Opened a strange email and now my computer is messed up[inactive]

HelpME123

Origional post link below http://www.short-media.com/forum/showthread.php?t=51479

My Norton Internet security updates won't download and when I try to update my Spybot search and Destroy, it fails. I think something is blocking them. I opened a strange email on my Myspace accont a week or so ago, and it contained a virus I think which started this whole problem. Everything I have tried has failed...



New Hikack this log file below:

Logfile of HijackThis v1.99.1
Scan saved at 8:14:03 AM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\David\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://E:\Installers\AuthorwareWebPlayer\awswax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120789196578
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

jmoney3457

helpme, I deleted your old thread please stick with this one from now on but in the future please stick with your original thread until it's resolved to avoid confusion and such...1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

HelpME123

Here's the new log file. It's pretty nasty looking! It's 67253 characters long! I'll send it in pieces



David - 06-11-13 19:50:56.96 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\David\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-13 to 2006-11-13 ))))))))))))))))))))))))))))))))))


2006-11-09 19:26 121,856

---

C:\WINDOWS\system32\xmllite.dll
2006-10-27 15:09 6,049,280

---

C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688

---

C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752

---

C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736

---

C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a

---

C:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:05 206,336

---

C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:58 61,952

---

C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288

---

C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752

---

C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928

---

C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-13 19:49

---

d

---

C:\Program Files\Mozilla Firefox
2006-11-13 19:41

---

d

---

C:\Program Files\ewido anti-malware
2006-11-09 19:35

---

d

---

C:\Program Files\Common Files\Symantec Shared
2006-11-09 19:29

---

d

---

C:\Program Files\Internet Explorer
2006-11-01 18:35

---

d

---

C:\Program Files\Symantec Technical Support
2006-11-01 14:45

---

d

---

C:\Program Files\Norton Internet Security
2006-11-01 14:40

---

d

---

C:\Documents and Settings\David\Application Data\WholeSecurity
2006-10-31 20:34

---

d

---

C:\Program Files\Windows Defender
2006-10-31 20:34

---

d

---

C:\Program Files\SymNetDrv
2006-10-31 20:34

---

d

---

C:\Program Files\QuickTime
2006-10-30 23:35

---

d

---

C:\Program Files\Common Files
2006-10-27 15:09 413696 --a

---

C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a

---

C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a

---

C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a

---

C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a

---

C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a

---

C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a

---

C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a

---

C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a

---

C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a

---

C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a

---

C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a

---

C:\WINDOWS\system32\ieakui.dll
2006-10-17 13:06 78336 --a

---

C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a

---

C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 --a

---

C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a

---

C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a

---

C:\WINDOWS\system32\corpol.dll
2006-10-17 12:57 36352 --a

---

C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 --a

---

C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a

---

C:\WINDOWS\system32\mshtmler.dll
2006-10-10 17:10

---

d

---

C:\Program Files\Symantec
2006-09-15 21:52 91904 --a

---

C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 21:52 124016 --a

---

C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-13 00:01 1084416 --a

---

C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:43 22752 --a

---

C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 10:45 617472 --a

---

C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a

---

C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a

---

C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a

---

C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WebCamRT.exe"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"AGRSMMSG"="AGRSMMSG.exe"
"VAIO Recovery"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package Menu.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package Menu.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~3\\SonyTray.exe "
"item"="Picture Package Menu"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Picture Package VCD Maker.lnk"
"backup"="C:\\WINDOWS\\pss\\Picture Package VCD Maker.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~1\\RESIDE~1.EXE -h"
"item"="Picture Package VCD Maker"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="reminder"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\reminder.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Quick-Drop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Ulead Systems\\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\\Ulead Quick-Drop 1.0\\Quick-Drop.exe\" WINDOWCALL"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="surveysa"
"hkey"="HKLM"
"command"="c:\\program files\\sony\\vaio survey\\surveysa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis entries set to ignore ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

