuey] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [bqoxgfi] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [riwrtxk] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [uycxpuf] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ocevmch] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [xoyekqp] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [dxbqjxf] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ipeolat] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [xopfcga] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ldeclbn] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [uovaaoj] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [vfgxxvp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [lrhccki] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [cllxxdp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [sqytkoc] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [uesqxns] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [twndmrd] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [kodxnph] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [sksuyoh] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [alqkhrl] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [evpybob] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [dkooetp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [iohmlhy] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ujyspkq] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [hipqyaa] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ooyrmpm] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ludowls] c:\windows\qgigasq.exe
=============
Reboot and post a new hijackthis log and the log from Ewido.
Download LSPFix from http://www.cexx.org/lspfix.zip and run it.
Check the I know what I'm doing box.
In the Keep box you should see one or more instances of the following files.
flsmngr.dll
Select every instance of this file, but no others, and move each one to the Remove box by clicking the >> button.
When you are done click Finish>>.
=============
Please download ewido security suite it is a trial version of the program.
- Install ewido security suite
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch ewido, there should be an icon on your desktop double-click it.
- The program will now go to the main screen
You will need to update ewido to the latest definition files.- On the left hand side of the main screen click update
- Then click on Start Update
The update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/
Once the updates are installed do the following:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- While the scan is in progress you will be prompted to clean files, click OK
- When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop.
Now close ewido security suite.=============
Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:
O4 - HKCU\..\Run: [mcplkev] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [yewttkr] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [lfawdyd] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [kuuotyi] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [nkrguch] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [strpqyk] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [tqwreyw] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [gotvnda] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [wrynpjq] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [emksgns] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [eagdeav] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [kjwmqtc] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [jrqclou] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qmjwkfa] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qsbgqpq] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [jggkxsg] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qhcdupp] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [tedoafp] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [fulfhon] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [xkotprk] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [ktevoif] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [hmfyibj] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [svcpxtx] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [fvfvqdm] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [hauonju] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [ytbkuyg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [hsbyogo] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wqtooke] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [rxylypa] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [lvvjdvs] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yyorvtx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wucaqtc] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [qxttvlj] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bgmjjve] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [dwdcoyj] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [elipwel] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [sphgfsq] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ldcpipw] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [rxuohcy] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [encpidi] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [vplfwgn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yndmwfg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [btgtxlb] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ubsxsnq] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [vxplcpn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [pagscdm] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [gkbauuc] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [xbaupob] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yrxtoam] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [hrvypcf] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [cwtuvvh] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [itwxqti] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [uekeuhh] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [aeufpbd] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [nljevng] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bgcdsti] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ntiocvs] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bnddfbx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [pidcnrr] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [mnvrdjo] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [fvayyoy] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ggpsmlp] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [utddwgg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ojnutmx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [tsnceui] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [aysosjn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [gwcnhxw] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [allbjyg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [moivxfa] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [orahoew] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wxohjiq] c:\windows\lgsxoke.exe
O4 - HKCU\..\Run: [yrgxcbm] c:\windows\lgsxoke.exe
O4 - HKCU\..\Run: [sjlwtgr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [cawbllg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [itcblfc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ridwqwi] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gxwytbs] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [chfursj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ifrmuxg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [wwvtcix] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gwoowln] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fxmcfjv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [worenva] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xscbswt] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [duvjdjw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qoncvit] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [karugjv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [cgiveeb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ppllhhe] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [exmgtlt] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ptbowdp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qjechhw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [nddiueu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [dmnniwy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hafgkhy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ycusjrc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xvwjsbq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kecnhba] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jhdlxrp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kfnysvd] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vsnsqtm] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fcjpmbr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vkutnbw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ecdmxuy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lqdsrpi] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ggufupm] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pesajdg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gefnocj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qgjakyc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kckahrs] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [nsekjyo] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [owwefee] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lqcqsdu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [yhiyvyg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jstriyr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [peyllgb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pynhvxf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [flgtjvu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [opxjxiu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [oempraq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ngbpeja] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qtstpyj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jnfvkuv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fyhffge] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [mwifkjn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vruhbwr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [rwtusjb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vkdkalu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hnwwhma] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jrgwxtu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [afxbkah] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gllduqf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [irpxqlc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pughfff] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kqjbogp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pdqdxds] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [niaegbg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ammxjsp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [itvvsyn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jgoihvd] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fttgvrf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pfaulne] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [sdllucn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hvuyimu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [eeguadk] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jcgwaix] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xfaxbdq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kckuxvl] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kgspgek] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [usteytj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lvrmaaq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vwaeire] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gfospwv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vlhxmpr] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vdakdrp] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kgnlbkq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jjijbai] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [agttmxh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sxjjbmj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ejcibng] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dokappc] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kmvtyjm] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rubnoqt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bltrfid] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [glcvltf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sqakldq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uucqpbn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aevvhrb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vhwoyac] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [eqikbex] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hssieob] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rhqyjjg] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [obkaspa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pygyrcy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gvcktfa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nlckrpk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sfykwhx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [tkegddo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gctmmxa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wclhcke] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nqechga] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [neevhfl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hpqjfrh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jpcucfw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [istqpco] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xrrgjps] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yenjten] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vayudah] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qegnqsl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mpggcdy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xrtvebi] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [tboctcg] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pypjmja] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jtdiuyl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qlbquob] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hckysgh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vjwpnmn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nacdtpe] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bvconul] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mbtphll] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vrcrwpd] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ygvaguj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imesyjj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nilnhxw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [fmnrnkj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vlcgumi] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kaaxpjl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vtiyndq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rgwqipv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [shxrjux] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [waiieou] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [loflrnf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imreltb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rlrbovm] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mdqrlaq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vfibsrh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yqbmjmx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [piolrug] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [awtvxfc] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nmgaacl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bagkedq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hyhueui] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rmsfpwt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xjiylfv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aoqiqwf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rewgmve] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [fcicjdl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uuprtha] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [meewoof] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bggopsh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ekviebx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gaieomf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jhbiwsk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ebxryad] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wuqlebn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xathsnn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [exqysmo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [lytcsam] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yhdkxmv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kwughxh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [atwqvld] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hqqfbpk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ehbtosk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dnrvatv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xtddqrt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bfdxdgt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wtmican] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rpqeeqh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [cnvolsd] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kycyoay] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dyllkor] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dprscra] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wvgvojo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [llnkifp] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ronnpjn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xqfdbip] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gvyfpsw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wjdyeti] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nlpkcci] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imrlrmh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pxtnrcu] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hmcppsh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uqowvev] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mliqdhu] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ioivkyy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [grqwhox] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [cjxbpov] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rgxxadb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uktsiwh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [lqxkcvr] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [oypvxxy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kfhjxns] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [oeksxlx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aclghhs] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gqoimge] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rvefleb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qllwwds] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [drswwyj] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [cveunym] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [ytwjyov] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [apqedvr] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [nydffjp] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [mounhkn] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [sujivro] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bheliep] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bnylahq] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [osuwiqu] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [ugtmtaj] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [sbkuort] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [dbywnrd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rxnalvl] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [uavlsve] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [xjeulsk] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [udgqbwt] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rfvdtlw] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [wbaolvs] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [mypivhq] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [stakdpc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [csuhtcr] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [cndkjyl] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [outhgdv] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [nqervvc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [dvfnqqc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [kpgdela] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rwlxtrp] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [yxfiwut] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [fdloixu] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bkcvqtb] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bjsdmtd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [aesatwd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [uxmwpld] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ibiiive] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [olbtler] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [aqnbskq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pboblfa] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gxwbwmn] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hnynrqr] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [dufhemb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [oyctuyt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ektwndo] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [jrogtti] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hvfgjqq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [atabbxs] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [rcygqrb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [nyohmoe] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gsapmnu] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [jnxqtni] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [cxxfwdt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hegaack] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pjalrrd] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bcyiatt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [mdivglp] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ubebedj] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [tfdoyrt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bhgjntx] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ccswknv] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ebvtjgg] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [mmoboyl] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [tnvdwbv] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hgkwrbe] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [rliteuu] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pakqctw] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ibdirgj] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ufuvmnb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bcdebsc] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pakfqdq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gashwmx] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [yudrerb] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [rwgtito] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [iilvsmr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [soqnwth] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [afbadhy] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [gaxbtir] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [qjyywrc] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [anywppm] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [bqmwuxq] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [fgmhapb] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [iqcvamx] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [ohlpbbc] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [nslwadr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [vnhlbjr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [mnmqubq] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [aohvbee] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [bfabgby] c:\windows\xodqbbs.exe
