TheTechGuide Forum
General Category => Tech Clinic => Topic started by: EchoStarter on May 08, 2005, 12:38:36 PM
-
Hey I'm not really too computer savvy, but, I'm pretty sure that there's something wrong with my comp.
A month ago, my comp got infected with a virus. I didn't get to really fix it until recently because I didn't have an anti-virus. The main problem among others was that I couldn't right-click, my display settings were locked, and my desktop icons other than My Computer, Network Places, My Documents, Recycle Bin, and Outlook Express would duplicate itself. Right now my desktop wallpaper is some sort of interactive background that links me SmartSecurity.com... Oh, and at every restart, there would be like 500 applications opening... I have no idea why.
So I got Norton Anti-Virus and scanned my comp. It picked up a lot of viruses, contained them, and deleted them. I restarted, rescanned to make sure. It picked up 3 or 4 more lying around. repeated the proccess until it no longer picked up any. But, the main problem still remains. Display settings still locked, right-click still locked, and duplications still occur. The 500 application doesn't happen anymore though.
I tried to look through Add/Remove Programs to see if there was anything that might've been the cause... Nothing seemed too suspicious because I remember installing all of them, except for one. I'm thinking one might be the cause. It's called Winds 2.4 because I don't remember that being there before. Does anyone know what the problem may be? or know what Winds 2.4 is?
Here's the HiJack This log (i think most of those 04 files were the 500 apps that kept opening):
Logfile of HijackThis v1.99.1
Scan saved at 1:13:34 PM, on 5/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s (http://\"http://targetclicks.net/srch.php?qq=%s\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: (no name) - {40ACD919-DB90-4CC0-9D95-528CF4DF874C} - blank (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Name - {8C963C86-B8D8-4921-A841-D232D3F52B90} - blank (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Name - {DAF6B36E-6BF4-49A1-AF2D-79A8C6A74B2B} - blank (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [scvhost] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Dha] C:\WINDOWS\Cth.exe
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\Run: [Rei] C:\WINDOWS\System32\Gkn.exe
O4 - HKLM\..\Run: [Hic] C:\WINDOWS\Tdh.exe
O4 - HKLM\..\Run: [Jqd] C:\WINDOWS\System32\Vmk.exe
O4 - HKLM\..\Run: [Vkq] C:\WINDOWS\Hhc.exe
O4 - HKLM\..\Run: [Ijh] C:\WINDOWS\System32\Tib.exe
O4 - HKLM\..\Run: [Jel] C:\WINDOWS\System32\Rrb.exe
O4 - HKLM\..\Run: [Bli] C:\WINDOWS\System32\Gce.exe
O4 - HKLM\..\Run: [Aeg] C:\WINDOWS\Pre.exe
O4 - HKLM\..\Run: [Irn] C:\WINDOWS\Nls.exe
O4 - HKLM\..\Run: [Jej] C:\WINDOWS\System32\Abn.exe
O4 - HKLM\..\Run: [Iej] C:\WINDOWS\Bpb.exe
O4 - HKLM\..\Run: [Kbs] C:\WINDOWS\Tli.exe
O4 - HKLM\..\Run: [Jsc] C:\WINDOWS\Foh.exe
O4 - HKLM\..\Run: [Ukb] C:\WINDOWS\System32\Cir.exe
O4 - HKLM\..\Run: [Fka] C:\WINDOWS\System32\Aer.exe
O4 - HKLM\..\Run: [Ouu] C:\WINDOWS\Ulg.exe
O4 - HKLM\..\Run: [Lol] C:\WINDOWS\System32\Tcm.exe
O4 - HKLM\..\Run: [Rlk] C:\WINDOWS\Lsc.exe
O4 - HKLM\..\Run: [Vhp] C:\WINDOWS\System32\Usd.exe
O4 - HKLM\..\Run: [Psv] C:\WINDOWS\Usm.exe
O4 - HKLM\..\Run: [Hml] C:\WINDOWS\System32\Vts.exe
O4 - HKLM\..\Run: [Nnu] C:\WINDOWS\System32\Tak.exe
O4 - HKLM\..\Run: [Edf] C:\WINDOWS\System32\Ree.exe
O4 - HKLM\..\Run: [Dbo] C:\WINDOWS\System32\Rhq.exe
O4 - HKLM\..\Run: [Jui] C:\WINDOWS\Sem.exe
O4 - HKLM\..\Run: [Enm] C:\WINDOWS\System32\Ana.exe
O4 - HKLM\..\Run: [Msb] C:\WINDOWS\System32\Cuc.exe
O4 - HKLM\..\Run: [Lrp] C:\WINDOWS\Gjf.exe
O4 - HKLM\..\Run: [Mgg] C:\WINDOWS\System32\Noo.exe
O4 - HKLM\..\Run: [Mpi] C:\WINDOWS\System32\Faq.exe
O4 - HKLM\..\Run: [Dvt] C:\WINDOWS\Onm.exe
O4 - HKLM\..\Run: [Teg] C:\WINDOWS\System32\Rui.exe
O4 - HKLM\..\Run: [Uvo] C:\WINDOWS\Btt.exe
O4 - HKLM\..\Run: [Hdl] C:\WINDOWS\System32\Qul.exe
O4 - HKLM\..\Run: [Lfl] C:\WINDOWS\System32\Hsl.exe
O4 - HKLM\..\Run: [Qcg] C:\WINDOWS\Cni.exe
O4 - HKLM\..\Run: [Ejb] C:\WINDOWS\System32\Eju.exe
O4 - HKLM\..\Run: [Mek] C:\WINDOWS\Rec.exe
O4 - HKLM\..\Run: [Iod] C:\WINDOWS\Sfl.exe
O4 - HKLM\..\Run: [Eec] C:\WINDOWS\System32\Cjr.exe
O4 - HKLM\..\Run: [Dhb] C:\WINDOWS\System32\Por.exe
O4 - HKLM\..\Run: [Nen] C:\WINDOWS\System32\Pcq.exe
O4 - HKLM\..\Run: [Eja] C:\WINDOWS\System32\Rgn.exe
O4 - HKLM\..\Run: [Mie] C:\WINDOWS\System32\Ece.exe
O4 - HKLM\..\Run: [Omh] C:\WINDOWS\Rrb.exe
O4 - HKLM\..\Run: [Hrv] C:\WINDOWS\System32\Kuu.exe
O4 - HKLM\..\Run: [Hub] C:\WINDOWS\Tkm.exe
O4 - HKLM\..\Run: [Dvs] C:\WINDOWS\Obr.exe
O4 - HKLM\..\Run: [Fqr] C:\WINDOWS\Haj.exe
O4 - HKLM\..\Run: [Doi] C:\WINDOWS\Vml.exe
O4 - HKLM\..\Run: [Chb] C:\WINDOWS\Hqp.exe
O4 - HKLM\..\Run: [Bmg] C:\WINDOWS\System32\Nsr.exe
O4 - HKLM\..\Run: [Tfo] C:\WINDOWS\System32\Kat.exe
O4 - HKLM\..\Run: [Ncf] C:\WINDOWS\System32\Ppp.exe
O4 - HKLM\..\Run: [Bbu] C:\WINDOWS\System32\Ktf.exe
O4 - HKLM\..\Run: [Jgv] C:\WINDOWS\Rvk.exe
O4 - HKLM\..\Run: [Pef] C:\WINDOWS\Bcp.exe
O4 - HKLM\..\Run: [Ial] C:\WINDOWS\Mpn.exe
O4 - HKLM\..\Run: [Rpt] C:\WINDOWS\Rac.exe
O4 - HKLM\..\Run: [Pou] C:\WINDOWS\Mjt.exe
O4 - HKLM\..\Run: [Mrs] C:\WINDOWS\System32\Ksn.exe
O4 - HKLM\..\Run: [Akn] C:\WINDOWS\System32\Uau.exe
O4 - HKLM\..\Run: [Sdm] C:\WINDOWS\System32\Mbc.exe
O4 - HKLM\..\Run: [Fch] C:\WINDOWS\Cmk.exe
O4 - HKLM\..\Run: [Dbk] C:\WINDOWS\System32\Bkq.exe
O4 - HKLM\..\Run: [Moh] C:\WINDOWS\Mbc.exe
O4 - HKLM\..\Run: [Pga] C:\WINDOWS\System32\Qqb.exe
O4 - HKLM\..\Run: [Lmj] C:\WINDOWS\Meq.exe