O4 - HKCU\..\Run: [xbjkeuj] c:\windows\txkkxrk.exe
O4 - HKCU\..\Run: [offkerq] c:\windows\txkkxrk.exe
O4 - HKCU\..\Run: [clmqiea] c:\windows\txkkxrk.exe
O4 - HKCU\..\Run: [oebgdps] c:\windows\txkkxrk.exe
O4 - HKCU\..\Run: [txxtipi] c:\windows\txkkxrk.exe
O4 - HKCU\..\Run: [qhobefh] c:\windows\txkkxrk.exe
O4 - HKCU\..\Run: [vdkheyn] c:\windows\txkkxrk.exe
O4 - HKCU\..\Run: [otwynqx] c:\windows\txkkxrk.exe
O4 - HKCU\..\Run: [ivixjil] c:\windows\txkkxrk.exe
O4 - HKCU\..\Run: [rvrxkcu] c:\windows\txkkxrk.exe
O4 - HKCU\..\Run: [desocfa] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [ixxadfu] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [pvevkck] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [pparbkw] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [wnbjngf] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [cqqrxbj] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [igmnoro] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [kuevqaf] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [iuxqtpf] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [egjiqlm] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [jkjnhra] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [xbipebx] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [hoiibbj] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [lkbnkfn] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [ycpldoj] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [bgxnhfw] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [fwvkgbu] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [snxsmji] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [adyuuox] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [cypgstv] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [ehikyvd] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [ymcpncx] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [dhuhirh] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [ceoyype] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [drpwric] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [ircrxim] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [wcxjfjb] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [almtxyo] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [ejiubxj] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [pbtnser] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [dbcptsp] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [wsacqpt] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [oviyyod] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [duxhblr] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [xfuedip] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [yhqfcnd] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [cwqlvqu] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [fnwfavn] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [ymygncv] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [cshqmak] c:\windows\dvreuhj.exe
O4 - HKCU\..\Run: [oaiyofo] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [eicsyuw] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [ybsdimm] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [wdevgcb] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [jrjrcnc] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [oompvki] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [pahucdw] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [jojvyqi] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [nbtpspy] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [uyppmtc] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [htgutsw] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [xsebcyn] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [xvbphbd] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [xniqfuw] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [ipbpqbc] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [wehmxos] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [mhcwdpr] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [ahwhgnx] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [dtauidd] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [cruaujp] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [lbwknhl] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [gkvbtvm] c:\windows\kvpfoif.exe
O4 - HKCU\..\Run: [gfospwv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vlhxmpr] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vdakdrp] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kgnlbkq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jjijbai] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [agttmxh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sxjjbmj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ejcibng] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dokappc] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kmvtyjm] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rubnoqt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bltrfid] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [glcvltf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sqakldq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uucqpbn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aevvhrb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vhwoyac] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [eqikbex] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hssieob] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rhqyjjg] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [obkaspa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pygyrcy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gvcktfa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nlckrpk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [sfykwhx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [tkegddo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gctmmxa] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wclhcke] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nqechga] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [neevhfl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hpqjfrh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jpcucfw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [istqpco] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xrrgjps] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yenjten] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vayudah] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qegnqsl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mpggcdy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xrtvebi] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [tboctcg] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pypjmja] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jtdiuyl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qlbquob] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hckysgh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vjwpnmn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nacdtpe] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bvconul] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mbtphll] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vrcrwpd] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ygvaguj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imesyjj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nilnhxw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [fmnrnkj] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vlcgumi] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kaaxpjl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vtiyndq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rgwqipv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [shxrjux] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [waiieou] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [loflrnf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imreltb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rlrbovm] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mdqrlaq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [vfibsrh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yqbmjmx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [piolrug] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [awtvxfc] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nmgaacl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bagkedq] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hyhueui] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rmsfpwt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xjiylfv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aoqiqwf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rewgmve] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [fcicjdl] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uuprtha] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [meewoof] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bggopsh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ekviebx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gaieomf] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [jhbiwsk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ebxryad] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wuqlebn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xathsnn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [exqysmo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [lytcsam] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [yhdkxmv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kwughxh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [atwqvld] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hqqfbpk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ehbtosk] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dnrvatv] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xtddqrt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [bfdxdgt] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wtmican] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rpqeeqh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [cnvolsd] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kycyoay] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dyllkor] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [dprscra] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wvgvojo] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [llnkifp] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ronnpjn] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xqfdbip] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gvyfpsw] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [wjdyeti] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [nlpkcci] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [imrlrmh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [pxtnrcu] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [hmcppsh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uqowvev] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [mliqdhu] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [ioivkyy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [grqwhox] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [cjxbpov] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rgxxadb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [uktsiwh] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [lqxkcvr] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [oypvxxy] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [kfhjxns] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [oeksxlx] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [aclghhs] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [gqoimge] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [rvefleb] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [qllwwds] c:\windows\tchyrhm.exe