O4 - HKCU\..\Run: [mjepgpt] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [jvloxrc] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [mehedsn] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [soedgst] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [dkdpchq] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [hqqxqly] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [bhyvxwv] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [uulajvi] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [wqaukta] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [jmdrdfb] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [briajri] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [xrbwuqc] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [dxulwsh] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [ikcjkev] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [nfsdunq] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [xunlwkx] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [sxenjwm] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [veafspt] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [vexmvoy] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [fplbdtg] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [bwgjilr] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ydefsvr] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ofkqtmx] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [xlaghud] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ykmvwkk] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ebjnyjd] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [tbmucrw] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [yddfpkq] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [togaquf] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [jhwavsa] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [tguoqrd] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [jeeyuvo] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ciiahqj] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [fblmdtw] c:\windows\loplrjx.exe
O4 - HKCU\..\Run: [jmmfbfc] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [lledvbl] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bajhblm] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jryiggo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [cgwwvyi] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bplcscf] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [kgdgjav] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jnhdquj] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [rjabvqv] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [mptpegn] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hexwaqn] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ksmqafs] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [qaxojgg] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hxnrmld] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hhsfisg] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [xvmsnwd] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ixvxpst] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [onqjtga] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [qeqppns] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [fudpssf] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [lrwlxcb] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [orinehe] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [rxresqp] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [tebtfdq] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [pxggkri] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ckdqrls] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ifvrgyl] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [aeqnule] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ohvwdga] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [woukhyq] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [iiwdfxs] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jccvexj] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [sypauhx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [daijkra] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [wskniuo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [cfduhbt] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [socccbe] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [swupnfo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bvskmsx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ifeosot] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [pnoayxx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [mqtrvwe] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [ucvnfah] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [dpyjrhi] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [gukisxi] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [yihjvns] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [kbfoius] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [qkvhdyj] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [rfngxxi] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [ldyhwbq] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [xrmkgio] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [jkbomic] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [mqxxncw] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [vftxhjj] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [ffpnmdu] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [qhnqbwc] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [aymsubu] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [vpmnkar] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [liuanhb] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [nlnwplt] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [abtpiyq] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [asaupvs] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [fuhymdh] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [aawytvb] c:\windows\hbalrig.exe
O4 - HKCU\..\Run: [udfeyka] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qgmhbqt] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [usddech] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [tiaceil] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [cnjupkm] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [aoggsfo] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [mnlfxch] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [gfgkwds] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qnqinlx] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [bjjypjk] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [silcont] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [vwldeqm] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qywnvmq] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [enccuem] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [pgjwoxa] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [gvnsrnx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [udttxxa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ibbulnt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vkluosy] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cuprrjg] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ocwttie] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [fsmcbdl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ulolbxq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tsjdgsh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kxfiywa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [gvevmma] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [hvjsgda] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [qstussd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lkvtlcf] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [pwqmfxd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bvlheso] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [mebptxq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wboeqhd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [smtuoqd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jqxchut] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [esfviyd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dvkjgmd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [hilaleh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [djvlgwh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [uuipifo] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nwyigxy] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [auuelbi] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rnmmcqk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ojbqylb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jbyeswk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tpuessa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vuaauqp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rnyuhoj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ysloain] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [llqaxce] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ttqwrvx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jiebmih] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jnprlme] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [twfabcq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vlkgynl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ukqvnxe] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jwtnlsj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [msiynpi] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wcinvto] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wpqcfue] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [oufdhdx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bcnhdbu] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [swvvlfq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ksgmffv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [eokpecp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [trhgtat] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jpobuwj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [whottyp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [yimpdhu] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ouifqxk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [whjwsqe] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lamqxfb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [gyqeybv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cylrbyv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [iywiqbo] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wrwfeyl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tntdchk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [llprgmp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rgfqtxw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lveeqve] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ueogqyd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ickrpub] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vfxqwei] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ajsrwte] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tsgkiav] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vatbjwt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kuxuiis] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rgfbutj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nixtivd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [neddpde] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tvpnvku] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bdemskd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [agxbges] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [feyjivq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ckjiskr] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xfjldsq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kljodma] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xyeodeh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [avdxleh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kuhwwuj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [yjmmibg] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [akqekmd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tbpowws] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rbmlukp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xnedkij] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vboeckr] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [fpybdyw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dpflyvs] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nijaftb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wvwptil] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kcbdlqt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cinhjku] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vnlypnk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [srvpjyb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ybwmepx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xwcpyju] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xgupqch] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rihljkc] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [skgbqvw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xrhisik] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ljdgiyv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [euecpjf] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ulwcicq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dfaahea] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vhwgols] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tvftltk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hnqxfyb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ugqdtnr] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kmwjsgp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vtbyxfn] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [fycpbic] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [tsugyfp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [viewhwo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [dkutyxk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hiolwkk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [otmgnwr] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wmmexjx] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [objetqs] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ricrgke] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mhmlwuh] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [gnqnxhp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qjcwhlo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ypawpra] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qbxnfpm] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [dsvpcsm] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [iyiocpu] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [gfggooj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ebnqfyk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hsfwpge] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sevbgiq] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [emcunbw] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wiesder] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wgisffc] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kshhmga] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [otfkunb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kqknsxv] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ltnluvf] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [biqyuix] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vxmhojj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [bfryfdv] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rglsrqh] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mmnftkb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [lbduqqy] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qfaebgk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rtjqhfk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rduedyd] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ejjbpva] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sresbjo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [perxhvj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [pjxaxsg] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vrqrqob] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ffkwhpx] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sxkcjif] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ealckko] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kejjmep] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mjpsxxk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [firulcl] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [elkblgo] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [gheqtpy] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [cekkklo] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [hdjywcg] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [ilglggx] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [kxacdfk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [amjyggw] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [lraskpp] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [sjijilc] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [eghhjrb] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [kgfvryk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [tfhqqvy] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [dkthnns] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [fmosifk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [rscajsi] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [knenaoo] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [qvhqkja] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [vhsxina] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [tuoccjq] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [plbfflw] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [swmajvs] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [hruuqlc] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [wotxpre] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qkhmwom] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [rvnsahx] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [xnrvcrj] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [tknguid] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gpvgund] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qxxkepi] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ytkvhmq] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gsstymm] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [rstwbla] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [jhnkjep] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [dxyiqfm] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qjrxpuh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [mmwramp] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [caekrqv] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [bjwrxka] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [itquofg] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [msatlhh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [dwfwspw] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gbsdjff] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [uomrqpq] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ffcyqxh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ubnlcwt] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [vwkntha] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [swwlenc] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ivfjivu] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [yqiivqw] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [kprtkfp] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [qbuxuey] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [bqoxgfi] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [riwrtxk] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [uycxpuf] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ocevmch] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [xoyekqp] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [dxbqjxf] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ipeolat] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [xopfcga] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ldeclbn] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [uovaaoj] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [vfgxxvp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [lrhccki] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [cllxxdp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [sqytkoc] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [uesqxns] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [twndmrd] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [kodxnph] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [sksuyoh] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [alqkhrl] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [evpybob] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [dkooetp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [iohmlhy] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ujyspkq] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [hipqyaa] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ooyrmpm] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ludowls] c:\windows\qgigasq.exe
=============
Reboot and post a new hijackthis log and the log from Ewido.
Download LSPFix from http://www.cexx.org/lspfix.zip and run it.
Check the I know what I'm doing box.
In the Keep box you should see one or more instances of the following files.
flsmngr.dll
Select every instance of this file, but no others, and move each one to the Remove box by clicking the >> button.
When you are done click Finish>>.