O4 - HKLM\..\Run: [Uhe] C:\WINDOWS\System32\Riu.exe
O4 - HKLM\..\Run: [Qgf] C:\WINDOWS\Tto.exe
O4 - HKLM\..\Run: [Dgk] C:\WINDOWS\System32\Iai.exe
O4 - HKLM\..\Run: [Knq] C:\WINDOWS\System32\Ntn.exe
O4 - HKLM\..\Run: [Mnk] C:\WINDOWS\System32\Ica.exe
O4 - HKLM\..\Run: [Cii] C:\WINDOWS\System32\Vce.exe
O4 - HKLM\..\Run: [Ups] C:\WINDOWS\System32\Bba.exe
O4 - HKLM\..\Run: [Sng] C:\WINDOWS\System32\Cat.exe
O4 - HKLM\..\Run: [Pfl] C:\WINDOWS\System32\Dcr.exe
O4 - HKLM\..\Run: [Ivd] C:\WINDOWS\System32\Ith.exe
O4 - HKLM\..\Run: [Fuv] C:\WINDOWS\System32\Ucg.exe
O4 - HKLM\..\Run: [Btg] C:\WINDOWS\Hlb.exe
O4 - HKLM\..\Run: [Ugg] C:\WINDOWS\System32\Ukj.exe
O4 - HKLM\..\Run: [Nal] C:\WINDOWS\System32\Ocg.exe
O4 - HKLM\..\Run: [Roa] C:\WINDOWS\System32\Odf.exe
O4 - HKLM\..\Run: [Jhi] C:\WINDOWS\System32\Orf.exe
O4 - HKLM\..\Run: [Doh] C:\WINDOWS\Occ.exe
O4 - HKLM\..\Run: [Phl] C:\WINDOWS\System32\Fks.exe
O4 - HKLM\..\Run: [Jcn] C:\WINDOWS\System32\Elk.exe
O4 - HKLM\..\Run: [Gfs] C:\WINDOWS\Iul.exe
O4 - HKLM\..\Run: [Ahf] C:\WINDOWS\Abi.exe
O4 - HKLM\..\Run: [Aje] C:\WINDOWS\System32\Qgc.exe
O4 - HKLM\..\Run: [Cev] C:\WINDOWS\System32\Onk.exe
O4 - HKLM\..\Run: [Pfo] C:\WINDOWS\System32\Ees.exe
O4 - HKLM\..\Run: [Pjk] C:\WINDOWS\Uhp.exe
O4 - HKLM\..\Run: [Dhu] C:\WINDOWS\System32\Pto.exe
O4 - HKLM\..\Run: [Gst] C:\WINDOWS\System32\Gnb.exe
O4 - HKLM\..\Run: [Aeu] C:\WINDOWS\Uog.exe
O4 - HKLM\..\Run: [Hte] C:\WINDOWS\System32\Kdf.exe
O4 - HKLM\..\Run: [Uug] C:\WINDOWS\Hbl.exe
O4 - HKLM\..\Run: [Gpi] C:\WINDOWS\System32\Ckg.exe
O4 - HKLM\..\Run: [Csj] C:\WINDOWS\Qkm.exe
O4 - HKLM\..\Run: [Rih] C:\WINDOWS\Pva.exe
O4 - HKLM\..\Run: [Hqb] C:\WINDOWS\God.exe
O4 - HKLM\..\Run: [Rrm] C:\WINDOWS\System32\Tsj.exe
O4 - HKLM\..\Run: [Vvu] C:\WINDOWS\Vtv.exe
O4 - HKLM\..\Run: [Qee] C:\WINDOWS\System32\Ame.exe
O4 - HKLM\..\Run: [Vec] C:\WINDOWS\Qnn.exe
O4 - HKLM\..\Run: [Opp] C:\WINDOWS\System32\Gqo.exe
O4 - HKLM\..\Run: [Rcs] C:\WINDOWS\Lkt.exe
O4 - HKLM\..\Run: [Omc] C:\WINDOWS\System32\Ebc.exe
O4 - HKLM\..\Run: [Clg] C:\WINDOWS\System32\Gtd.exe
O4 - HKLM\..\Run: [Rkk] C:\WINDOWS\Eff.exe
O4 - HKLM\..\Run: [Jos] C:\WINDOWS\System32\Kal.exe
O4 - HKLM\..\Run: [Ofp] C:\WINDOWS\System32\Cmq.exe
O4 - HKLM\..\Run: [Vst] C:\WINDOWS\Jal.exe
O4 - HKLM\..\Run: [Nbd] C:\WINDOWS\Tdm.exe
O4 - HKLM\..\Run: [Nbr] C:\WINDOWS\System32\Hof.exe
O4 - HKLM\..\Run: [Ubo] C:\WINDOWS\System32\Skg.exe
O4 - HKLM\..\Run: [Dog] C:\WINDOWS\Psr.exe
O4 - HKLM\..\Run: [Qcs] C:\WINDOWS\Sls.exe
O4 - HKLM\..\Run: [Lkt] C:\WINDOWS\System32\Ksv.exe
O4 - HKLM\..\Run: [Occ] C:\WINDOWS\Nrt.exe
O4 - HKLM\..\Run: [Qqa] C:\WINDOWS\System32\Coa.exe
O4 - HKLM\..\Run: [Kri] C:\WINDOWS\System32\Tte.exe
O4 - HKLM\..\Run: [Mib] C:\WINDOWS\Tmj.exe
O4 - HKLM\..\Run: [Cbn] C:\WINDOWS\Gol.exe
O4 - HKLM\..\Run: [Rke] C:\WINDOWS\Tuh.exe
O4 - HKLM\..\Run: [Uin] C:\WINDOWS\Mpr.exe
O4 - HKLM\..\Run: [Efm] C:\WINDOWS\System32\Ist.exe
O4 - HKLM\..\Run: [Ptf] C:\WINDOWS\System32\Gpk.exe
O4 - HKLM\..\Run: [Klp] C:\WINDOWS\Atd.exe
O4 - HKLM\..\Run: [Fgc] C:\WINDOWS\System32\Oqp.exe
O4 - HKLM\..\Run: [Pbm] C:\WINDOWS\System32\Lsl.exe
O4 - HKLM\..\Run: [Rrb] C:\WINDOWS\Ick.exe
O4 - HKLM\..\Run: [Ffe] C:\WINDOWS\Mho.exe
O4 - HKLM\..\Run: [Cou] C:\WINDOWS\System32\Htf.exe
O4 - HKLM\..\Run: [Dpi] C:\WINDOWS\System32\Fvo.exe
O4 - HKLM\..\Run: [Dlu] C:\WINDOWS\System32\Vig.exe
O4 - HKLM\..\Run: [Ceb] C:\WINDOWS\Mbj.exe
O4 - HKLM\..\Run: [Ehc] C:\WINDOWS\Ceo.exe
O4 - HKLM\..\Run: [Qkf] C:\WINDOWS\Dtk.exe
O4 - HKLM\..\Run: [Kkc] C:\WINDOWS\System32\Ocd.exe
O4 - HKLM\..\Run: [Dft] C:\WINDOWS\System32\Hpc.exe
O4 - HKLM\..\Run: [Amf] C:\WINDOWS\Ceh.exe
O4 - HKLM\..\Run: [Gdi] C:\WINDOWS\System32\Ksv.exe
O4 - HKLM\..\Run: [Dlm] C:\WINDOWS\Rsj.exe
O4 - HKLM\..\Run: [Vta] C:\WINDOWS\Aia.exe
O4 - HKLM\..\Run: [Shi] C:\WINDOWS\Mhk.exe
O4 - HKLM\..\Run: [Akg] C:\WINDOWS\Tjg.exe
O4 - HKLM\..\Run: [Jft] C:\WINDOWS\System32\Ulh.exe
O4 - HKLM\..\Run: [Jam] C:\WINDOWS\System32\Ucs.exe
O4 - HKLM\..\Run: [Ooo] C:\WINDOWS\System32\Vdi.exe
O4 - HKLM\..\Run: [Nbi] C:\WINDOWS\System32\Hub.exe
O4 - HKLM\..\Run: [Vbh] C:\WINDOWS\System32\Ljt.exe
O4 - HKLM\..\Run: [Lob] C:\WINDOWS\System32\Blj.exe
O4 - HKLM\..\Run: [Aqn] C:\WINDOWS\Lfa.exe
O4 - HKLM\..\Run: [Bvp] C:\WINDOWS\Igd.exe
O4 - HKLM\..\Run: [Lmd] C:\WINDOWS\Ipd.exe
O4 - HKLM\..\Run: [Fco] C:\WINDOWS\Que.exe
O4 - HKLM\..\Run: [Log] C:\WINDOWS\Itb.exe
O4 - HKLM\..\Run: [Vvo] C:\WINDOWS\Cdo.exe
O4 - HKLM\..\Run: [Aap] C:\WINDOWS\Sre.exe
O4 - HKLM\..\Run: [Qqr] C:\WINDOWS\System32\Cbg.exe
O4 - HKLM\..\Run: [Ppd] C:\WINDOWS\Ehh.exe
O4 - HKLM\..\Run: [Egd] C:\WINDOWS\System32\Shc.exe
O4 - HKLM\..\Run: [Frv] C:\WINDOWS\System32\Gag.exe
O4 - HKLM\..\Run: [Qrb] C:\WINDOWS\System32\Fml.exe
O4 - HKLM\..\Run: [Cqd] C:\WINDOWS\Rhp.exe
O4 - HKLM\..\Run: [Ipn] C:\WINDOWS\Tuk.exe
O4 - HKLM\..\Run: [Ltu] C:\WINDOWS\System32\Pmh.exe
O4 - HKLM\..\Run: [Mbo] C:\WINDOWS\Kek.exe
O4 - HKLM\..\Run: [Klk] C:\WINDOWS\System32\Jef.exe
O4 - HKLM\..\Run: [Cno] C:\WINDOWS\Fjp.exe
O4 - HKLM\..\Run: [Rsn] C:\WINDOWS\Rpl.exe
O4 - HKLM\..\Run: [Ioi] C:\WINDOWS\Jgt.exe
O4 - HKLM\..\Run: [Ebk] C:\WINDOWS\System32\Ndj.exe
O4 - HKLM\..\Run: [Nkj] C:\WINDOWS\System32\Hro.exe
O4 - HKLM\..\Run: [Mne] C:\WINDOWS\Jnt.exe
O4 - HKLM\..\Run: [Kfp] C:\WINDOWS\System32\Mak.exe
O4 - HKLM\..\Run: [Vpa] C:\WINDOWS\Cok.exe
O4 - HKLM\..\Run: [Qev] C:\WINDOWS\Oet.exe
O4 - HKLM\..\Run: [Ani] C:\WINDOWS\System32\Tro.exe
O4 - HKLM\..\Run: [Ksc] C:\WINDOWS\Rng.exe
O4 - HKLM\..\Run: [Jga] C:\WINDOWS\System32\Eoc.exe
O4 - HKLM\..\Run: [Cil] C:\WINDOWS\System32\Bdi.exe
O4 - HKLM\..\Run: [Oss] C:\WINDOWS\Hvn.exe