O4 - HKCU\..\Run: [xunlwkx] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [sxenjwm] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [veafspt] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [vexmvoy] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [fplbdtg] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [bwgjilr] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ydefsvr] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ofkqtmx] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [xlaghud] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ykmvwkk] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ebjnyjd] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [tbmucrw] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [yddfpkq] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [togaquf] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [jhwavsa] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [tguoqrd] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [jeeyuvo] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [ciiahqj] c:\windows\hitxxqx.exe
O4 - HKCU\..\Run: [gvnsrnx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [udttxxa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ibbulnt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vkluosy] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cuprrjg] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ocwttie] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [fsmcbdl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ulolbxq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tsjdgsh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kxfiywa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [gvevmma] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [hvjsgda] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [qstussd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lkvtlcf] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [pwqmfxd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bvlheso] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [mebptxq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wboeqhd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [smtuoqd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jqxchut] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [esfviyd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dvkjgmd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [hilaleh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [djvlgwh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [uuipifo] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nwyigxy] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [auuelbi] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rnmmcqk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ojbqylb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jbyeswk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tpuessa] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vuaauqp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rnyuhoj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ysloain] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [llqaxce] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ttqwrvx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jiebmih] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jnprlme] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [twfabcq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vlkgynl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ukqvnxe] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jwtnlsj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [msiynpi] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wcinvto] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wpqcfue] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [oufdhdx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bcnhdbu] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [swvvlfq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ksgmffv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [eokpecp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [trhgtat] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [jpobuwj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [whottyp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [yimpdhu] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ouifqxk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [whjwsqe] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lamqxfb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [gyqeybv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cylrbyv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [iywiqbo] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wrwfeyl] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tntdchk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [llprgmp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rgfqtxw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [lveeqve] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ueogqyd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ickrpub] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vfxqwei] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ajsrwte] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tsgkiav] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vatbjwt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kuxuiis] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rgfbutj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nixtivd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [neddpde] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tvpnvku] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [bdemskd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [agxbges] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [feyjivq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ckjiskr] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xfjldsq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kljodma] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xyeodeh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [avdxleh] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kuhwwuj] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [yjmmibg] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [akqekmd] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [tbpowws] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rbmlukp] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xnedkij] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vboeckr] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [fpybdyw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dpflyvs] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [nijaftb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [wvwptil] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [kcbdlqt] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [cinhjku] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vnlypnk] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [srvpjyb] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ybwmepx] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xwcpyju] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xgupqch] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [rihljkc] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [skgbqvw] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [xrhisik] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ljdgiyv] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [euecpjf] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [ulwcicq] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [dfaahea] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [vhwgols] c:\windows\ogsqmht.exe
O4 - HKCU\..\Run: [svcpxtx] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [fvfvqdm] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [hauonju] c:\windows\chvyxgb.exe
O4 - HKCU\..\Run: [ytbkuyg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [hsbyogo] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wqtooke] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [rxylypa] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [lvvjdvs] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yyorvtx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [wucaqtc] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [qxttvlj] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bgmjjve] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [dwdcoyj] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [elipwel] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [sphgfsq] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ldcpipw] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [rxuohcy] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [encpidi] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [vplfwgn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yndmwfg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [btgtxlb] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ubsxsnq] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [vxplcpn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [pagscdm] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [gkbauuc] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [xbaupob] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [yrxtoam] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [hrvypcf] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [cwtuvvh] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [itwxqti] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [uekeuhh] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [aeufpbd] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [nljevng] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bgcdsti] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ntiocvs] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [bnddfbx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [pidcnrr] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [mnvrdjo] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [fvayyoy] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ggpsmlp] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [utddwgg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [ojnutmx] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [tsnceui] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [aysosjn] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [gwcnhxw] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [allbjyg] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [moivxfa] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [orahoew] c:\windows\cbiaqkj.exe
O4 - HKCU\..\Run: [uovaaoj] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [vfgxxvp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [lrhccki] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [cllxxdp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [sqytkoc] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [uesqxns] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [twndmrd] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [kodxnph] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [sksuyoh] c:\windows\qgigasq.exe