=============
Please download ewido security suite it is a trial version of the program.
- Install ewido security suite
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch ewido, there should be an icon on your desktop double-click it.
- The program will now go to the main screen
You will need to update ewido to the latest definition files.- On the left hand side of the main screen click update
- Then click on Start Update
The update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/
Once the updates are installed do the following:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- While the scan is in progress you will be prompted to clean files, click OK
- When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop.
Now close ewido security suite.=============
Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:
O4 - HKCU\..\Run: [mcplkev] c:\windows\bkhaook.exe
and all lines in between these two.
O4 - HKCU\..\Run: [ludowls] c:\windows\qgigasq.exe
=============
Reboot and post a new hijackthis log and the log from Ewido.
Ewido:
ewido security suite - Scan report
+ Created on: 2:05:21 AM, 7/13/2005
+ Report-Checksum: 4FE2EA37
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
:mozilla.8:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.12:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.13:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.14:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.18:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.19:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.20:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.24:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.28:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.41:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.55:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.65:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.66:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.67:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.68:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.69:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.70:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.71:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Excite : Cleaned with backup
:mozilla.75:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.81:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.82:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.8:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.19:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.36:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.39:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.40:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.41:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.42:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.43:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.47:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.58:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.78:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.80:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.81:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.82:C:\Documents and Settings\David\Application Data\Netscape\NSB\Profiles\7gpr07pb.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5157872c-4281f39c.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4235d44a-58d831b7.zip/Beyond.class -> TrojanDropper.Beyond.g : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\WINDOWS\system32\flsmngr.dll -> Spyware.Searcher : Cleaned with backup
::Report End
HiJACK this:
Logfile of HijackThis v1.99.1
Scan saved at 2:06:44 AM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
D:\gcasServ.exe
D:\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\bkhaook.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\David\Desktop\hijackthis_199\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.excite.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [gcasServ] "D:\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120789196578
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
I have noticed, netscape browser never has the problem with the www.w-find blah blah blah.com browser hijack and it doesnt have the 3 porn sites in the favorites.
Do you think I should just delete Internet Explorer??
Hopefully we can fix it without doing that.
Please submit this file to http://virusscan.jotti.org/ and let me know what you get back.
C:\windows\bkhaook.exe
Reboot once and post a new hijackthis log.
Service load:
0% 100%
File: bkhaook.exe
Status:
INFECTED/MALWARE
MD5 27d9b76b224fdd83c8337a360cd55850
Packers detected:
UPX
Scanner results
AntiVir
Found TR/StartPage.LQ
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found BehavesLike:Trojan.StartPage (probable variant)
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found a variant of Win32/StartPage
Norman Virus Control
Found W32/Startpage.BHO
UNA
Found nothing
VBA32
Found Trojan.StartPage.3 (probable variant)
They all came back today on the hijack this log! Im going to "fix" them this time, and let you know what happens.
Also I tried to delete bkhaook.exe again. It won't allow me too for some reason.
I think this file is causing it all, because it was created June 15, at 2:10pm, the time when everything went haywire.
Logfile of HijackThis v1.99.1
Scan saved at 4:14:46 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
D:\gcasServ.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Documents and Settings\David\Desktop\hijackthis_199\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.excite.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [gcasServ] "D:\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120789196578
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
Download KillBox and unzip it to your desktop.
http://www.downloads.subratam.org/KillBox.zip
Open Killbox and select the Delete on reboot option.
Copy and paste the following file to the field labeled "Full path of file to delete"
C:\windows\bkhaook.exe
Press the Delete button (the button that looks like a red circle with a white X in it).
A first dialog box will ask if you want to delete the file on reboot, press the YES button.
A second dialog box will ask you if you want to REBOOT now. Press the YES button.
Your computer will reboot.
Now let's take a closer look using a different type of log.
Download rkfiles.zip
http://skads.org/special/rkfiles.zip
Unzip the contents to a permanent folder.
Reboot your computer into Safe Mode
Doubleclick rkfiles.bat
It will scan for a while, so please be patient.
Wait till the DOS window closes and reboot back to normal mode.
Post the contents of C:\log.txt in your next reply.