O4 - HKLM\..\Run: [Nuj] C:\WINDOWS\System32\Gvc.exe
O4 - HKLM\..\Run: [Ljg] C:\WINDOWS\Lmh.exe
O4 - HKLM\..\Run: [Oih] C:\WINDOWS\System32\Mao.exe
O4 - HKLM\..\Run: [Skf] C:\WINDOWS\Gjm.exe
O4 - HKLM\..\Run: [Nsk] C:\WINDOWS\System32\Men.exe
O4 - HKLM\..\Run: [Lbg] C:\WINDOWS\System32\Rbr.exe
O4 - HKLM\..\Run: [Sfq] C:\WINDOWS\System32\Nus.exe
O4 - HKLM\..\Run: [Erc] C:\WINDOWS\System32\Son.exe
O4 - HKLM\..\Run: [Rks] C:\WINDOWS\System32\Nas.exe
O4 - HKLM\..\Run: [Mcn] C:\WINDOWS\Dnp.exe
O4 - HKLM\..\Run: [Pep] C:\WINDOWS\System32\Mqe.exe
O4 - HKLM\..\Run: [Mah] C:\WINDOWS\System32\Dav.exe
O4 - HKLM\..\Run: [Lfv] C:\WINDOWS\System32\Luu.exe
O4 - HKLM\..\Run: [Oqm] C:\WINDOWS\Rkq.exe
O4 - HKLM\..\Run: [Nlo] C:\WINDOWS\Kdf.exe
O4 - HKLM\..\Run: [Vrv] C:\WINDOWS\Ppi.exe
O4 - HKLM\..\Run: [Bss] C:\WINDOWS\System32\Egs.exe
O4 - HKLM\..\Run: [Jid] C:\WINDOWS\System32\Tha.exe
O4 - HKLM\..\Run: [Fiv] C:\WINDOWS\System32\Dub.exe
O4 - HKLM\..\Run: [Ajb] C:\WINDOWS\System32\Gfk.exe
O4 - HKLM\..\Run: [Rim] C:\WINDOWS\System32\Quj.exe
O4 - HKLM\..\Run: [Jtu] C:\WINDOWS\Pfp.exe
O4 - HKLM\..\Run: [Cis] C:\WINDOWS\Onk.exe
O4 - HKLM\..\Run: [Kuo] C:\WINDOWS\Ppv.exe
O4 - HKLM\..\Run: [Lov] C:\WINDOWS\System32\Lmh.exe
O4 - HKLM\..\Run: [Viv] C:\WINDOWS\Dlp.exe
O4 - HKLM\..\Run: [Sob] C:\WINDOWS\System32\Nir.exe
O4 - HKLM\..\Run: [Kmh] C:\WINDOWS\System32\Dkd.exe
O4 - HKLM\..\Run: [Ohv] C:\WINDOWS\Edk.exe
O4 - HKLM\..\Run: [Qqn] C:\WINDOWS\System32\Bvo.exe
O4 - HKLM\..\Run: [Ctq] C:\WINDOWS\Dgk.exe
O4 - HKLM\..\Run: [Pct] C:\WINDOWS\Bcm.exe
O4 - HKLM\..\Run: [Fcq] C:\WINDOWS\System32\Fpb.exe
O4 - HKLM\..\Run: [Jgc] C:\WINDOWS\Hcc.exe
O4 - HKLM\..\Run: [Khl] C:\WINDOWS\System32\Dkq.exe
O4 - HKLM\..\Run: [Iai] C:\WINDOWS\System32\Vpf.exe
O4 - HKLM\..\Run: [Qaa] C:\WINDOWS\Lne.exe
O4 - HKLM\..\Run: [Buo] C:\WINDOWS\Ege.exe
O4 - HKLM\..\Run: [Iet] C:\WINDOWS\System32\Aqp.exe
O4 - HKLM\..\Run: [Unk] C:\WINDOWS\Rgu.exe
O4 - HKLM\..\Run: [Bqm] C:\WINDOWS\System32\Sql.exe
O4 - HKLM\..\Run: [Kgk] C:\WINDOWS\Cjt.exe
O4 - HKLM\..\Run: [Hdf] C:\WINDOWS\Uvi.exe
O4 - HKLM\..\Run: [Tfl] C:\WINDOWS\System32\Tig.exe
O4 - HKLM\..\Run: [Oks] C:\WINDOWS\System32\Oue.exe
O4 - HKLM\..\Run: [Qgb] C:\WINDOWS\Gvb.exe
O4 - HKLM\..\Run: [Mvr] C:\WINDOWS\Sob.exe
O4 - HKLM\..\Run: [Hfu] C:\WINDOWS\Upl.exe
O4 - HKLM\..\Run: [Sph] C:\WINDOWS\System32\Fef.exe
O4 - HKLM\..\Run: [Tul] C:\WINDOWS\Ago.exe
O4 - HKLM\..\Run: [Ied] C:\WINDOWS\Lju.exe
O4 - HKLM\..\Run: [Vqn] C:\WINDOWS\System32\Tlm.exe
O4 - HKLM\..\Run: [Nuq] C:\WINDOWS\System32\Jav.exe
O4 - HKLM\..\Run: [Clh] C:\WINDOWS\System32\Etp.exe
O4 - HKLM\..\Run: [Kqg] C:\WINDOWS\System32\Nsa.exe
O4 - HKLM\..\Run: [Rju] C:\WINDOWS\Atc.exe
O4 - HKLM\..\Run: [Nqa] C:\WINDOWS\Nif.exe
O4 - HKLM\..\Run: [Nrv] C:\WINDOWS\System32\Arh.exe
O4 - HKLM\..\Run: [Css] C:\WINDOWS\System32\Qsk.exe
O4 - HKLM\..\Run: [Dep] C:\WINDOWS\System32\Enh.exe
O4 - HKLM\..\Run: [Amu] C:\WINDOWS\Tat.exe
O4 - HKLM\..\Run: [Cqr] C:\WINDOWS\System32\Mka.exe
O4 - HKLM\..\Run: [Qpa] C:\WINDOWS\Mea.exe
O4 - HKLM\..\Run: [Ubl] C:\WINDOWS\Lql.exe
O4 - HKLM\..\Run: [Qqf] C:\WINDOWS\System32\Msq.exe
O4 - HKLM\..\Run: [Rbs] C:\WINDOWS\Spv.exe
O4 - HKLM\..\Run: [Rvf] C:\WINDOWS\Sru.exe
O4 - HKLM\..\Run: [Nsq] C:\WINDOWS\System32\Pfj.exe
O4 - HKLM\..\Run: [Suk] C:\WINDOWS\System32\Jiv.exe
O4 - HKLM\..\Run: [Ktf] C:\WINDOWS\Fms.exe
O4 - HKLM\..\Run: [Efu] C:\WINDOWS\Fsm.exe
O4 - HKLM\..\Run: [Ubn] C:\WINDOWS\System32\Hvi.exe
O4 - HKLM\..\Run: [Ngp] C:\WINDOWS\System32\Hlp.exe
O4 - HKLM\..\Run: [Nlu] C:\WINDOWS\System32\Hjo.exe
O4 - HKLM\..\Run: [Ucc] C:\WINDOWS\System32\Rie.exe
O4 - HKLM\..\Run: [Uuo] C:\WINDOWS\Egv.exe
O4 - HKLM\..\Run: [Nfj] C:\WINDOWS\Iku.exe
O4 - HKLM\..\Run: [Jlu] C:\WINDOWS\System32\Mcr.exe
O4 - HKLM\..\Run: [Qvg] C:\WINDOWS\System32\Net.exe
O4 - HKLM\..\Run: [Qrq] C:\WINDOWS\Mst.exe
O4 - HKLM\..\Run: [Mgk] C:\WINDOWS\System32\Ulc.exe
O4 - HKLM\..\Run: [Geu] C:\WINDOWS\System32\Aoq.exe
O4 - HKLM\..\Run: [Gvh] C:\WINDOWS\System32\Ovu.exe
O4 - HKLM\..\Run: [Jnv] C:\WINDOWS\Uqr.exe
O4 - HKLM\..\Run: [Jrm] C:\WINDOWS\Muc.exe
O4 - HKLM\..\Run: [Lge] C:\WINDOWS\System32\Sej.exe
O4 - HKLM\..\Run: [Nvd] C:\WINDOWS\System32\Nvs.exe
O4 - HKLM\..\Run: [Vmk] C:\WINDOWS\System32\Iek.exe
O4 - HKLM\..\Run: [Aee] C:\WINDOWS\System32\Rlp.exe
O4 - HKLM\..\Run: [Ucb] C:\WINDOWS\System32\Occ.exe
O4 - HKLM\..\Run: [Qpv] C:\WINDOWS\System32\Fou.exe
O4 - HKLM\..\Run: [Kft] C:\WINDOWS\Uqv.exe
O4 - HKLM\..\Run: [Ovs] C:\WINDOWS\Lrt.exe
O4 - HKLM\..\Run: [Ape] C:\WINDOWS\System32\Qcg.exe
O4 - HKLM\..\Run: [Iov] C:\WINDOWS\System32\Mgd.exe
O4 - HKLM\..\Run: [Vuu] C:\WINDOWS\Eai.exe
O4 - HKLM\..\Run: [Ljb] C:\WINDOWS\System32\Tfc.exe
O4 - HKLM\..\Run: [Mpr] C:\WINDOWS\Mbi.exe
O4 - HKLM\..\Run: [Ghr] C:\WINDOWS\System32\Ihh.exe
O4 - HKLM\..\Run: [Ord] C:\WINDOWS\Icn.exe
O4 - HKLM\..\Run: [Rdu] C:\WINDOWS\System32\Gev.exe
O4 - HKLM\..\Run: [Kbc] C:\WINDOWS\Nrs.exe
O4 - HKLM\..\Run: [Ule] C:\WINDOWS\Fif.exe
O4 - HKLM\..\Run: [Jth] C:\WINDOWS\System32\Kmv.exe
O4 - HKLM\..\Run: [Gpe] C:\WINDOWS\System32\Mdg.exe
O4 - HKLM\..\Run: [Sca] C:\WINDOWS\Baq.exe
O4 - HKLM\..\Run: [Qtj] C:\WINDOWS\System32\Qco.exe
O4 - HKLM\..\Run: [Gls] C:\WINDOWS\System32\Ese.exe
O4 - HKLM\..\Run: [Ibk] C:\WINDOWS\System32\Ckc.exe
O4 - HKLM\..\Run: [Pkm] C:\WINDOWS\Flr.exe
O4 - HKLM\..\Run: [Bnd] C:\WINDOWS\System32\Ogn.exe
O4 - HKLM\..\Run: [Pif] C:\WINDOWS\System32\Jkn.exe
O4 - HKLM\..\Run: [Aka] C:\WINDOWS\System32\Heo.exe
O4 - HKLM\..\Run: [Tog] C:\WINDOWS\System32\Bos.exe
O4 - HKLM\..\Run: [Cld] C:\WINDOWS\System32\Usp.exe
O4 - HKLM\..\Run: [Ajl] C:\WINDOWS\System32\Cuv.exe