HelpME123

O4 - HKCU\..\Run: [alqkhrl] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [evpybob] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [dkooetp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [iohmlhy] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ujyspkq] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [hipqyaa] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ooyrmpm] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ludowls] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [anacrua] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [tlnlita] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [icaysii] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [xkwxtxb] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [fhpvanb] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [ordapfh] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [kxgpscg] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [pqqsqjn] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [udpdcoe] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [qetdttx] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [dowajig] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [hjkjvaf] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [cngsjwx] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [vnufdsb] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [eugamjv] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [pokwpdc] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [akmmjjp] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [vbmtubl] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [iglqlwu] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [urfktxw] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [lwnyilt] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [yclkpwj] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [aqjcill] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [ykloopy] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [cpkdbfo] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [nfatkxx] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [pdkmigv] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [kkxqbjb] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [vsplwtb] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [qsvofgd] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [iolddvj] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [jiiruxd] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [gcxwrps] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [ryejost] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [ntmulaf] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [bibboxr] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [pvkvknl] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [ctiiwbe] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [gnwtntg] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [bgyglln] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [rblyuqe] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [vuxerox] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [mvecktc] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [rxpolxu] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [xhknswc] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [btjqbww] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [ugaooha] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [mfysylt] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [alamnul] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [bofkerb] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [pudkfqr] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [simqbay] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [hksyrcn] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [fltnsfq] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [rjhtvdl] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [qvyycma] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [dnhwaoo] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [swdqmjy] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [eenbydm] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [ludvfmr] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [lortufd] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [mjhijni] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [almiula] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [dxqqiox] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [mxtubxm] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [mgehghv] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [lujedpe] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [loabeky] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [natiyab] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [kmvvuif] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [nsvnkoi] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [locnslh] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [vsrefqs] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [jtgqehf] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [paprpdq] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [oaltnia] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [fpyxong] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [nuurgar] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [scjulia] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [uqfnhau] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [jvnjiaw] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [mhpqiur] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [desvxna] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [jubgfvy] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [jlrjukt] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [qifwiod] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [pmfwrqu] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [ctfuhac] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [eodkshi] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [ujpxjww] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [bjchrfc] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [swgbdni] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [vorjpht] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [jsfgent] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [snjxgsc] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [nucrxlb] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [hhpfktn] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [alswlfh] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [wdwevsj] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [qqxvgda] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [mddorno] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [areekcu] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [cfvljcw] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [ochtjhb] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [xkqqhlc] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [ptqmfwh] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [rphaqbx] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [nrtopkg] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [dknqnio] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [rnnvgyj] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [himnspw] c:\windows\tokhqxv.exe
O4 - HKCU\..\Run: [cxpmlel] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [ccdkokv] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [pcdlxhj] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [xjlfmjh] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [xurotjq] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [cwbaqus] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [abgrdyb] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [hsbryla] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [tjjlbds] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [imhljbf] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [mijlimu] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [ybfrmhr] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [ooomfjf] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [ytwksjg] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [tqsemio] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [negoald] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [jqiagad] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [cffcvvh] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [nuxmciq] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [apvulbq] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [grxravp] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [nmtfvtm] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [hjbfwqc] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [pmhbyjq] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [cjtjjff] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [ycekyof] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [piirgde] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [wevhnov] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [rphqwnn] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [scbfhim] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [usnyqhs] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [owkgdjx] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [qixucek] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [wuekvpn] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [ykmuvsu] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [llugovw] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [gyfaaan] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [anxbmcw] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [uthewbw] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [kxeslwk] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [mmfpngt] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [gdxutfh] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [ugxdtkj] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [hmodbel] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [wpeixwu] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [eshcavt] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [wirfsfe] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [wtihjnm] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [qaugesh] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [tocgcce] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [nupnuww] c:\windows\ipvvoiq.exe
O4 - HKCU\..\Run: [kjwmqtc] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [jrqclou] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qmjwkfa] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qsbgqpq] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [jggkxsg] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [qhcdupp] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [tedoafp] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [fulfhon] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [xkotprk] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [ktevoif] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [hmfyibj] c:\windows\lljfiub.exe
O4 - HKCU\..\Run: [wxohjiq] c:\windows\lgsxoke.exe
O4 - HKCU\..\Run: [yrgxcbm] c:\windows\lgsxoke.exe
O4 - HKCU\..\Run: [sjlwtgr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [cawbllg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [itcblfc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ridwqwi] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gxwytbs] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [chfursj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ifrmuxg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [wwvtcix] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gwoowln] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fxmcfjv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [worenva] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xscbswt] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [duvjdjw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qoncvit] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [karugjv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [cgiveeb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ppllhhe] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [exmgtlt] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ptbowdp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qjechhw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [nddiueu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [dmnniwy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hafgkhy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ycusjrc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xvwjsbq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kecnhba] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jhdlxrp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kfnysvd] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vsnsqtm] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fcjpmbr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vkutnbw] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ecdmxuy] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lqdsrpi] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ggufupm] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pesajdg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gefnocj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qgjakyc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kckahrs] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [nsekjyo] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [owwefee] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lqcqsdu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [yhiyvyg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jstriyr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [peyllgb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pynhvxf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [flgtjvu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [opxjxiu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [oempraq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ngbpeja] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [qtstpyj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jnfvkuv] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fyhffge] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [mwifkjn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vruhbwr] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [rwtusjb] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vkdkalu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hnwwhma] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jrgwxtu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [afxbkah] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [gllduqf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [irpxqlc] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pughfff] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kqjbogp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pdqdxds] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [niaegbg] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [ammxjsp] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [itvvsyn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jgoihvd] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [fttgvrf] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [pfaulne] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [sdllucn] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [hvuyimu] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [eeguadk] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [jcgwaix] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [xfaxbdq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kckuxvl] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [kgspgek] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [usteytj] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [lvrmaaq] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [vwaeire] c:\windows\llsnnrf.exe
O4 - HKCU\..\Run: [drswwyj] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [cveunym] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [ytwjyov] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [apqedvr] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [nydffjp] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [mounhkn] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [sujivro] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bheliep] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bnylahq] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [osuwiqu] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [ugtmtaj] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [sbkuort] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [dbywnrd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rxnalvl] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [uavlsve] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [xjeulsk] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [udgqbwt] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rfvdtlw] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [wbaolvs] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [mypivhq] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [stakdpc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [csuhtcr] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [cndkjyl] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [outhgdv] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [nqervvc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [dvfnqqc] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [kpgdela] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [rwlxtrp] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [yxfiwut] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [fdloixu] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bkcvqtb] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [bjsdmtd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [aesatwd] c:\windows\lmuhjpq.exe
O4 - HKCU\..\Run: [uxmwpld] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ibiiive] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [olbtler] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [aqnbskq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pboblfa] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gxwbwmn] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hnynrqr] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [dufhemb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [oyctuyt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ektwndo] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [jrogtti] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hvfgjqq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [atabbxs] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [rcygqrb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [nyohmoe] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gsapmnu] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [jnxqtni] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [cxxfwdt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hegaack] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pjalrrd] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bcyiatt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [mdivglp] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ubebedj] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [tfdoyrt] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bhgjntx] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ccswknv] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ebvtjgg] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [mmoboyl] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [tnvdwbv] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [hgkwrbe] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [rliteuu] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pakqctw] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ibdirgj] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [ufuvmnb] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [bcdebsc] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [pakfqdq] c:\windows\rykgbwn.exe
O4 - HKCU\..\Run: [gashwmx] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [yudrerb] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [rwgtito] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [iilvsmr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [soqnwth] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [afbadhy] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [gaxbtir] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [qjyywrc] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [anywppm] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [bqmwuxq] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [fgmhapb] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [iqcvamx] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [ohlpbbc] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [nslwadr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [vnhlbjr] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [mnmqubq] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [aohvbee] c:\windows\qxohgwx.exe
O4 - HKCU\..\Run: [mjepgpt] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [jvloxrc] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [mehedsn] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [soedgst] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [dkdpchq] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [hqqxqly] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [bhyvxwv] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [uulajvi] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [wqaukta] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [jmdrdfb] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [briajri] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [xrbwuqc] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [dxulwsh] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [ikcjkev] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [nfsdunq] c:\windows\nwquxsv.exe