O4 - HKLM\..\Run: [Iqq] C:\WINDOWS\Afe.exe
O4 - HKLM\..\Run: [Rip] C:\WINDOWS\System32\Cms.exe
O4 - HKLM\..\Run: [Glr] C:\WINDOWS\Jju.exe
O4 - HKLM\..\Run: [Pba] C:\WINDOWS\Gvn.exe
O4 - HKLM\..\Run: [Nhh] C:\WINDOWS\System32\Asd.exe
O4 - HKLM\..\Run: [Mig] C:\WINDOWS\System32\Tuh.exe
O4 - HKLM\..\Run: [Att] C:\WINDOWS\System32\Ilr.exe
O4 - HKLM\..\Run: [Ajq] C:\WINDOWS\Jfi.exe
O4 - HKLM\..\Run: [Kjl] C:\WINDOWS\Fqc.exe
O4 - HKLM\..\Run: [Obk] C:\WINDOWS\Cvl.exe
O4 - HKLM\..\Run: [Dui] C:\WINDOWS\System32\Mfq.exe
O4 - HKLM\..\Run: [Fci] C:\WINDOWS\Vfm.exe
O4 - HKLM\..\Run: [Kmb] C:\WINDOWS\Mrl.exe
O4 - HKLM\..\Run: [Olp] C:\WINDOWS\Upa.exe
O4 - HKLM\..\Run: [Jjh] C:\WINDOWS\System32\Cvh.exe
O4 - HKLM\..\Run: [Nvn] C:\WINDOWS\Blv.exe
O4 - HKLM\..\Run: [Smu] C:\WINDOWS\System32\Mhf.exe
O4 - HKLM\..\Run: [Drs] C:\WINDOWS\Apn.exe
O4 - HKLM\..\Run: [Tns] C:\WINDOWS\System32\Kju.exe
O4 - HKLM\..\Run: [Bsl] C:\WINDOWS\System32\Jpq.exe
O4 - HKLM\..\Run: [Mhj] C:\WINDOWS\Ger.exe
O4 - HKLM\..\Run: [Dsg] C:\WINDOWS\Gls.exe
O4 - HKLM\..\Run: [Pnh] C:\WINDOWS\System32\Ani.exe
O4 - HKLM\..\Run: [Afe] C:\WINDOWS\System32\Meq.exe
O4 - HKLM\..\Run: [Khu] C:\WINDOWS\System32\Dne.exe
O4 - HKLM\..\Run: [Tlu] C:\WINDOWS\Qhu.exe
O4 - HKLM\..\Run: [Hdv] C:\WINDOWS\System32\Euc.exe
O4 - HKLM\..\Run: [Ons] C:\WINDOWS\System32\Gtq.exe
O4 - HKLM\..\Run: [Sds] C:\WINDOWS\Vjh.exe
O4 - HKLM\..\Run: [Unv] C:\WINDOWS\Bto.exe
O4 - HKLM\..\Run: [Ffi] C:\WINDOWS\System32\Ntv.exe
O4 - HKLM\..\Run: [Oqt] C:\WINDOWS\Cvv.exe
O4 - HKLM\..\Run: [Gsn] C:\WINDOWS\System32\Vnv.exe
O4 - HKLM\..\Run: [Ogt] C:\WINDOWS\Kot.exe
O4 - HKLM\..\Run: [Crj] C:\WINDOWS\System32\Tbk.exe
O4 - HKLM\..\Run: [Aln] C:\WINDOWS\System32\Jap.exe
O4 - HKLM\..\Run: [Lns] C:\WINDOWS\Vge.exe
O4 - HKLM\..\Run: [Kfk] C:\WINDOWS\Nlb.exe
O4 - HKLM\..\Run: [Msl] C:\WINDOWS\Iqs.exe
O4 - HKLM\..\Run: [Iis] C:\WINDOWS\Avf.exe
O4 - HKLM\..\Run: [Qfc] C:\WINDOWS\System32\Kkg.exe
O4 - HKLM\..\Run: [Mtj] C:\WINDOWS\Caf.exe
O4 - HKLM\..\Run: [Rho] C:\WINDOWS\System32\Hco.exe
O4 - HKLM\..\Run: [Llb] C:\WINDOWS\Nid.exe
O4 - HKLM\..\Run: [Iql] C:\WINDOWS\Hve.exe
O4 - HKLM\..\Run: [Vpr] C:\WINDOWS\System32\Jci.exe
O4 - HKLM\..\Run: [Vnc] C:\WINDOWS\Jnh.exe
O4 - HKLM\..\Run: [Jiq] C:\WINDOWS\Sbn.exe
O4 - HKLM\..\Run: [Ibj] C:\WINDOWS\System32\Cur.exe
O4 - HKLM\..\Run: [Qrj] C:\WINDOWS\Qqr.exe
O4 - HKLM\..\Run: [Gsj] C:\WINDOWS\Geu.exe
O4 - HKLM\..\Run: [Fbv] C:\WINDOWS\Btv.exe
O4 - HKLM\..\Run: [Cap] C:\WINDOWS\Sgb.exe
O4 - HKLM\..\Run: [Qje] C:\WINDOWS\System32\Rdk.exe
O4 - HKLM\..\Run: [Qvv] C:\WINDOWS\Jgv.exe
O4 - HKLM\..\Run: [Lqt] C:\WINDOWS\System32\Igd.exe
O4 - HKLM\..\Run: [Tkl] C:\WINDOWS\Sta.exe
O4 - HKLM\..\Run: [Ntd] C:\WINDOWS\Qjr.exe
O4 - HKLM\..\Run: [Qil] C:\WINDOWS\System32\Bgf.exe
O4 - HKLM\..\Run: [Arr] C:\WINDOWS\Iit.exe
O4 - HKLM\..\Run: [Osc] C:\WINDOWS\Oah.exe
O4 - HKLM\..\Run: [Grc] C:\WINDOWS\Bli.exe
O4 - HKLM\..\Run: [Vtp] C:\WINDOWS\System32\Iqr.exe
O4 - HKLM\..\Run: [Ode] C:\WINDOWS\System32\Tgi.exe
O4 - HKLM\..\Run: [Vpd] C:\WINDOWS\Gek.exe
O4 - HKLM\..\Run: [Oaj] C:\WINDOWS\System32\Jic.exe
O4 - HKLM\..\Run: [Eph] C:\WINDOWS\System32\Plg.exe
O4 - HKLM\..\Run: [Ouf] C:\WINDOWS\Rli.exe
O4 - HKLM\..\Run: [Ulk] C:\WINDOWS\System32\Qfu.exe
O4 - HKLM\..\Run: [Jpu] C:\WINDOWS\System32\Are.exe
O4 - HKLM\..\Run: [Cqc] C:\WINDOWS\System32\Reh.exe
O4 - HKLM\..\Run: [Cuh] C:\WINDOWS\System32\Kuv.exe
O4 - HKLM\..\Run: [Sve] C:\WINDOWS\System32\Ror.exe
O4 - HKLM\..\Run: [Jot] C:\WINDOWS\System32\Fjb.exe
O4 - HKLM\..\Run: [Tnt] C:\WINDOWS\Vej.exe
O4 - HKLM\..\Run: [Lej] C:\WINDOWS\System32\Vde.exe
O4 - HKLM\..\Run: [Hst] C:\WINDOWS\Eva.exe
O4 - HKLM\..\Run: [Vlk] C:\WINDOWS\System32\Ctv.exe
O4 - HKLM\..\Run: [Rjn] C:\WINDOWS\System32\Eef.exe
O4 - HKLM\..\Run: [Pti] C:\WINDOWS\Bgc.exe
O4 - HKLM\..\Run: [Tov] C:\WINDOWS\Dmo.exe
O4 - HKLM\..\Run: [Ksl] C:\WINDOWS\Mbc.exe
O4 - HKLM\..\Run: [Bpa] C:\WINDOWS\System32\Kga.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Tce] C:\WINDOWS\Rcc.exe
O4 - HKLM\..\Run: [Ggd] C:\WINDOWS\System32\Hbj.exe
O4 - HKLM\..\Run: [Dfd] C:\WINDOWS\Seb.exe
O4 - HKLM\..\Run: [Nrm] C:\WINDOWS\Rok.exe
O4 - HKLM\..\Run: [Jlr] C:\WINDOWS\System32\Vef.exe
O4 - HKLM\..\Run: [Oao] C:\WINDOWS\System32\Spb.exe
O4 - HKLM\..\Run: [Gba] C:\WINDOWS\System32\Kaa.exe
O4 - HKLM\..\Run: [Cpg] C:\WINDOWS\Tjs.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [scvhost] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Dha] C:\WINDOWS\Cth.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [x3yy] C:\WINDOWS\System32\x3yy\iqcjijdo.exe
O4 - HKCU\..\Run: [Rei] C:\WINDOWS\System32\Gkn.exe
O4 - HKCU\..\Run: [Hic] C:\WINDOWS\Tdh.exe
O4 - HKCU\..\Run: [Jqd] C:\WINDOWS\System32\Vmk.exe
O4 - HKCU\..\Run: [Vkq] C:\WINDOWS\Hhc.exe
O4 - HKCU\..\Run: [Ijh] C:\WINDOWS\System32\Tib.exe
O4 - HKCU\..\Run: [Jel] C:\WINDOWS\System32\Rrb.exe
O4 - HKCU\..\Run: [Bli] C:\WINDOWS\System32\Gce.exe
O4 - HKCU\..\Run: [Aeg] C:\WINDOWS\Pre.exe
O4 - HKCU\..\Run: [Irn] C:\WINDOWS\Nls.exe
O4 - HKCU\..\Run: [Jej] C:\WINDOWS\System32\Abn.exe
O4 - HKCU\..\Run: [Iej] C:\WINDOWS\Bpb.exe
O4 - HKCU\..\Run: [Kbs] C:\WINDOWS\Tli.exe
O4 - HKCU\..\Run: [Jsc] C:\WINDOWS\Foh.exe
O4 - HKCU\..\Run: [Ukb] C:\WINDOWS\System32\Cir.exe
O4 - HKCU\..\Run: [Fka] C:\WINDOWS\System32\Aer.exe
O4 - HKCU\..\Run: [Ouu] C:\WINDOWS\Ulg.exe
O4 - HKCU\..\Run: [Lol] C:\WINDOWS\System32\Tcm.exe
O4 - HKCU\..\Run: [Rlk] C:\WINDOWS\Lsc.exe
O4 - HKCU\..\Run: [Vhp] C:\WINDOWS\System32\Usd.exe
O4 - HKCU\..\Run: [Psv] C:\WINDOWS\Usm.exe
O4 - HKCU\..\Run: [Hml] C:\WINDOWS\System32\Vts.exe
O4 - HKCU\..\Run: [Nnu] C:\WINDOWS\System32\Tak.exe
O4 - HKCU\..\Run: [Edf] C:\WINDOWS\System32\Ree.exe
O4 - HKCU\..\Run: [Dbo] C:\WINDOWS\System32\Rhq.exe
O4 - HKCU\..\Run: [Jui] C:\WINDOWS\Sem.exe
O4 - HKCU\..\Run: [Enm] C:\WINDOWS\System32\Ana.exe
O4 - HKCU\..\Run: [Msb] C:\WINDOWS\System32\Cuc.exe
O4 - HKCU\..\Run: [Lrp] C:\WINDOWS\Gjf.exe
O4 - HKCU\..\Run: [Mgg] C:\WINDOWS\System32\Noo.exe
O4 - HKCU\..\Run: [Mpi] C:\WINDOWS\System32\Faq.exe
O4 - HKCU\..\Run: [Dvt] C:\WINDOWS\Onm.exe
O4 - HKCU\..\Run: [Teg] C:\WINDOWS\System32\Rui.exe
O4 - HKCU\..\Run: [Uvo] C:\WINDOWS\Btt.exe
O4 - HKCU\..\Run: [Hdl] C:\WINDOWS\System32\Qul.exe
O4 - HKCU\..\Run: [Lfl] C:\WINDOWS\System32\Hsl.exe
O4 - HKCU\..\Run: [Qcg] C:\WINDOWS\Cni.exe
O4 - HKCU\..\Run: [Ejb] C:\WINDOWS\System32\Eju.exe
O4 - HKCU\..\Run: [Mek] C:\WINDOWS\Rec.exe
O4 - HKCU\..\Run: [Iod] C:\WINDOWS\Sfl.exe
O4 - HKCU\..\Run: [Eec] C:\WINDOWS\System32\Cjr.exe
O4 - HKCU\..\Run: [Dhb] C:\WINDOWS\System32\Por.exe
O4 - HKCU\..\Run: [Nen] C:\WINDOWS\System32\Pcq.exe
O4 - HKCU\..\Run: [Eja] C:\WINDOWS\System32\Rgn.exe
O4 - HKCU\..\Run: [Mie] C:\WINDOWS\System32\Ece.exe
O4 - HKCU\..\Run: [Omh] C:\WINDOWS\Rrb.exe
O4 - HKCU\..\Run: [Hrv] C:\WINDOWS\System32\Kuu.exe
O4 - HKCU\..\Run: [Hub] C:\WINDOWS\Tkm.exe
O4 - HKCU\..\Run: [Dvs] C:\WINDOWS\Obr.exe
O4 - HKCU\..\Run: [Apd] C:\WINDOWS\System32\Tar.exe
O4 - HKCU\..\Run: [Fqr] C:\WINDOWS\Haj.exe
O4 - HKCU\..\Run: [Doi] C:\WINDOWS\Vml.exe
O4 - HKCU\..\Run: [Chb] C:\WINDOWS\Hqp.exe
O4 - HKCU\..\Run: [Bmg] C:\WINDOWS\System32\Nsr.exe
O4 - HKCU\..\Run: [Tfo] C:\WINDOWS\System32\Kat.exe
O4 - HKCU\..\Run: [Ncf] C:\WINDOWS\System32\Ppp.exe
O4 - HKCU\..\Run: [Bbu] C:\WINDOWS\System32\Ktf.exe
O4 - HKCU\..\Run: [Jgv] C:\WINDOWS\Rvk.exe
O4 - HKCU\..\Run: [Pef] C:\WINDOWS\Bcp.exe
O4 - HKCU\..\Run: [Ial] C:\WINDOWS\Mpn.exe
O4 - HKCU\..\Run: [Rpt] C:\WINDOWS\Rac.exe
O4 - HKCU\..\Run: [Pou] C:\WINDOWS\Mjt.exe
O4 - HKCU\..\Run: [Mrs] C:\WINDOWS\System32\Ksn.exe
O4 - HKCU\..\Run: [Akn] C:\WINDOWS\System32\Uau.exe
O4 - HKCU\..\Run: [Sdm] C:\WINDOWS\System32\Mbc.exe
O4 - HKCU\..\Run: [Fch] C:\WINDOWS\Cmk.exe
O4 - HKCU\..\Run: [Dbk] C:\WINDOWS\System32\Bkq.exe
O4 - HKCU\..\Run: [Moh] C:\WINDOWS\Mbc.exe
O4 - HKCU\..\Run: [Pga] C:\WINDOWS\System32\Qqb.exe
O4 - HKCU\..\Run: [Lmj] C:\WINDOWS\Meq.exe
O4 - HKCU\..\Run: [Uhe] C:\WINDOWS\System32\Riu.exe
O4 - HKCU\..\Run: [Qgf] C:\WINDOWS\Tto.exe
O4 - HKCU\..\Run: [Dgk] C:\WINDOWS\System32\Iai.exe
O4 - HKCU\..\Run: [Knq] C:\WINDOWS\System32\Ntn.exe
O4 - HKCU\..\Run: [Mnk] C:\WINDOWS\System32\Ica.exe
O4 - HKCU\..\Run: [Cii] C:\WINDOWS\System32\Vce.exe
O4 - HKCU\..\Run: [Ups] C:\WINDOWS\System32\Bba.exe
O4 - HKCU\..\Run: [Sng] C:\WINDOWS\System32\Cat.exe
O4 - HKCU\..\Run: [Pfl] C:\WINDOWS\System32\Dcr.exe
O4 - HKCU\..\Run: [Ivd] C:\WINDOWS\System32\Ith.exe
O4 - HKCU\..\Run: [Fuv] C:\WINDOWS\System32\Ucg.exe
O4 - HKCU\..\Run: [Btg] C:\WINDOWS\Hlb.exe
O4 - HKCU\..\Run: [Ugg] C:\WINDOWS\System32\Ukj.exe
O4 - HKCU\..\Run: [Nal] C:\WINDOWS\System32\Ocg.exe
O4 - HKCU\..\Run: [Roa] C:\WINDOWS\System32\Odf.exe
O4 - HKCU\..\Run: [Jhi] C:\WINDOWS\System32\Orf.exe
O4 - HKCU\..\Run: [Doh] C:\WINDOWS\Occ.exe
O4 - HKCU\..\Run: [Phl] C:\WINDOWS\System32\Fks.exe
O4 - HKCU\..\Run: [Jcn] C:\WINDOWS\System32\Elk.exe
O4 - HKCU\..\Run: [Gfs] C:\WINDOWS\Iul.exe
O4 - HKCU\..\Run: [Ahf] C:\WINDOWS\Abi.exe
O4 - HKCU\..\Run: [Aje] C:\WINDOWS\System32\Qgc.exe
O4 - HKCU\..\Run: [Cev] C:\WINDOWS\System32\Onk.exe
O4 - HKCU\..\Run: [Pfo] C:\WINDOWS\System32\Ees.exe
O4 - HKCU\..\Run: [Pjk] C:\WINDOWS\Uhp.exe
O4 - HKCU\..\Run: [Dhu] C:\WINDOWS\System32\Pto.exe
O4 - HKCU\..\Run: [Gst] C:\WINDOWS\System32\Gnb.exe
O4 - HKCU\..\Run: [Aeu] C:\WINDOWS\Uog.exe
O4 - HKCU\..\Run: [Hte] C:\WINDOWS\System32\Kdf.exe
O4 - HKCU\..\Run: [Uug] C:\WINDOWS\Hbl.exe
O4 - HKCU\..\Run: [Gpi] C:\WINDOWS\System32\Ckg.exe
O4 - HKCU\..\Run: [Csj] C:\WINDOWS\Qkm.exe
O4 - HKCU\..\Run: [Rih] C:\WINDOWS\Pva.exe
O4 - HKCU\..\Run: [Hqb] C:\WINDOWS\God.exe
O4 - HKCU\..\Run: [Rrm] C:\WINDOWS\System32\Tsj.exe
O4 - HKCU\..\Run: [Vvu] C:\WINDOWS\Vtv.exe
O4 - HKCU\..\Run: [Qee] C:\WINDOWS\System32\Ame.exe
O4 - HKCU\..\Run: [Vec] C:\WINDOWS\Qnn.exe
O4 - HKCU\..\Run: [Opp] C:\WINDOWS\System32\Gqo.exe
O4 - HKCU\..\Run: [Rcs] C:\WINDOWS\Lkt.exe
O4 - HKCU\..\Run: [Omc] C:\WINDOWS\System32\Ebc.exe
O4 - HKCU\..\Run: [Clg] C:\WINDOWS\System32\Gtd.exe
O4 - HKCU\..\Run: [Rkk] C:\WINDOWS\Eff.exe
O4 - HKCU\..\Run: [Jos] C:\WINDOWS\System32\Kal.exe
O4 - HKCU\..\Run: [Ofp] C:\WINDOWS\System32\Cmq.exe
O4 - HKCU\..\Run: [Vst] C:\WINDOWS\Jal.exe
O4 - HKCU\..\Run: [Nbd] C:\WINDOWS\Tdm.exe
O4 - HKCU\..\Run: [Nbr] C:\WINDOWS\System32\Hof.exe
O4 - HKCU\..\Run: [Ubo] C:\WINDOWS\System32\Skg.exe
O4 - HKCU\..\Run: [Dog] C:\WINDOWS\Psr.exe
O4 - HKCU\..\Run: [Qcs] C:\WINDOWS\Sls.exe
O4 - HKCU\..\Run: [Lkt] C:\WINDOWS\System32\Ksv.exe
O4 - HKCU\..\Run: [Occ] C:\WINDOWS\Nrt.exe
O4 - HKCU\..\Run: [Qqa] C:\WINDOWS\System32\Coa.exe
O4 - HKCU\..\Run: [Kri] C:\WINDOWS\System32\Tte.exe
O4 - HKCU\..\Run: [Mib] C:\WINDOWS\Tmj.exe
O4 - HKCU\..\Run: [Cbn] C:\WINDOWS\Gol.exe
O4 - HKCU\..\Run: [Rke] C:\WINDOWS\Tuh.exe
O4 - HKCU\..\Run: [Uin] C:\WINDOWS\Mpr.exe
O4 - HKCU\..\Run: [Efm] C:\WINDOWS\System32\Ist.exe
O4 - HKCU\..\Run: [Ptf] C:\WINDOWS\System32\Gpk.exe
O4 - HKCU\..\Run: [Klp] C:\WINDOWS\Atd.exe
O4 - HKCU\..\Run: [Fgc] C:\WINDOWS\System32\Oqp.exe
O4 - HKCU\..\Run: [Pbm] C:\WINDOWS\System32\Lsl.exe
O4 - HKCU\..\Run: [Rrb] C:\WINDOWS\Ick.exe
O4 - HKCU\..\Run: [Ffe] C:\WINDOWS\Mho.exe
O4 - HKCU\..\Run: [Cou] C:\WINDOWS\System32\Htf.exe
O4 - HKCU\..\Run: [Dpi] C:\WINDOWS\System32\Fvo.exe
O4 - HKCU\..\Run: [Dlu] C:\WINDOWS\System32\Vig.exe
O4 - HKCU\..\Run: [Ceb] C:\WINDOWS\Mbj.exe
O4 - HKCU\..\Run: [Ehc] C:\WINDOWS\Ceo.exe
O4 - HKCU\..\Run: [Qkf] C:\WINDOWS\Dtk.exe
O4 - HKCU\..\Run: [Kkc] C:\WINDOWS\System32\Ocd.exe
O4 - HKCU\..\Run: [Dft] C:\WINDOWS\System32\Hpc.exe
O4 - HKCU\..\Run: [Amf] C:\WINDOWS\Ceh.exe
O4 - HKCU\..\Run: [Gdi] C:\WINDOWS\System32\Ksv.exe
O4 - HKCU\..\Run: [Dlm] C:\WINDOWS\Rsj.exe
O4 - HKCU\..\Run: [Vta] C:\WINDOWS\Aia.exe
O4 - HKCU\..\Run: [Shi] C:\WINDOWS\Mhk.exe
O4 - HKCU\..\Run: [Akg] C:\WINDOWS\Tjg.exe
O4 - HKCU\..\Run: [Jft] C:\WINDOWS\System32\Ulh.exe
O4 - HKCU\..\Run: [Jam] C:\WINDOWS\System32\Ucs.exe
O4 - HKCU\..\Run: [Ooo] C:\WINDOWS\System32\Vdi.exe
O4 - HKCU\..\Run: [Nbi] C:\WINDOWS\System32\Hub.exe
O4 - HKCU\..\Run: [Vbh] C:\WINDOWS\System32\Ljt.exe
O4 - HKCU\..\Run: [Lob] C:\WINDOWS\System32\Blj.exe
O4 - HKCU\..\Run: [Aqn] C:\WINDOWS\Lfa.exe
O4 - HKCU\..\Run: [Bvp] C:\WINDOWS\Igd.exe
O4 - HKCU\..\Run: [Lmd] C:\WINDOWS\Ipd.exe
O4 - HKCU\..\Run: [Fco] C:\WINDOWS\Que.exe
O4 - HKCU\..\Run: [Log] C:\WINDOWS\Itb.exe
O4 - HKCU\..\Run: [Vvo] C:\WINDOWS\Cdo.exe
O4 - HKCU\..\Run: [Aap] C:\WINDOWS\Sre.exe
O4 - HKCU\..\Run: [Qqr] C:\WINDOWS\System32\Cbg.exe
O4 - HKCU\..\Run: [Ppd] C:\WINDOWS\Ehh.exe
O4 - HKCU\..\Run: [Egd] C:\WINDOWS\System32\Shc.exe
O4 - HKCU\..\Run: [Frv] C:\WINDOWS\System32\Gag.exe
O4 - HKCU\..\Run: [Qrb] C:\WINDOWS\System32\Fml.exe
O4 - HKCU\..\Run: [Cqd] C:\WINDOWS\Rhp.exe
O4 - HKCU\..\Run: [Ipn] C:\WINDOWS\Tuk.exe
O4 - HKCU\..\Run: [Ltu] C:\WINDOWS\System32\Pmh.exe
O4 - HKCU\..\Run: [Mbo] C:\WINDOWS\Kek.exe
O4 - HKCU\..\Run: [Klk] C:\WINDOWS\System32\Jef.exe
O4 - HKCU\..\Run: [Cno] C:\WINDOWS\Fjp.exe
O4 - HKCU\..\Run: [Rsn] C:\WINDOWS\Rpl.exe
O4 - HKCU\..\Run: [Ioi] C:\WINDOWS\Jgt.exe
O4 - HKCU\..\Run: [Ebk] C:\WINDOWS\System32\Ndj.exe
O4 - HKCU\..\Run: [Nkj] C:\WINDOWS\System32\Hro.exe
O4 - HKCU\..\Run: [Mne] C:\WINDOWS\Jnt.exe
O4 - HKCU\..\Run: [Kfp] C:\WINDOWS\System32\Mak.exe
O4 - HKCU\..\Run: [Vpa] C:\WINDOWS\Cok.exe
O4 - HKCU\..\Run: [Qev] C:\WINDOWS\Oet.exe
O4 - HKCU\..\Run: [Ani] C:\WINDOWS\System32\Tro.exe
O4 - HKCU\..\Run: [Ksc] C:\WINDOWS\Rng.exe
O4 - HKCU\..\Run: [Jga] C:\WINDOWS\System32\Eoc.exe
O4 - HKCU\..\Run: [Cil] C:\WINDOWS\System32\Bdi.exe
O4 - HKCU\..\Run: [Oss] C:\WINDOWS\Hvn.exe
O4 - HKCU\..\Run: [Nuj] C:\WINDOWS\System32\Gvc.exe
O4 - HKCU\..\Run: [Ljg] C:\WINDOWS\Lmh.exe
O4 - HKCU\..\Run: [Oih] C:\WINDOWS\System32\Mao.exe
O4 - HKCU\..\Run: [Skf] C:\WINDOWS\Gjm.exe
O4 - HKCU\..\Run: [Nsk] C:\WINDOWS\System32\Men.exe
O4 - HKCU\..\Run: [Lbg] C:\WINDOWS\System32\Rbr.exe
O4 - HKCU\..\Run: [Sfq] C:\WINDOWS\System32\Nus.exe
O4 - HKCU\..\Run: [Erc] C:\WINDOWS\System32\Son.exe
O4 - HKCU\..\Run: [Rks] C:\WINDOWS\System32\Nas.exe
O4 - HKCU\..\Run: [Mcn] C:\WINDOWS\Dnp.exe
O4 - HKCU\..\Run: [Pep] C:\WINDOWS\System32\Mqe.exe
O4 - HKCU\..\Run: [Mah] C:\WINDOWS\System32\Dav.exe
O4 - HKCU\..\Run: [Lfv] C:\WINDOWS\System32\Luu.exe
O4 - HKCU\..\Run: [Oqm] C:\WINDOWS\Rkq.exe
O4 - HKCU\..\Run: [Nlo] C:\WINDOWS\Kdf.exe
O4 - HKCU\..\Run: [Vrv] C:\WINDOWS\Ppi.exe
O4 - HKCU\..\Run: [Bss] C:\WINDOWS\System32\Egs.exe
O4 - HKCU\..\Run: [Jid] C:\WINDOWS\System32\Tha.exe
O4 - HKCU\..\Run: [Fiv] C:\WINDOWS\System32\Dub.exe
O4 - HKCU\..\Run: [Ajb] C:\WINDOWS\System32\Gfk.exe
O4 - HKCU\..\Run: [Rim] C:\WINDOWS\System32\Quj.exe
O4 - HKCU\..\Run: [Jtu] C:\WINDOWS\Pfp.exe
O4 - HKCU\..\Run: [Cis] C:\WINDOWS\Onk.exe
O4 - HKCU\..\Run: [Kuo] C:\WINDOWS\Ppv.exe
O4 - HKCU\..\Run: [Lov] C:\WINDOWS\System32\Lmh.exe
O4 - HKCU\..\Run: [Viv] C:\WINDOWS\Dlp.exe
O4 - HKCU\..\Run: [Sob] C:\WINDOWS\System32\Nir.exe
O4 - HKCU\..\Run: [Kmh] C:\WINDOWS\System32\Dkd.exe
O4 - HKCU\..\Run: [Ohv] C:\WINDOWS\Edk.exe
O4 - HKCU\..\Run: [Qqn] C:\WINDOWS\System32\Bvo.exe
O4 - HKCU\..\Run: [Ctq] C:\WINDOWS\Dgk.exe
O4 - HKCU\..\Run: [Pct] C:\WINDOWS\Bcm.exe
O4 - HKCU\..\Run: [Fcq] C:\WINDOWS\System32\Fpb.exe
O4 - HKCU\..\Run: [Jgc] C:\WINDOWS\Hcc.exe
O4 - HKCU\..\Run: [Khl] C:\WINDOWS\System32\Dkq.exe
O4 - HKCU\..\Run: [Iai] C:\WINDOWS\System32\Vpf.exe
O4 - HKCU\..\Run: [Qaa] C:\WINDOWS\Lne.exe
O4 - HKCU\..\Run: [Buo] C:\WINDOWS\Ege.exe
O4 - HKCU\..\Run: [Iet] C:\WINDOWS\System32\Aqp.exe
O4 - HKCU\..\Run: [Unk] C:\WINDOWS\Rgu.exe
O4 - HKCU\..\Run: [Bqm] C:\WINDOWS\System32\Sql.exe
O4 - HKCU\..\Run: [Kgk] C:\WINDOWS\Cjt.exe
O4 - HKCU\..\Run: [Hdf] C:\WINDOWS\Uvi.exe
O4 - HKCU\..\Run: [Tfl] C:\WINDOWS\System32\Tig.exe
O4 - HKCU\..\Run: [Oks] C:\WINDOWS\System32\Oue.exe
O4 - HKCU\..\Run: [Qgb] C:\WINDOWS\Gvb.exe
O4 - HKCU\..\Run: [Mvr] C:\WINDOWS\Sob.exe
O4 - HKCU\..\Run: [Hfu] C:\WINDOWS\Upl.exe
O4 - HKCU\..\Run: [Sph] C:\WINDOWS\System32\Fef.exe
O4 - HKCU\..\Run: [Tul] C:\WINDOWS\Ago.exe
O4 - HKCU\..\Run: [Ied] C:\WINDOWS\Lju.exe
O4 - HKCU\..\Run: [Vqn] C:\WINDOWS\System32\Tlm.exe
O4 - HKCU\..\Run: [Nuq] C:\WINDOWS\System32\Jav.exe
O4 - HKCU\..\Run: [Clh] C:\WINDOWS\System32\Etp.exe
O4 - HKCU\..\Run: [Kqg] C:\WINDOWS\System32\Nsa.exe
O4 - HKCU\..\Run: [Rju] C:\WINDOWS\Atc.exe
O4 - HKCU\..\Run: [Nqa] C:\WINDOWS\Nif.exe
O4 - HKCU\..\Run: [Nrv] C:\WINDOWS\System32\Arh.exe
O4 - HKCU\..\Run: [Css] C:\WINDOWS\System32\Qsk.exe
O4 - HKCU\..\Run: [Dep] C:\WINDOWS\System32\Enh.exe
O4 - HKCU\..\Run: [Amu] C:\WINDOWS\Tat.exe
O4 - HKCU\..\Run: [Cqr] C:\WINDOWS\System32\Mka.exe
O4 - HKCU\..\Run: [Qpa] C:\WINDOWS\Mea.exe
O4 - HKCU\..\Run: [Ubl] C:\WINDOWS\Lql.exe
O4 - HKCU\..\Run: [Qqf] C:\WINDOWS\System32\Msq.exe
O4 - HKCU\..\Run: [Rbs] C:\WINDOWS\Spv.exe
O4 - HKCU\..\Run: [Rvf] C:\WINDOWS\Sru.exe
O4 - HKCU\..\Run: [Nsq] C:\WINDOWS\System32\Pfj.exe
O4 - HKCU\..\Run: [Suk] C:\WINDOWS\System32\Jiv.exe
O4 - HKCU\..\Run: [Ktf] C:\WINDOWS\Fms.exe
O4 - HKCU\..\Run: [Efu] C:\WINDOWS\Fsm.exe
O4 - HKCU\..\Run: [Ubn] C:\WINDOWS\System32\Hvi.exe
O4 - HKCU\..\Run: [Ngp] C:\WINDOWS\System32\Hlp.exe
O4 - HKCU\..\Run: [Nlu] C:\WINDOWS\System32\Hjo.exe
O4 - HKCU\..\Run: [Ucc] C:\WINDOWS\System32\Rie.exe
O4 - HKCU\..\Run: [Uuo] C:\WINDOWS\Egv.exe
O4 - HKCU\..\Run: [Nfj] C:\WINDOWS\Iku.exe
O4 - HKCU\..\Run: [Jlu] C:\WINDOWS\System32\Mcr.exe
O4 - HKCU\..\Run: [Qvg] C:\WINDOWS\System32\Net.exe
O4 - HKCU\..\Run: [Qrq] C:\WINDOWS\Mst.exe
O4 - HKCU\..\Run: [Mgk] C:\WINDOWS\System32\Ulc.exe
O4 - HKCU\..\Run: [Geu] C:\WINDOWS\System32\Aoq.exe
O4 - HKCU\..\Run: [Gvh] C:\WINDOWS\System32\Ovu.exe
O4 - HKCU\..\Run: [Jnv] C:\WINDOWS\Uqr.exe
O4 - HKCU\..\Run: [Jrm] C:\WINDOWS\Muc.exe
O4 - HKCU\..\Run: [Lge] C:\WINDOWS\System32\Sej.exe
O4 - HKCU\..\Run: [Nvd] C:\WINDOWS\System32\Nvs.exe
O4 - HKCU\..\Run: [Vmk] C:\WINDOWS\System32\Iek.exe
O4 - HKCU\..\Run: [Aee] C:\WINDOWS\System32\Rlp.exe
O4 - HKCU\..\Run: [Ucb] C:\WINDOWS\System32\Occ.exe
O4 - HKCU\..\Run: [Qpv] C:\WINDOWS\System32\Fou.exe
O4 - HKCU\..\Run: [Kft] C:\WINDOWS\Uqv.exe
O4 - HKCU\..\Run: [Ovs] C:\WINDOWS\Lrt.exe
O4 - HKCU\..\Run: [Ape] C:\WINDOWS\System32\Qcg.exe
O4 - HKCU\..\Run: [Iov] C:\WINDOWS\System32\Mgd.exe
O4 - HKCU\..\Run: [Vuu] C:\WINDOWS\Eai.exe
O4 - HKCU\..\Run: [Ljb] C:\WINDOWS\System32\Tfc.exe
O4 - HKCU\..\Run: [Mpr] C:\WINDOWS\Mbi.exe
O4 - HKCU\..\Run: [Ghr] C:\WINDOWS\System32\Ihh.exe
O4 - HKCU\..\Run: [Ord] C:\WINDOWS\Icn.exe
O4 - HKCU\..\Run: [Rdu] C:\WINDOWS\System32\Gev.exe
O4 - HKCU\..\Run: [Kbc] C:\WINDOWS\Nrs.exe
O4 - HKCU\..\Run: [Ule] C:\WINDOWS\Fif.exe
O4 - HKCU\..\Run: [Jth] C:\WINDOWS\System32\Kmv.exe
O4 - HKCU\..\Run: [Gpe] C:\WINDOWS\System32\Mdg.exe
O4 - HKCU\..\Run: [Sca] C:\WINDOWS\Baq.exe
O4 - HKCU\..\Run: [Qtj] C:\WINDOWS\System32\Qco.exe
O4 - HKCU\..\Run: [Gls] C:\WINDOWS\System32\Ese.exe
O4 - HKCU\..\Run: [Ibk] C:\WINDOWS\System32\Ckc.exe
O4 - HKCU\..\Run: [Pkm] C:\WINDOWS\Flr.exe
O4 - HKCU\..\Run: [Bnd] C:\WINDOWS\System32\Ogn.exe
O4 - HKCU\..\Run: [Pif] C:\WINDOWS\System32\Jkn.exe
O4 - HKCU\..\Run: [Aka] C:\WINDOWS\System32\Heo.exe
O4 - HKCU\..\Run: [Tog] C:\WINDOWS\System32\Bos.exe
O4 - HKCU\..\Run: [Cld] C:\WINDOWS\System32\Usp.exe
O4 - HKCU\..\Run: [Ajl] C:\WINDOWS\System32\Cuv.exe
O4 - HKCU\..\Run: [Iqq] C:\WINDOWS\Afe.exe
O4 - HKCU\..\Run: [Rip] C:\WINDOWS\System32\Cms.exe
O4 - HKCU\..\Run: [Glr] C:\WINDOWS\Jju.exe
O4 - HKCU\..\Run: [Pba] C:\WINDOWS\Gvn.exe
O4 - HKCU\..\Run: [Nhh] C:\WINDOWS\System32\Asd.exe
O4 - HKCU\..\Run: [Mig] C:\WINDOWS\System32\Tuh.exe
O4 - HKCU\..\Run: [Att] C:\WINDOWS\System32\Ilr.exe
O4 - HKCU\..\Run: [Ajq] C:\WINDOWS\Jfi.exe
O4 - HKCU\..\Run: [Kjl] C:\WINDOWS\Fqc.exe
O4 - HKCU\..\Run: [Obk] C:\WINDOWS\Cvl.exe
O4 - HKCU\..\Run: [Dui] C:\WINDOWS\System32\Mfq.exe
O4 - HKCU\..\Run: [Fci] C:\WINDOWS\Vfm.exe
O4 - HKCU\..\Run: [Kmb] C:\WINDOWS\Mrl.exe
O4 - HKCU\..\Run: [Olp] C:\WINDOWS\Upa.exe
O4 - HKCU\..\Run: [Jjh] C:\WINDOWS\System32\Cvh.exe
O4 - HKCU\..\Run: [Nvn] C:\WINDOWS\Blv.exe
O4 - HKCU\..\Run: [Smu] C:\WINDOWS\System32\Mhf.exe
O4 - HKCU\..\Run: [Drs] C:\WINDOWS\Apn.exe
O4 - HKCU\..\Run: [Tns] C:\WINDOWS\System32\Kju.exe
O4 - HKCU\..\Run: [Bsl] C:\WINDOWS\System32\Jpq.exe
O4 - HKCU\..\Run: [Mhj] C:\WINDOWS\Ger.exe
O4 - HKCU\..\Run: [Dsg] C:\WINDOWS\Gls.exe
O4 - HKCU\..\Run: [Pnh] C:\WINDOWS\System32\Ani.exe
O4 - HKCU\..\Run: [Afe] C:\WINDOWS\System32\Meq.exe
O4 - HKCU\..\Run: [Khu] C:\WINDOWS\System32\Dne.exe
O4 - HKCU\..\Run: [Tlu] C:\WINDOWS\Qhu.exe
O4 - HKCU\..\Run: [Hdv] C:\WINDOWS\System32\Euc.exe
O4 - HKCU\..\Run: [Ons] C:\WINDOWS\System32\Gtq.exe
O4 - HKCU\..\Run: [Sds] C:\WINDOWS\Vjh.exe
O4 - HKCU\..\Run: [Unv] C:\WINDOWS\Bto.exe
O4 - HKCU\..\Run: [Ffi] C:\WINDOWS\System32\Ntv.exe
O4 - HKCU\..\Run: [Oqt] C:\WINDOWS\Cvv.exe
O4 - HKCU\..\Run: [Gsn] C:\WINDOWS\System32\Vnv.exe
O4 - HKCU\..\Run: [Ogt] C:\WINDOWS\Kot.exe
O4 - HKCU\..\Run: [Crj] C:\WINDOWS\System32\Tbk.exe
O4 - HKCU\..\Run: [Aln] C:\WINDOWS\System32\Jap.exe
O4 - HKCU\..\Run: [Lns] C:\WINDOWS\Vge.exe
O4 - HKCU\..\Run: [Kfk] C:\WINDOWS\Nlb.exe
O4 - HKCU\..\Run: [Msl] C:\WINDOWS\Iqs.exe
O4 - HKCU\..\Run: [Iis] C:\WINDOWS\Avf.exe
O4 - HKCU\..\Run: [Qfc] C:\WINDOWS\System32\Kkg.exe
O4 - HKCU\..\Run: [Mtj] C:\WINDOWS\Caf.exe
O4 - HKCU\..\Run: [Rho] C:\WINDOWS\System32\Hco.exe
O4 - HKCU\..\Run: [Llb] C:\WINDOWS\Nid.exe
O4 - HKCU\..\Run: [Iql] C:\WINDOWS\Hve.exe
O4 - HKCU\..\Run: [Vpr] C:\WINDOWS\System32\Jci.exe
O4 - HKCU\..\Run: [Vnc] C:\WINDOWS\Jnh.exe
O4 - HKCU\..\Run: [Jiq] C:\WINDOWS\Sbn.exe
O4 - HKCU\..\Run: [Ibj] C:\WINDOWS\System32\Cur.exe
O4 - HKCU\..\Run: [Qrj] C:\WINDOWS\Qqr.exe
O4 - HKCU\..\Run: [Gsj] C:\WINDOWS\Geu.exe
O4 - HKCU\..\Run: [Fbv] C:\WINDOWS\Btv.exe
O4 - HKCU\..\Run: [Cap] C:\WINDOWS\Sgb.exe
O4 - HKCU\..\Run: [Qje] C:\WINDOWS\System32\Rdk.exe
O4 - HKCU\..\Run: [Qvv] C:\WINDOWS\Jgv.exe
O4 - HKCU\..\Run: [Lqt] C:\WINDOWS\System32\Igd.exe
O4 - HKCU\..\Run: [Tkl] C:\WINDOWS\Sta.exe
O4 - HKCU\..\Run: [Ntd] C:\WINDOWS\Qjr.exe
O4 - HKCU\..\Run: [Qil] C:\WINDOWS\System32\Bgf.exe
O4 - HKCU\..\Run: [Arr] C:\WINDOWS\Iit.exe
O4 - HKCU\..\Run: [Osc] C:\WINDOWS\Oah.exe
O4 - HKCU\..\Run: [Grc] C:\WINDOWS\Bli.exe
O4 - HKCU\..\Run: [Vtp] C:\WINDOWS\System32\Iqr.exe
O4 - HKCU\..\Run: [Ode] C:\WINDOWS\System32\Tgi.exe
O4 - HKCU\..\Run: [Vpd] C:\WINDOWS\Gek.exe
O4 - HKCU\..\Run: [Oaj] C:\WINDOWS\System32\Jic.exe
O4 - HKCU\..\Run: [Eph] C:\WINDOWS\System32\Plg.exe
O4 - HKCU\..\Run: [Ouf] C:\WINDOWS\Rli.exe
O4 - HKCU\..\Run: [Ulk] C:\WINDOWS\System32\Qfu.exe
O4 - HKCU\..\Run: [Jpu] C:\WINDOWS\System3
-
(cont...)
O4 - HKCU\..\Run: [Cqc] C:\WINDOWS\System32\Reh.exe
O4 - HKCU\..\Run: [Cuh] C:\WINDOWS\System32\Kuv.exe
O4 - HKCU\..\Run: [Sve] C:\WINDOWS\System32\Ror.exe
O4 - HKCU\..\Run: [Jot] C:\WINDOWS\System32\Fjb.exe
O4 - HKCU\..\Run: [Tnt] C:\WINDOWS\Vej.exe
O4 - HKCU\..\Run: [Lej] C:\WINDOWS\System32\Vde.exe
O4 - HKCU\..\Run: [Hst] C:\WINDOWS\Eva.exe
O4 - HKCU\..\Run: [Vlk] C:\WINDOWS\System32\Ctv.exe
O4 - HKCU\..\Run: [Rjn] C:\WINDOWS\System32\Eef.exe
O4 - HKCU\..\Run: [Blk] C:\WINDOWS\Rqp.exe
O4 - HKCU\..\Run: [Pti] C:\WINDOWS\Bgc.exe
O4 - HKCU\..\Run: [Tov] C:\WINDOWS\Dmo.exe
O4 - HKCU\..\Run: [Ksl] C:\WINDOWS\Mbc.exe
O4 - HKCU\..\Run: [Bpa] C:\WINDOWS\System32\Kga.exe
O4 - HKCU\..\Run: [Tce] C:\WINDOWS\Rcc.exe
O4 - HKCU\..\Run: [Ggd] C:\WINDOWS\System32\Hbj.exe
O4 - HKCU\..\Run: [Dfd] C:\WINDOWS\Seb.exe
O4 - HKCU\..\Run: [Nrm] C:\WINDOWS\Rok.exe
O4 - HKCU\..\Run: [Jlr] C:\WINDOWS\System32\Vef.exe
O4 - HKCU\..\Run: [Oao] C:\WINDOWS\System32\Spb.exe
O4 - HKCU\..\Run: [Gba] C:\WINDOWS\System32\Kaa.exe
O4 - HKCU\..\Run: [Cpg] C:\WINDOWS\Tjs.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: winlogin.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.qck.cc
O15 - Trusted Zone: *.thawte.com
O15 - Trusted Zone: *.verisign.com
O15 - Trusted IP range: 66.197.161.149
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/148bbb68f9bf20...ip/RdxIE601.cab (http://\"http://software-dl.real.com/148bbb68f9bf2045cc05/netzip/RdxIE601.cab\")
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx (http://\"http://www.webshots.com/samplers/WSDownloader.ocx\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113861829921 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113861829921\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab\")
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx (http://\"http://install.service-url.de/InstallationsAssistent.ocx\")
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (http://\"http://cdn.digitalcity.com/_media/dalaillama/ampx.cab\")
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
...Sorry for the inconvenience...
-
*Bump*
Hey, just wonderring if this one's a lost cause.
Oh and any news on what Winds 2.4 might be? I'm wasn't really able to find anything on symantec about it.
-
That's definitely a long log, Ewido seems to be removing most of the bad files
Can you do the following please
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Give the link time to load or try it twice, it may be busy
Install for now, don't run a scan yet
==Download and then Install
Ewido Trojan Scanner (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We'll fix that later
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido
Please Print this out or save these instructions to a Notepad file and save it to your Desktop
Also, know how to start into safe mode in advance, if unsure, look at the link I supplied ahead of time
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Do another scan with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s (http://\"http://targetclicks.net/srch.php?qq=%s\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: (no name) - {40ACD919-DB90-4CC0-9D95-528CF4DF874C} - blank (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Name - {8C963C86-B8D8-4921-A841-D232D3F52B90} - blank (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Name - {DAF6B36E-6BF4-49A1-AF2D-79A8C6A74B2B} - blank (file missing)
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [scvhost] C:\WINDOWS\scvhost.exe
All 04 entries from this line
O4 - HKLM\..\Run: [Dha] C:\WINDOWS\Cth.exe
Right to this line
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe <-Don't check this line
Then carry on checking these next ones
O4 - HKLM\..\Run: [Tce] C:\WINDOWS\Rcc.exe
O4 - HKLM\..\Run: [Ggd] C:\WINDOWS\System32\Hbj.exe
O4 - HKLM\..\Run: [Dfd] C:\WINDOWS\Seb.exe
O4 - HKLM\..\Run: [Nrm] C:\WINDOWS\Rok.exe
O4 - HKLM\..\Run: [Jlr] C:\WINDOWS\System32\Vef.exe
O4 - HKLM\..\Run: [Oao] C:\WINDOWS\System32\Spb.exe
O4 - HKLM\..\Run: [Gba] C:\WINDOWS\System32\Kaa.exe
O4 - HKLM\..\Run: [Cpg] C:\WINDOWS\Tjs.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [scvhost] C:\WINDOWS\scvhost.exe
Then continue to fix all 04 entries from this line
O4 - HKCU\..\Run: [Dha] C:\WINDOWS\Cth.exe
Right up to, and including this next entry
O4 - Startup: PowerReg Scheduler.exe
Then carry on fixing the next ones I mention
O4 - Global Startup: winlogin.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O15 - Trusted Zone: *.qck.cc
O15 - Trusted Zone: *.thawte.com
O15 - Trusted Zone: *.verisign.com
O15 - Trusted IP range: 66.197.161.149
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/148bbb68f9bf20...ip/RdxIE601.cab (http://\"http://software-dl.real.com/148bbb68f9bf20...ip/RdxIE601.cab\")
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, after the single post beep, or use the link
I supplied for a more detailed explanation
Using Windows Explore>Find and delete these files or folders if found
I'm not going to ask you too find all the bad files yet, as I think Ewido will take care of many, but look for these ones for now and delete them if found
C:\WINDOWS\scvhost.exe <-this file, ONLY in the Windows folder, don't delete anything else because it looks similiar
C:\WINDOWS\System32\ntddetect.exe <-file
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe <-file
C:\WINDOWS\System32\x3yy <-this folder
==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Decline to Log off
Instead
==Open Ewido trojan scanner
Click on the Scanner button in the left menu, then click on the Start button. This scan can take a while, so give it time to run
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.
Save the report
Restart back to Normal mode
Download and Install the free version of Ad-Aware SE Personal 1.05 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Ensure you have this version or the paid version
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
RESTART your computer to finish the cleaning process
Run another scan with Hijackthis and post a fresh log
-
Hey, Sorry, I haven't been able to post for a while. Here's the new HJT logfile. The weird background I had is gone now, but, I still can't right-click or change display settings.
Logfile of HijackThis v1.99.1
Scan saved at 2:34:36 PM, on 5/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx (http://\"http://www.webshots.com/samplers/WSDownloader.ocx\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113861829921 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113861829921\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab\")
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx (http://\"http://install.service-url.de/InstallationsAssistent.ocx\")
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (http://\"http://cdn.digitalcity.com/_media/dalaillama/ampx.cab\")
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
-
Can you try the following please
Download and UNZIP to desktop
CWSSwap.zip
So you now have cws_swapx.reg and fixdesktop.reg on the desktop
[attachment=217:attachment]
Also, from my signature below, Download and save to desktop CWShredder.exe
I would Remove SpywareCleaner if you didn't pay for it, it's bogus
Restart into Safe mode
Find and delete this folder
C:\Program Files\Spyware Cleaner <-this folder
Make sure that winlogin.exe <<Notice the spelling, is gone
Don't mistake this file for winlogon.exe. Winlogon.exe is legitimate, don't delete it
Stay in safe mode
Double click on cws_swapx.reg and allow to Merge to the registry
Do the same with fixdesktop.reg
Do another scan with Hijackthis and put a check next to these entries:
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: winlogin.exe
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx (http://\"http://install.service-url.de/InstallationsAssistent.ocx\")
After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Run CWShredder.exe and click the FIX button
When it's done
Restart back to Normal mode and run another scan with Hijackthis and post a fresh log
-
Here's the newest Logfile. I've tried constantly to fix the winlogin file, but it's not letting me delete it. It keeps saying that I have to close it on Task Manager first... And when I check Task manager, only the winlogon is there. I even tried closing that, but it says that it can't close it because it's a critical program.
And what's worse is that 2 days ago, when I had time to continue working on this infection, my computer screen starts turning off and on as if it just about to open a game or something... it does this every often or so. It didn't bother me at first, cuz it only happened like once during the first day... but now it's goin crazy... I think it happens when it's trying to proccess something... It doesn't happen in safe mode though. I did a virus scan for that, but there were none found.
Logfile of HijackThis v1.99.1
Scan saved at 7:53:11 AM, on 5/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx (http://\"http://www.webshots.com/samplers/WSDownloader.ocx\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113861829921 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113861829921\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab\")
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (http://\"http://cdn.digitalcity.com/_media/dalaillama/ampx.cab\")
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
-
Can you open Hijackthis>>Open Misc tools Section>>Open "Delete a File on Reboot"
In the File name field copy and paste the bold line below to the full path of file to delete
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe
Next: Click the OPEN button
Hijackthis should prompt you that the file will be deleted on Reboot and to Restart your computer
Restart the computer and post a fresh Hijackthis log
-
hey, i've tried it like 3 times. its still not working. Everytime i delete upon reboot, i check the HJT log, and winlogin is still there. And now something's trippin with my screen. It keeps shutting off and on. for no reason. The monitor is still on... but the screen keeps going blank every so often, and then comes back.
It doesn't happen in safe mode though, which I'm currently in.
It's probably better to just to reformat?
i'll wait for your reply. If you still want to figure out whats happening, here's the HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 6:37:19 PM, on 5/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 (http://\"http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409\")
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx (http://\"http://www.webshots.com/samplers/WSDownloader.ocx\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113861829921 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113861829921\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab\")
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (http://\"http://cdn.digitalcity.com/_media/dalaillama/ampx.cab\")
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
-
Whoa, wait, I think I just got rid of it.... .... I just put it in the recycle bin and emptied it... did that do it? here's a 4 minute update of the HJT log...
Logfile of HijackThis v1.99.1
Scan saved at 6:49:04 PM, on 5/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 (http://\"http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409\")
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx (http://\"http://www.webshots.com/samplers/WSDownloader.ocx\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113861829921 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113861829921\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab\")
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab (http://\"http://cdn.digitalcity.com/_media/dalaillama/ampx.cab\")
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
-
Looks like you got it,
Earlier I asked you too manually delete that file and then run Windows CleanUp! in safe mode
Were you not able to do that?
Windows CleanUp! also cleans out the recycle bin
This is what I mentioned
Using Windows Explore>Find and delete these files or folders if found
I'm not going to ask you too find all the bad files yet, as I think Ewido will take care of many, but look for these ones for now and delete them if found
C:\WINDOWS\scvhost.exe <-this file, ONLY in the Windows folder, don't delete anything else because it looks similiar
C:\WINDOWS\System32\ntddetect.exe <-file
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe <-file
C:\WINDOWS\System32\x3yy <-this folder
==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Decline to Log off
I know you had a lot to cleanup in your log, you may of just missed that step...
I'm just checking for future reference
As a double check, can you make sure you Restart your computer and post back one more hijackthis log