O4 - HKCU\..\Run: [jmmfbfc] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [lledvbl] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bajhblm] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jryiggo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [cgwwvyi] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bplcscf] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [kgdgjav] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jnhdquj] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [rjabvqv] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [mptpegn] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hexwaqn] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ksmqafs] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [qaxojgg] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hxnrmld] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [hhsfisg] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [xvmsnwd] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ixvxpst] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [onqjtga] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [qeqppns] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [fudpssf] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [lrwlxcb] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [orinehe] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [rxresqp] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [tebtfdq] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [pxggkri] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ckdqrls] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ifvrgyl] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [aeqnule] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [ohvwdga] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [woukhyq] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [iiwdfxs] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [jccvexj] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [sypauhx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [daijkra] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [wskniuo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [cfduhbt] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [socccbe] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [swupnfo] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [bvskmsx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [wdmnmti] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [qdalmwg] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [qymqbps] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [rfpdgwb] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [dngqvka] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [hnhmyeh] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [paqgivk] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [ndlrykf] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [fhdmeni] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [gfrkpmk] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [iujrerv] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [ncvwmjm] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [greddja] c:\windows\wpexxxx.exe
O4 - HKCU\..\Run: [sinntyx] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [ohndhoi] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [rkgukbl] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [pdcltwk] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [rfsmssp] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [olxnxba] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [jlewmqb] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [spqdexr] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [whyahvm] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [qbdlrul] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [cdiyvch] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [xtgtnbf] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [egoiieh] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [nytpkpg] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [swomlls] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [grvmruo] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [rehkjfu] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [vnqepbw] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [ixeyjfi] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [bngpaso] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [obhvkku] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [fwcmgaf] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [tlccknt] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [xbjwhui] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [pimamtj] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [nocemxm] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [licsurm] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [dehbexn] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [xcuplby] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [wwlcfmo] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [wjwqwre] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [ofnebkp] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [ssdyomv] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [iiycxye] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [qvlqvmn] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [fkgfqgu] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [xhtxhxx] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [hardhnb] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [sxdkiov] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [xkkhssp] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [vvjmypi] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [ndabvwb] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [kauleia] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [goyjtsp] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [ycjdife] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [plxtrml] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [yidddnp] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [upajrib] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [npxnmqe] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [tqhxggd] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [hhqjkri] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [guayoys] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [fljljgm] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [lttavsr] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [qxevpra] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [uqbqegj] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [xndwlid] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [dtgfktr] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [fiqvdxt] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [bbwpucp] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [lxcwpqa] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [wuaiiss] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [xbrccak] c:\windows\hyyvstp.exe
O4 - HKCU\..\Run: [clqdpny] c:\windows\vjvcsot.exe
O4 - HKCU\..\Run: [qiawikc] c:\windows\vjvcsot.exe
O4 - HKCU\..\Run: [ldlages] c:\windows\vjvcsot.exe
O4 - HKCU\..\Run: [yxmbnob] c:\windows\vjvcsot.exe
O4 - HKCU\..\Run: [kkbbuag] c:\windows\vjvcsot.exe
O4 - HKCU\..\Run: [sgwxqvt] c:\windows\vjvcsot.exe
O4 - HKCU\..\Run: [gghsgew] c:\windows\vjvcsot.exe
O4 - HKCU\..\Run: [ykhcbde] c:\windows\vjvcsot.exe
O4 - HKCU\..\Run: [ovrgbxl] c:\windows\vjvcsot.exe
O4 - HKCU\..\Run: [hgfwavl] c:\windows\vjvcsot.exe
O4 - HKCU\..\Run: [juqgkhu] c:\windows\vjvcsot.exe
O4 - HKCU\..\Run: [bfabgby] c:\windows\xodqbbs.exe
O4 - HKCU\..\Run: [fblmdtw] c:\windows\loplrjx.exe
O4 - HKCU\..\Run: [ifeosot] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [pnoayxx] c:\windows\ujwakjp.exe
O4 - HKCU\..\Run: [mqtrvwe] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [ucvnfah] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [dpyjrhi] c:\windows\rwsimbq.exe
O4 - HKCU\..\Run: [gukisxi] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [yihjvns] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [kbfoius] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [qkvhdyj] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [rfngxxi] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [ldyhwbq] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [xrmkgio] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [jkbomic] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [mqxxncw] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [vftxhjj] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [ffpnmdu] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [qhnqbwc] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [aymsubu] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [vpmnkar] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [liuanhb] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [nlnwplt] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [abtpiyq] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [asaupvs] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [fuhymdh] c:\windows\utyipvb.exe
O4 - HKCU\..\Run: [aawytvb] c:\windows\hbalrig.exe
O4 - HKCU\..\Run: [udfeyka] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qgmhbqt] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [usddech] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [tiaceil] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [cnjupkm] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [aoggsfo] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [mnlfxch] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [gfgkwds] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qnqinlx] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [bjjypjk] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [silcont] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [vwldeqm] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [qywnvmq] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [enccuem] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [pgjwoxa] c:\windows\swmqesd.exe
O4 - HKCU\..\Run: [tvftltk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hnqxfyb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ugqdtnr] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kmwjsgp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vtbyxfn] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [fycpbic] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [tsugyfp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [viewhwo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [dkutyxk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hiolwkk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [otmgnwr] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wmmexjx] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [objetqs] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ricrgke] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mhmlwuh] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [gnqnxhp] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qjcwhlo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ypawpra] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qbxnfpm] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [dsvpcsm] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [iyiocpu] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [gfggooj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ebnqfyk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [hsfwpge] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sevbgiq] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [emcunbw] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wiesder] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [wgisffc] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kshhmga] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [otfkunb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kqknsxv] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ltnluvf] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [biqyuix] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vxmhojj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [bfryfdv] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rglsrqh] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mmnftkb] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [lbduqqy] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [qfaebgk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rtjqhfk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [rduedyd] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ejjbpva] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sresbjo] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [perxhvj] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [pjxaxsg] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [vrqrqob] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ffkwhpx] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [sxkcjif] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [ealckko] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [kejjmep] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [mjpsxxk] c:\windows\ucuffxm.exe
O4 - HKCU\..\Run: [firulcl] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [elkblgo] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [gheqtpy] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [cekkklo] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [hdjywcg] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [ilglggx] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [kxacdfk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [amjyggw] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [lraskpp] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [sjijilc] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [eghhjrb] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [kgfvryk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [tfhqqvy] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [dkthnns] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [fmosifk] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [rscajsi] c:\windows\tudcwit.exe
O4 - HKCU\..\Run: [knenaoo] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [qvhqkja] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [vhsxina] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [tuoccjq] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [plbfflw] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [swmajvs] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [hruuqlc] c:\windows\uplyelp.exe
O4 - HKCU\..\Run: [wotxpre] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qkhmwom] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [rvnsahx] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [xnrvcrj] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [tknguid] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gpvgund] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qxxkepi] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ytkvhmq] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gsstymm] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [rstwbla] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [jhnkjep] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [dxyiqfm] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [qjrxpuh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [mmwramp] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [caekrqv] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [bjwrxka] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [itquofg] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [msatlhh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [dwfwspw] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [gbsdjff] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [uomrqpq] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ffcyqxh] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [ubnlcwt] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [vwkntha] c:\windows\gnvavrs.exe
O4 - HKCU\..\Run: [swwlenc] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ivfjivu] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [yqiivqw] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [kprtkfp] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [qbuxuey] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [bqoxgfi] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [riwrtxk] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [uycxpuf] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ocevmch] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [xoyekqp] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [dxbqjxf] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ipeolat] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [xopfcga] c:\windows\qltxnwy.exe
O4 - HKCU\..\Run: [ldeclbn] c:\windows\qgigasq.exe
O4 - HKCU\..\Run: [mwuaddm] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [tsedwto] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [pksmiuu] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [aavfgqh] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [lkcbnqc] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [wiimbvt] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [ydaeajj] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [ghrlyea] c:\windows\bkhaook.exe
O4 - HKCU\..\Run: [rbmsmvs] c:\windows\hxuesti.exe
O4 - HKCU\..\Run: [fbdvchs] c:\windows\hxuesti.exe
O4 - HKCU\..\Run: [gamwlli] c:\windows\xyqboio.exe
O4 - HKCU\..\Run: [rapuktc] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [ksgykgx] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [vfhuaau] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [avcentd] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [qykapqq] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [equauet] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [xfsobsk] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [tsanvca] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [pnsbcnf] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [bmbnucs] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [easfuwv] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [xyrykwt] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [rchybis] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [dxacqoc] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [fvokmko] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [gssphdu] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [dvrvuce] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [dsadjpw] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [enptehs] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [veamkwu] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [nbbhecd] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [osnggvt] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [mbbbxra] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [fmfeygd] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [dqotnpp] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [xpttrgi] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [kxqoytj] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [jqrapdr] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [uklgcyo] c:\windows\tlrmklg.exe
O4 - HKCU\..\Run: [udknkpg] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [ecmqmjp] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [pgngevw] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [gnryuan] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [gynwfip] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [pdnfshw] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [qlbsyfh] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [xhoipiq] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [cdqdneo] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [glorqge] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [hafjryj] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [sxlhgol] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [aisnhwy] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [voeimlb] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [qchmaqw] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [puljcfd] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [lwmufur] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [olggisx] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [wjxvlsp] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [owcfsal] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [hikwtis] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [kxgdpwj] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [yidjywn] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [jgnpkmr] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [nuebpgl] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [gghivfd] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [kvoiqne] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [mpslvie] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [anmrjks] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [cjmuiwk] c:\windows\qwimtiq.exe
O4 - HKCU\..\Run: [sptckdo] c:\windows\qwimtiq.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1093056498.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - David.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job

Completion time: 06-11-13 19:52:04.98
C:\ComboFix.txt ... 06-11-13 19:52

jmoney3457

yes it is..that's the longest combofix log i've ever seen lol...Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

HelpME123

SmitFraudFix v2.120

Scan done at 11:45:25.84, 06-11-13
Run from C:\Documents and Settings\David\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

jmoney3457

Please download VundoFix.exe
to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

HelpME123

it says not files were found upon completion of the scan

HelpME123

Here's a new hojack this
Logfile of HijackThis v1.99.1
Scan saved at 02:06, on 06-11-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\David\LOCALS~1\Temp\Temporary Directory 8 for hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://E:\Installers\AuthorwareWebPlayer\awswax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120789196578
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

jmoney3457

Please do an online scan with Panda ActiveScan [must use IE for this scan]

- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
post back panda/hjt logs

HelpME123

Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\Cache\633285D9d01[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\Cache\633285D9d01[SmitfraudFix/swsc.exe]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.zedo.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.atwola.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.overture.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.go.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.seeq.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.target.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e55yc8ad.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1tl19oky.slt\cookies.txt[.go.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\David\Cookies\david@adultfriendfinder[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\David\Cookies\david@atwola[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\David\Cookies\david@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\David\Cookies\david@belnk[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\David\Cookies\david@ccbill[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\David\Cookies\david@dist.belnk[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\David\Cookies\david@drivecleaner[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\David\Cookies\david@gostats[1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\David\Cookies\david@outster[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\David\Cookies\david@searchportal.information[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\David\Cookies\david@stats.drivecleaner[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\David\Cookies\david@toplist[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\David\Cookies\david@webpower[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\David\Cookies\david@www.drivecleaner[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\David\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\Documents and Settings\David\Desktop\SmitfraudFix\SmitfraudFix\swsc.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\David\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\Documents and Settings\David\Desktop\SmitfraudFix.zip[SmitfraudFix/swsc.exe]

jmoney3457

next delete the smitfraud fix folder helpme then do this..You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
    
• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot back into Normal Mode please post back the AVG log and new HJT log

jmoney3457

While we appreciate that you may be busy, it has been 7 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum

If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead