Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - EchoStarter

Pages: [1]

Tech Clinic / Crazy infection... and Winds 2.4?

« on: May 17, 2005, 05:51:45 PM »

Whoa, wait, I think I just got rid of it.... .... I just put it in the recycle bin and emptied it... did that do it? here's a 4 minute update of the HJT log...

Logfile of HijackThis v1.99.1
Scan saved at 6:49:04 PM, on 5/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113861829921
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Tech Clinic / Crazy infection... and Winds 2.4?

« on: May 17, 2005, 05:37:41 PM »

hey, i've tried it like 3 times. its still not working. Everytime i delete upon reboot, i check the HJT log, and winlogin is still there. And now something's trippin with my screen. It keeps shutting off and on. for no reason. The monitor is still on... but the screen keeps going blank every so often, and then comes back.

It doesn't happen in safe mode though, which I'm currently in.

It's probably better to just to reformat?

i'll wait for your reply. If you still want to figure out whats happening, here's the HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 6:37:19 PM, on 5/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113861829921
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Tech Clinic / Crazy infection... and Winds 2.4?

« on: May 12, 2005, 01:40:25 PM »

Hey, Sorry, I haven't been able to post for a while. Here's the new HJT logfile. The weird background I had is gone now, but, I still can't right-click or change display settings.

Logfile of HijackThis v1.99.1
Scan saved at 2:34:36 PM, on 5/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113861829921
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Tech Clinic / Crazy infection... and Winds 2.4?

« on: May 08, 2005, 06:16:10 PM »

*Bump*
Hey, just wonderring if this one's a lost cause.
Oh and any news on what Winds 2.4 might be? I'm wasn't really able to find anything on symantec about it.

Tech Clinic / Crazy infection... and Winds 2.4?

« on: May 08, 2005, 12:47:30 PM »

(cont...)

O4 - HKCU\..\Run: [Cqc] C:\WINDOWS\System32\Reh.exe
O4 - HKCU\..\Run: [Cuh] C:\WINDOWS\System32\Kuv.exe
O4 - HKCU\..\Run: [Sve] C:\WINDOWS\System32\Ror.exe
O4 - HKCU\..\Run: [Jot] C:\WINDOWS\System32\Fjb.exe
O4 - HKCU\..\Run: [Tnt] C:\WINDOWS\Vej.exe
O4 - HKCU\..\Run: [Lej] C:\WINDOWS\System32\Vde.exe
O4 - HKCU\..\Run: [Hst] C:\WINDOWS\Eva.exe
O4 - HKCU\..\Run: [Vlk] C:\WINDOWS\System32\Ctv.exe
O4 - HKCU\..\Run: [Rjn] C:\WINDOWS\System32\Eef.exe
O4 - HKCU\..\Run: [Blk] C:\WINDOWS\Rqp.exe
O4 - HKCU\..\Run: [Pti] C:\WINDOWS\Bgc.exe
O4 - HKCU\..\Run: [Tov] C:\WINDOWS\Dmo.exe
O4 - HKCU\..\Run: [Ksl] C:\WINDOWS\Mbc.exe
O4 - HKCU\..\Run: [Bpa] C:\WINDOWS\System32\Kga.exe
O4 - HKCU\..\Run: [Tce] C:\WINDOWS\Rcc.exe
O4 - HKCU\..\Run: [Ggd] C:\WINDOWS\System32\Hbj.exe
O4 - HKCU\..\Run: [Dfd] C:\WINDOWS\Seb.exe
O4 - HKCU\..\Run: [Nrm] C:\WINDOWS\Rok.exe
O4 - HKCU\..\Run: [Jlr] C:\WINDOWS\System32\Vef.exe
O4 - HKCU\..\Run: [Oao] C:\WINDOWS\System32\Spb.exe
O4 - HKCU\..\Run: [Gba] C:\WINDOWS\System32\Kaa.exe
O4 - HKCU\..\Run: [Cpg] C:\WINDOWS\Tjs.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: winlogin.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.qck.cc
O15 - Trusted Zone: *.thawte.com
O15 - Trusted Zone: *.verisign.com
O15 - Trusted IP range: 66.197.161.149
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/148bbb68f9bf20...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113861829921
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.service-url.de/InstallationsAssistent.ocx
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

...Sorry for the inconvenience...

Tech Clinic / Crazy infection... and Winds 2.4?

« on: May 08, 2005, 12:38:36 PM »

Hey I'm not really too computer savvy, but, I'm pretty sure that there's something wrong with my comp.

A month ago, my comp got infected with a virus. I didn't get to really fix it until recently because I didn't have an anti-virus. The main problem among others was that I couldn't right-click, my display settings were locked, and my desktop icons other than My Computer, Network Places, My Documents, Recycle Bin, and Outlook Express would duplicate itself. Right now my desktop wallpaper is some sort of interactive background that links me SmartSecurity.com... Oh, and at every restart, there would be like 500 applications opening... I have no idea why.

So I got Norton Anti-Virus and scanned my comp. It picked up a lot of viruses, contained them, and deleted them. I restarted, rescanned to make sure. It picked up 3 or 4 more lying around. repeated the proccess until it no longer picked up any. But, the main problem still remains. Display settings still locked, right-click still locked, and duplications still occur. The 500 application doesn't happen anymore though.

I tried to look through Add/Remove Programs to see if there was anything that might've been the cause... Nothing seemed too suspicious because I remember installing all of them, except for one. I'm thinking one might be the cause. It's called Winds 2.4 because I don't remember that being there before. Does anyone know what the problem may be? or know what Winds 2.4 is?

Here's the HiJack This log (i think most of those 04 files were the 500 apps that kept opening):

Logfile of HijackThis v1.99.1
Scan saved at 1:13:34 PM, on 5/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: (no name) - {40ACD919-DB90-4CC0-9D95-528CF4DF874C} - blank (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Name - {8C963C86-B8D8-4921-A841-D232D3F52B90} - blank (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Name - {DAF6B36E-6BF4-49A1-AF2D-79A8C6A74B2B} - blank (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [scvhost] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Dha] C:\WINDOWS\Cth.exe
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\Run: [Rei] C:\WINDOWS\System32\Gkn.exe
O4 - HKLM\..\Run: [Hic] C:\WINDOWS\Tdh.exe
O4 - HKLM\..\Run: [Jqd] C:\WINDOWS\System32\Vmk.exe
O4 - HKLM\..\Run: [Vkq] C:\WINDOWS\Hhc.exe
O4 - HKLM\..\Run: [Ijh] C:\WINDOWS\System32\Tib.exe
O4 - HKLM\..\Run: [Jel] C:\WINDOWS\System32\Rrb.exe
O4 - HKLM\..\Run: [Bli] C:\WINDOWS\System32\Gce.exe
O4 - HKLM\..\Run: [Aeg] C:\WINDOWS\Pre.exe
O4 - HKLM\..\Run: [Irn] C:\WINDOWS\Nls.exe
O4 - HKLM\..\Run: [Jej] C:\WINDOWS\System32\Abn.exe
O4 - HKLM\..\Run: [Iej] C:\WINDOWS\Bpb.exe
O4 - HKLM\..\Run: [Kbs] C:\WINDOWS\Tli.exe
O4 - HKLM\..\Run: [Jsc] C:\WINDOWS\Foh.exe
O4 - HKLM\..\Run: [Ukb] C:\WINDOWS\System32\Cir.exe
O4 - HKLM\..\Run: [Fka] C:\WINDOWS\System32\Aer.exe
O4 - HKLM\..\Run: [Ouu] C:\WINDOWS\Ulg.exe
O4 - HKLM\..\Run: [Lol] C:\WINDOWS\System32\Tcm.exe
O4 - HKLM\..\Run: [Rlk] C:\WINDOWS\Lsc.exe
O4 - HKLM\..\Run: [Vhp] C:\WINDOWS\System32\Usd.exe
O4 - HKLM\..\Run: [Psv] C:\WINDOWS\Usm.exe
O4 - HKLM\..\Run: [Hml] C:\WINDOWS\System32\Vts.exe
O4 - HKLM\..\Run: [Nnu] C:\WINDOWS\System32\Tak.exe
O4 - HKLM\..\Run: [Edf] C:\WINDOWS\System32\Ree.exe
O4 - HKLM\..\Run: [Dbo] C:\WINDOWS\System32\Rhq.exe
O4 - HKLM\..\Run: [Jui] C:\WINDOWS\Sem.exe
O4 - HKLM\..\Run: [Enm] C:\WINDOWS\System32\Ana.exe
O4 - HKLM\..\Run: [Msb] C:\WINDOWS\System32\Cuc.exe
O4 - HKLM\..\Run: [Lrp] C:\WINDOWS\Gjf.exe
O4 - HKLM\..\Run: [Mgg] C:\WINDOWS\System32\Noo.exe
O4 - HKLM\..\Run: [Mpi] C:\WINDOWS\System32\Faq.exe
O4 - HKLM\..\Run: [Dvt] C:\WINDOWS\Onm.exe
O4 - HKLM\..\Run: [Teg] C:\WINDOWS\System32\Rui.exe
O4 - HKLM\..\Run: [Uvo] C:\WINDOWS\Btt.exe
O4 - HKLM\..\Run: [Hdl] C:\WINDOWS\System32\Qul.exe
O4 - HKLM\..\Run: [Lfl] C:\WINDOWS\System32\Hsl.exe
O4 - HKLM\..\Run: [Qcg] C:\WINDOWS\Cni.exe
O4 - HKLM\..\Run: [Ejb] C:\WINDOWS\System32\Eju.exe
O4 - HKLM\..\Run: [Mek] C:\WINDOWS\Rec.exe
O4 - HKLM\..\Run: [Iod] C:\WINDOWS\Sfl.exe
O4 - HKLM\..\Run: [Eec] C:\WINDOWS\System32\Cjr.exe
O4 - HKLM\..\Run: [Dhb] C:\WINDOWS\System32\Por.exe
O4 - HKLM\..\Run: [Nen] C:\WINDOWS\System32\Pcq.exe
O4 - HKLM\..\Run: [Eja] C:\WINDOWS\System32\Rgn.exe
O4 - HKLM\..\Run: [Mie] C:\WINDOWS\System32\Ece.exe
O4 - HKLM\..\Run: [Omh] C:\WINDOWS\Rrb.exe
O4 - HKLM\..\Run: [Hrv] C:\WINDOWS\System32\Kuu.exe
O4 - HKLM\..\Run: [Hub] C:\WINDOWS\Tkm.exe
O4 - HKLM\..\Run: [Dvs] C:\WINDOWS\Obr.exe
O4 - HKLM\..\Run: [Fqr] C:\WINDOWS\Haj.exe
O4 - HKLM\..\Run: [Doi] C:\WINDOWS\Vml.exe
O4 - HKLM\..\Run: [Chb] C:\WINDOWS\Hqp.exe
O4 - HKLM\..\Run: [Bmg] C:\WINDOWS\System32\Nsr.exe
O4 - HKLM\..\Run: [Tfo] C:\WINDOWS\System32\Kat.exe
O4 - HKLM\..\Run: [Ncf] C:\WINDOWS\System32\Ppp.exe
O4 - HKLM\..\Run: [Bbu] C:\WINDOWS\System32\Ktf.exe
O4 - HKLM\..\Run: [Jgv] C:\WINDOWS\Rvk.exe
O4 - HKLM\..\Run: [Pef] C:\WINDOWS\Bcp.exe
O4 - HKLM\..\Run: [Ial] C:\WINDOWS\Mpn.exe
O4 - HKLM\..\Run: [Rpt] C:\WINDOWS\Rac.exe
O4 - HKLM\..\Run: [Pou] C:\WINDOWS\Mjt.exe
O4 - HKLM\..\Run: [Mrs] C:\WINDOWS\System32\Ksn.exe
O4 - HKLM\..\Run: [Akn] C:\WINDOWS\System32\Uau.exe
O4 - HKLM\..\Run: [Sdm] C:\WINDOWS\System32\Mbc.exe
O4 - HKLM\..\Run: [Fch] C:\WINDOWS\Cmk.exe
O4 - HKLM\..\Run: [Dbk] C:\WINDOWS\System32\Bkq.exe
O4 - HKLM\..\Run: [Moh] C:\WINDOWS\Mbc.exe
O4 - HKLM\..\Run: [Pga] C:\WINDOWS\System32\Qqb.exe
O4 - HKLM\..\Run: [Lmj] C:\WINDOWS\Meq.exe
O4 - HKLM\..\Run: [Uhe] C:\WINDOWS\System32\Riu.exe
O4 - HKLM\..\Run: [Qgf] C:\WINDOWS\Tto.exe
O4 - HKLM\..\Run: [Dgk] C:\WINDOWS\System32\Iai.exe
O4 - HKLM\..\Run: [Knq] C:\WINDOWS\System32\Ntn.exe
O4 - HKLM\..\Run: [Mnk] C:\WINDOWS\System32\Ica.exe
O4 - HKLM\..\Run: [Cii] C:\WINDOWS\System32\Vce.exe
O4 - HKLM\..\Run: [Ups] C:\WINDOWS\System32\Bba.exe
O4 - HKLM\..\Run: [Sng] C:\WINDOWS\System32\Cat.exe
O4 - HKLM\..\Run: [Pfl] C:\WINDOWS\System32\Dcr.exe
O4 - HKLM\..\Run: [Ivd] C:\WINDOWS\System32\Ith.exe
O4 - HKLM\..\Run: [Fuv] C:\WINDOWS\System32\Ucg.exe
O4 - HKLM\..\Run: [Btg] C:\WINDOWS\Hlb.exe
O4 - HKLM\..\Run: [Ugg] C:\WINDOWS\System32\Ukj.exe
O4 - HKLM\..\Run: [Nal] C:\WINDOWS\System32\Ocg.exe
O4 - HKLM\..\Run: [Roa] C:\WINDOWS\System32\Odf.exe
O4 - HKLM\..\Run: [Jhi] C:\WINDOWS\System32\Orf.exe
O4 - HKLM\..\Run: [Doh] C:\WINDOWS\Occ.exe
O4 - HKLM\..\Run: [Phl] C:\WINDOWS\System32\Fks.exe
O4 - HKLM\..\Run: [Jcn] C:\WINDOWS\System32\Elk.exe
O4 - HKLM\..\Run: [Gfs] C:\WINDOWS\Iul.exe
O4 - HKLM\..\Run: [Ahf] C:\WINDOWS\Abi.exe
O4 - HKLM\..\Run: [Aje] C:\WINDOWS\System32\Qgc.exe
O4 - HKLM\..\Run: [Cev] C:\WINDOWS\System32\Onk.exe
O4 - HKLM\..\Run: [Pfo] C:\WINDOWS\System32\Ees.exe
O4 - HKLM\..\Run: [Pjk] C:\WINDOWS\Uhp.exe
O4 - HKLM\..\Run: [Dhu] C:\WINDOWS\System32\Pto.exe
O4 - HKLM\..\Run: [Gst] C:\WINDOWS\System32\Gnb.exe
O4 - HKLM\..\Run: [Aeu] C:\WINDOWS\Uog.exe
O4 - HKLM\..\Run: [Hte] C:\WINDOWS\System32\Kdf.exe
O4 - HKLM\..\Run: [Uug] C:\WINDOWS\Hbl.exe
O4 - HKLM\..\Run: [Gpi] C:\WINDOWS\System32\Ckg.exe
O4 - HKLM\..\Run: [Csj] C:\WINDOWS\Qkm.exe
O4 - HKLM\..\Run: [Rih] C:\WINDOWS\Pva.exe
O4 - HKLM\..\Run: [Hqb] C:\WINDOWS\God.exe
O4 - HKLM\..\Run: [Rrm] C:\WINDOWS\System32\Tsj.exe
O4 - HKLM\..\Run: [Vvu] C:\WINDOWS\Vtv.exe
O4 - HKLM\..\Run: [Qee] C:\WINDOWS\System32\Ame.exe
O4 - HKLM\..\Run: [Vec] C:\WINDOWS\Qnn.exe
O4 - HKLM\..\Run: [Opp] C:\WINDOWS\System32\Gqo.exe
O4 - HKLM\..\Run: [Rcs] C:\WINDOWS\Lkt.exe
O4 - HKLM\..\Run: [Omc] C:\WINDOWS\System32\Ebc.exe
O4 - HKLM\..\Run: [Clg] C:\WINDOWS\System32\Gtd.exe
O4 - HKLM\..\Run: [Rkk] C:\WINDOWS\Eff.exe
O4 - HKLM\..\Run: [Jos] C:\WINDOWS\System32\Kal.exe
O4 - HKLM\..\Run: [Ofp] C:\WINDOWS\System32\Cmq.exe
O4 - HKLM\..\Run: [Vst] C:\WINDOWS\Jal.exe
O4 - HKLM\..\Run: [Nbd] C:\WINDOWS\Tdm.exe
O4 - HKLM\..\Run: [Nbr] C:\WINDOWS\System32\Hof.exe
O4 - HKLM\..\Run: [Ubo] C:\WINDOWS\System32\Skg.exe
O4 - HKLM\..\Run: [Dog] C:\WINDOWS\Psr.exe
O4 - HKLM\..\Run: [Qcs] C:\WINDOWS\Sls.exe
O4 - HKLM\..\Run: [Lkt] C:\WINDOWS\System32\Ksv.exe
O4 - HKLM\..\Run: [Occ] C:\WINDOWS\Nrt.exe
O4 - HKLM\..\Run: [Qqa] C:\WINDOWS\System32\Coa.exe
O4 - HKLM\..\Run: [Kri] C:\WINDOWS\System32\Tte.exe
O4 - HKLM\..\Run: [Mib] C:\WINDOWS\Tmj.exe
O4 - HKLM\..\Run: [Cbn] C:\WINDOWS\Gol.exe
O4 - HKLM\..\Run: [Rke] C:\WINDOWS\Tuh.exe
O4 - HKLM\..\Run: [Uin] C:\WINDOWS\Mpr.exe
O4 - HKLM\..\Run: [Efm] C:\WINDOWS\System32\Ist.exe
O4 - HKLM\..\Run: [Ptf] C:\WINDOWS\System32\Gpk.exe
O4 - HKLM\..\Run: [Klp] C:\WINDOWS\Atd.exe
O4 - HKLM\..\Run: [Fgc] C:\WINDOWS\System32\Oqp.exe
O4 - HKLM\..\Run: [Pbm] C:\WINDOWS\System32\Lsl.exe
O4 - HKLM\..\Run: [Rrb] C:\WINDOWS\Ick.exe
O4 - HKLM\..\Run: [Ffe] C:\WINDOWS\Mho.exe
O4 - HKLM\..\Run: [Cou] C:\WINDOWS\System32\Htf.exe
O4 - HKLM\..\Run: [Dpi] C:\WINDOWS\System32\Fvo.exe
O4 - HKLM\..\Run: [Dlu] C:\WINDOWS\System32\Vig.exe
O4 - HKLM\..\Run: [Ceb] C:\WINDOWS\Mbj.exe
O4 - HKLM\..\Run: [Ehc] C:\WINDOWS\Ceo.exe
O4 - HKLM\..\Run: [Qkf] C:\WINDOWS\Dtk.exe
O4 - HKLM\..\Run: [Kkc] C:\WINDOWS\System32\Ocd.exe
O4 - HKLM\..\Run: [Dft] C:\WINDOWS\System32\Hpc.exe
O4 - HKLM\..\Run: [Amf] C:\WINDOWS\Ceh.exe
O4 - HKLM\..\Run: [Gdi] C:\WINDOWS\System32\Ksv.exe
O4 - HKLM\..\Run: [Dlm] C:\WINDOWS\Rsj.exe
O4 - HKLM\..\Run: [Vta] C:\WINDOWS\Aia.exe
O4 - HKLM\..\Run: [Shi] C:\WINDOWS\Mhk.exe
O4 - HKLM\..\Run: [Akg] C:\WINDOWS\Tjg.exe
O4 - HKLM\..\Run: [Jft] C:\WINDOWS\System32\Ulh.exe
O4 - HKLM\..\Run: [Jam] C:\WINDOWS\System32\Ucs.exe
O4 - HKLM\..\Run: [Ooo] C:\WINDOWS\System32\Vdi.exe
O4 - HKLM\..\Run: [Nbi] C:\WINDOWS\System32\Hub.exe
O4 - HKLM\..\Run: [Vbh] C:\WINDOWS\System32\Ljt.exe
O4 - HKLM\..\Run: [Lob] C:\WINDOWS\System32\Blj.exe
O4 - HKLM\..\Run: [Aqn] C:\WINDOWS\Lfa.exe
O4 - HKLM\..\Run: [Bvp] C:\WINDOWS\Igd.exe
O4 - HKLM\..\Run: [Lmd] C:\WINDOWS\Ipd.exe
O4 - HKLM\..\Run: [Fco] C:\WINDOWS\Que.exe
O4 - HKLM\..\Run: [Log] C:\WINDOWS\Itb.exe
O4 - HKLM\..\Run: [Vvo] C:\WINDOWS\Cdo.exe
O4 - HKLM\..\Run: [Aap] C:\WINDOWS\Sre.exe
O4 - HKLM\..\Run: [Qqr] C:\WINDOWS\System32\Cbg.exe
O4 - HKLM\..\Run: [Ppd] C:\WINDOWS\Ehh.exe
O4 - HKLM\..\Run: [Egd] C:\WINDOWS\System32\Shc.exe
O4 - HKLM\..\Run: [Frv] C:\WINDOWS\System32\Gag.exe
O4 - HKLM\..\Run: [Qrb] C:\WINDOWS\System32\Fml.exe
O4 - HKLM\..\Run: [Cqd] C:\WINDOWS\Rhp.exe
O4 - HKLM\..\Run: [Ipn] C:\WINDOWS\Tuk.exe
O4 - HKLM\..\Run: [Ltu] C:\WINDOWS\System32\Pmh.exe
O4 - HKLM\..\Run: [Mbo] C:\WINDOWS\Kek.exe
O4 - HKLM\..\Run: [Klk] C:\WINDOWS\System32\Jef.exe
O4 - HKLM\..\Run: [Cno] C:\WINDOWS\Fjp.exe
O4 - HKLM\..\Run: [Rsn] C:\WINDOWS\Rpl.exe
O4 - HKLM\..\Run: [Ioi] C:\WINDOWS\Jgt.exe
O4 - HKLM\..\Run: [Ebk] C:\WINDOWS\System32\Ndj.exe
O4 - HKLM\..\Run: [Nkj] C:\WINDOWS\System32\Hro.exe
O4 - HKLM\..\Run: [Mne] C:\WINDOWS\Jnt.exe
O4 - HKLM\..\Run: [Kfp] C:\WINDOWS\System32\Mak.exe
O4 - HKLM\..\Run: [Vpa] C:\WINDOWS\Cok.exe
O4 - HKLM\..\Run: [Qev] C:\WINDOWS\Oet.exe
O4 - HKLM\..\Run: [Ani] C:\WINDOWS\System32\Tro.exe
O4 - HKLM\..\Run: [Ksc] C:\WINDOWS\Rng.exe
O4 - HKLM\..\Run: [Jga] C:\WINDOWS\System32\Eoc.exe
O4 - HKLM\..\Run: [Cil] C:\WINDOWS\System32\Bdi.exe
O4 - HKLM\..\Run: [Oss] C:\WINDOWS\Hvn.exe
O4 - HKLM\..\Run: [Nuj] C:\WINDOWS\System32\Gvc.exe
O4 - HKLM\..\Run: [Ljg] C:\WINDOWS\Lmh.exe
O4 - HKLM\..\Run: [Oih] C:\WINDOWS\System32\Mao.exe
O4 - HKLM\..\Run: [Skf] C:\WINDOWS\Gjm.exe
O4 - HKLM\..\Run: [Nsk] C:\WINDOWS\System32\Men.exe
O4 - HKLM\..\Run: [Lbg] C:\WINDOWS\System32\Rbr.exe
O4 - HKLM\..\Run: [Sfq] C:\WINDOWS\System32\Nus.exe
O4 - HKLM\..\Run: [Erc] C:\WINDOWS\System32\Son.exe
O4 - HKLM\..\Run: [Rks] C:\WINDOWS\System32\Nas.exe
O4 - HKLM\..\Run: [Mcn] C:\WINDOWS\Dnp.exe
O4 - HKLM\..\Run: [Pep] C:\WINDOWS\System32\Mqe.exe
O4 - HKLM\..\Run: [Mah] C:\WINDOWS\System32\Dav.exe
O4 - HKLM\..\Run: [Lfv] C:\WINDOWS\System32\Luu.exe
O4 - HKLM\..\Run: [Oqm] C:\WINDOWS\Rkq.exe
O4 - HKLM\..\Run: [Nlo] C:\WINDOWS\Kdf.exe
O4 - HKLM\..\Run: [Vrv] C:\WINDOWS\Ppi.exe
O4 - HKLM\..\Run: [Bss] C:\WINDOWS\System32\Egs.exe
O4 - HKLM\..\Run: [Jid] C:\WINDOWS\System32\Tha.exe
O4 - HKLM\..\Run: [Fiv] C:\WINDOWS\System32\Dub.exe
O4 - HKLM\..\Run: [Ajb] C:\WINDOWS\System32\Gfk.exe
O4 - HKLM\..\Run: [Rim] C:\WINDOWS\System32\Quj.exe
O4 - HKLM\..\Run: [Jtu] C:\WINDOWS\Pfp.exe
O4 - HKLM\..\Run: [Cis] C:\WINDOWS\Onk.exe
O4 - HKLM\..\Run: [Kuo] C:\WINDOWS\Ppv.exe
O4 - HKLM\..\Run: [Lov] C:\WINDOWS\System32\Lmh.exe
O4 - HKLM\..\Run: [Viv] C:\WINDOWS\Dlp.exe
O4 - HKLM\..\Run: [Sob] C:\WINDOWS\System32\Nir.exe
O4 - HKLM\..\Run: [Kmh] C:\WINDOWS\System32\Dkd.exe
O4 - HKLM\..\Run: [Ohv] C:\WINDOWS\Edk.exe
O4 - HKLM\..\Run: [Qqn] C:\WINDOWS\System32\Bvo.exe
O4 - HKLM\..\Run: [Ctq] C:\WINDOWS\Dgk.exe
O4 - HKLM\..\Run: [Pct] C:\WINDOWS\Bcm.exe
O4 - HKLM\..\Run: [Fcq] C:\WINDOWS\System32\Fpb.exe
O4 - HKLM\..\Run: [Jgc] C:\WINDOWS\Hcc.exe
O4 - HKLM\..\Run: [Khl] C:\WINDOWS\System32\Dkq.exe
O4 - HKLM\..\Run: [Iai] C:\WINDOWS\System32\Vpf.exe
O4 - HKLM\..\Run: [Qaa] C:\WINDOWS\Lne.exe
O4 - HKLM\..\Run: [Buo] C:\WINDOWS\Ege.exe
O4 - HKLM\..\Run: [Iet] C:\WINDOWS\System32\Aqp.exe
O4 - HKLM\..\Run: [Unk] C:\WINDOWS\Rgu.exe
O4 - HKLM\..\Run: [Bqm] C:\WINDOWS\System32\Sql.exe
O4 - HKLM\..\Run: [Kgk] C:\WINDOWS\Cjt.exe
O4 - HKLM\..\Run: [Hdf] C:\WINDOWS\Uvi.exe
O4 - HKLM\..\Run: [Tfl] C:\WINDOWS\System32\Tig.exe
O4 - HKLM\..\Run: [Oks] C:\WINDOWS\System32\Oue.exe
O4 - HKLM\..\Run: [Qgb] C:\WINDOWS\Gvb.exe
O4 - HKLM\..\Run: [Mvr] C:\WINDOWS\Sob.exe
O4 - HKLM\..\Run: [Hfu] C:\WINDOWS\Upl.exe
O4 - HKLM\..\Run: [Sph] C:\WINDOWS\System32\Fef.exe
O4 - HKLM\..\Run: [Tul] C:\WINDOWS\Ago.exe
O4 - HKLM\..\Run: [Ied] C:\WINDOWS\Lju.exe
O4 - HKLM\..\Run: [Vqn] C:\WINDOWS\System32\Tlm.exe
O4 - HKLM\..\Run: [Nuq] C:\WINDOWS\System32\Jav.exe
O4 - HKLM\..\Run: [Clh] C:\WINDOWS\System32\Etp.exe
O4 - HKLM\..\Run: [Kqg] C:\WINDOWS\System32\Nsa.exe
O4 - HKLM\..\Run: [Rju] C:\WINDOWS\Atc.exe
O4 - HKLM\..\Run: [Nqa] C:\WINDOWS\Nif.exe
O4 - HKLM\..\Run: [Nrv] C:\WINDOWS\System32\Arh.exe
O4 - HKLM\..\Run: [Css] C:\WINDOWS\System32\Qsk.exe
O4 - HKLM\..\Run: [Dep] C:\WINDOWS\System32\Enh.exe
O4 - HKLM\..\Run: [Amu] C:\WINDOWS\Tat.exe
O4 - HKLM\..\Run: [Cqr] C:\WINDOWS\System32\Mka.exe
O4 - HKLM\..\Run: [Qpa] C:\WINDOWS\Mea.exe
O4 - HKLM\..\Run: [Ubl] C:\WINDOWS\Lql.exe
O4 - HKLM\..\Run: [Qqf] C:\WINDOWS\System32\Msq.exe
O4 - HKLM\..\Run: [Rbs] C:\WINDOWS\Spv.exe
O4 - HKLM\..\Run: [Rvf] C:\WINDOWS\Sru.exe
O4 - HKLM\..\Run: [Nsq] C:\WINDOWS\System32\Pfj.exe
O4 - HKLM\..\Run: [Suk] C:\WINDOWS\System32\Jiv.exe
O4 - HKLM\..\Run: [Ktf] C:\WINDOWS\Fms.exe
O4 - HKLM\..\Run: [Efu] C:\WINDOWS\Fsm.exe
O4 - HKLM\..\Run: [Ubn] C:\WINDOWS\System32\Hvi.exe
O4 - HKLM\..\Run: [Ngp] C:\WINDOWS\System32\Hlp.exe
O4 - HKLM\..\Run: [Nlu] C:\WINDOWS\System32\Hjo.exe
O4 - HKLM\..\Run: [Ucc] C:\WINDOWS\System32\Rie.exe
O4 - HKLM\..\Run: [Uuo] C:\WINDOWS\Egv.exe
O4 - HKLM\..\Run: [Nfj] C:\WINDOWS\Iku.exe
O4 - HKLM\..\Run: [Jlu] C:\WINDOWS\System32\Mcr.exe
O4 - HKLM\..\Run: [Qvg] C:\WINDOWS\System32\Net.exe
O4 - HKLM\..\Run: [Qrq] C:\WINDOWS\Mst.exe
O4 - HKLM\..\Run: [Mgk] C:\WINDOWS\System32\Ulc.exe
O4 - HKLM\..\Run: [Geu] C:\WINDOWS\System32\Aoq.exe
O4 - HKLM\..\Run: [Gvh] C:\WINDOWS\System32\Ovu.exe
O4 - HKLM\..\Run: [Jnv] C:\WINDOWS\Uqr.exe
O4 - HKLM\..\Run: [Jrm] C:\WINDOWS\Muc.exe
O4 - HKLM\..\Run: [Lge] C:\WINDOWS\System32\Sej.exe
O4 - HKLM\..\Run: [Nvd] C:\WINDOWS\System32\Nvs.exe
O4 - HKLM\..\Run: [Vmk] C:\WINDOWS\System32\Iek.exe
O4 - HKLM\..\Run: [Aee] C:\WINDOWS\System32\Rlp.exe
O4 - HKLM\..\Run: [Ucb] C:\WINDOWS\System32\Occ.exe
O4 - HKLM\..\Run: [Qpv] C:\WINDOWS\System32\Fou.exe
O4 - HKLM\..\Run: [Kft] C:\WINDOWS\Uqv.exe
O4 - HKLM\..\Run: [Ovs] C:\WINDOWS\Lrt.exe
O4 - HKLM\..\Run: [Ape] C:\WINDOWS\System32\Qcg.exe
O4 - HKLM\..\Run: [Iov] C:\WINDOWS\System32\Mgd.exe
O4 - HKLM\..\Run: [Vuu] C:\WINDOWS\Eai.exe
O4 - HKLM\..\Run: [Ljb] C:\WINDOWS\System32\Tfc.exe
O4 - HKLM\..\Run: [Mpr] C:\WINDOWS\Mbi.exe
O4 - HKLM\..\Run: [Ghr] C:\WINDOWS\System32\Ihh.exe
O4 - HKLM\..\Run: [Ord] C:\WINDOWS\Icn.exe
O4 - HKLM\..\Run: [Rdu] C:\WINDOWS\System32\Gev.exe
O4 - HKLM\..\Run: [Kbc] C:\WINDOWS\Nrs.exe
O4 - HKLM\..\Run: [Ule] C:\WINDOWS\Fif.exe
O4 - HKLM\..\Run: [Jth] C:\WINDOWS\System32\Kmv.exe
O4 - HKLM\..\Run: [Gpe] C:\WINDOWS\System32\Mdg.exe
O4 - HKLM\..\Run: [Sca] C:\WINDOWS\Baq.exe
O4 - HKLM\..\Run: [Qtj] C:\WINDOWS\System32\Qco.exe
O4 - HKLM\..\Run: [Gls] C:\WINDOWS\System32\Ese.exe
O4 - HKLM\..\Run: [Ibk] C:\WINDOWS\System32\Ckc.exe
O4 - HKLM\..\Run: [Pkm] C:\WINDOWS\Flr.exe
O4 - HKLM\..\Run: [Bnd] C:\WINDOWS\System32\Ogn.exe
O4 - HKLM\..\Run: [Pif] C:\WINDOWS\System32\Jkn.exe
O4 - HKLM\..\Run: [Aka] C:\WINDOWS\System32\Heo.exe
O4 - HKLM\..\Run: [Tog] C:\WINDOWS\System32\Bos.exe
O4 - HKLM\..\Run: [Cld] C:\WINDOWS\System32\Usp.exe
O4 - HKLM\..\Run: [Ajl] C:\WINDOWS\System32\Cuv.exe
O4 - HKLM\..\Run: [Iqq] C:\WINDOWS\Afe.exe
O4 - HKLM\..\Run: [Rip] C:\WINDOWS\System32\Cms.exe
O4 - HKLM\..\Run: [Glr] C:\WINDOWS\Jju.exe
O4 - HKLM\..\Run: [Pba] C:\WINDOWS\Gvn.exe
O4 - HKLM\..\Run: [Nhh] C:\WINDOWS\System32\Asd.exe
O4 - HKLM\..\Run: [Mig] C:\WINDOWS\System32\Tuh.exe
O4 - HKLM\..\Run: [Att] C:\WINDOWS\System32\Ilr.exe
O4 - HKLM\..\Run: [Ajq] C:\WINDOWS\Jfi.exe
O4 - HKLM\..\Run: [Kjl] C:\WINDOWS\Fqc.exe
O4 - HKLM\..\Run: [Obk] C:\WINDOWS\Cvl.exe
O4 - HKLM\..\Run: [Dui] C:\WINDOWS\System32\Mfq.exe
O4 - HKLM\..\Run: [Fci] C:\WINDOWS\Vfm.exe
O4 - HKLM\..\Run: [Kmb] C:\WINDOWS\Mrl.exe
O4 - HKLM\..\Run: [Olp] C:\WINDOWS\Upa.exe
O4 - HKLM\..\Run: [Jjh] C:\WINDOWS\System32\Cvh.exe
O4 - HKLM\..\Run: [Nvn] C:\WINDOWS\Blv.exe
O4 - HKLM\..\Run: [Smu] C:\WINDOWS\System32\Mhf.exe
O4 - HKLM\..\Run: [Drs] C:\WINDOWS\Apn.exe
O4 - HKLM\..\Run: [Tns] C:\WINDOWS\System32\Kju.exe
O4 - HKLM\..\Run: [Bsl] C:\WINDOWS\System32\Jpq.exe
O4 - HKLM\..\Run: [Mhj] C:\WINDOWS\Ger.exe
O4 - HKLM\..\Run: [Dsg] C:\WINDOWS\Gls.exe
O4 - HKLM\..\Run: [Pnh] C:\WINDOWS\System32\Ani.exe
O4 - HKLM\..\Run: [Afe] C:\WINDOWS\System32\Meq.exe
O4 - HKLM\..\Run: [Khu] C:\WINDOWS\System32\Dne.exe
O4 - HKLM\..\Run: [Tlu] C:\WINDOWS\Qhu.exe
O4 - HKLM\..\Run: [Hdv] C:\WINDOWS\System32\Euc.exe
O4 - HKLM\..\Run: [Ons] C:\WINDOWS\System32\Gtq.exe
O4 - HKLM\..\Run: [Sds] C:\WINDOWS\Vjh.exe
O4 - HKLM\..\Run: [Unv] C:\WINDOWS\Bto.exe
O4 - HKLM\..\Run: [Ffi] C:\WINDOWS\System32\Ntv.exe
O4 - HKLM\..\Run: [Oqt] C:\WINDOWS\Cvv.exe
O4 - HKLM\..\Run: [Gsn] C:\WINDOWS\System32\Vnv.exe
O4 - HKLM\..\Run: [Ogt] C:\WINDOWS\Kot.exe
O4 - HKLM\..\Run: [Crj] C:\WINDOWS\System32\Tbk.exe
O4 - HKLM\..\Run: [Aln] C:\WINDOWS\System32\Jap.exe
O4 - HKLM\..\Run: [Lns] C:\WINDOWS\Vge.exe
O4 - HKLM\..\Run: [Kfk] C:\WINDOWS\Nlb.exe
O4 - HKLM\..\Run: [Msl] C:\WINDOWS\Iqs.exe
O4 - HKLM\..\Run: [Iis] C:\WINDOWS\Avf.exe
O4 - HKLM\..\Run: [Qfc] C:\WINDOWS\System32\Kkg.exe
O4 - HKLM\..\Run: [Mtj] C:\WINDOWS\Caf.exe
O4 - HKLM\..\Run: [Rho] C:\WINDOWS\System32\Hco.exe
O4 - HKLM\..\Run: [Llb] C:\WINDOWS\Nid.exe
O4 - HKLM\..\Run: [Iql] C:\WINDOWS\Hve.exe
O4 - HKLM\..\Run: [Vpr] C:\WINDOWS\System32\Jci.exe
O4 - HKLM\..\Run: [Vnc] C:\WINDOWS\Jnh.exe
O4 - HKLM\..\Run: [Jiq] C:\WINDOWS\Sbn.exe
O4 - HKLM\..\Run: [Ibj] C:\WINDOWS\System32\Cur.exe
O4 - HKLM\..\Run: [Qrj] C:\WINDOWS\Qqr.exe
O4 - HKLM\..\Run: [Gsj] C:\WINDOWS\Geu.exe
O4 - HKLM\..\Run: [Fbv] C:\WINDOWS\Btv.exe
O4 - HKLM\..\Run: [Cap] C:\WINDOWS\Sgb.exe
O4 - HKLM\..\Run: [Qje] C:\WINDOWS\System32\Rdk.exe
O4 - HKLM\..\Run: [Qvv] C:\WINDOWS\Jgv.exe
O4 - HKLM\..\Run: [Lqt] C:\WINDOWS\System32\Igd.exe
O4 - HKLM\..\Run: [Tkl] C:\WINDOWS\Sta.exe
O4 - HKLM\..\Run: [Ntd] C:\WINDOWS\Qjr.exe
O4 - HKLM\..\Run: [Qil] C:\WINDOWS\System32\Bgf.exe
O4 - HKLM\..\Run: [Arr] C:\WINDOWS\Iit.exe
O4 - HKLM\..\Run: [Osc] C:\WINDOWS\Oah.exe
O4 - HKLM\..\Run: [Grc] C:\WINDOWS\Bli.exe
O4 - HKLM\..\Run: [Vtp] C:\WINDOWS\System32\Iqr.exe
O4 - HKLM\..\Run: [Ode] C:\WINDOWS\System32\Tgi.exe
O4 - HKLM\..\Run: [Vpd] C:\WINDOWS\Gek.exe
O4 - HKLM\..\Run: [Oaj] C:\WINDOWS\System32\Jic.exe
O4 - HKLM\..\Run: [Eph] C:\WINDOWS\System32\Plg.exe
O4 - HKLM\..\Run: [Ouf] C:\WINDOWS\Rli.exe
O4 - HKLM\..\Run: [Ulk] C:\WINDOWS\System32\Qfu.exe
O4 - HKLM\..\Run: [Jpu] C:\WINDOWS\System32\Are.exe
O4 - HKLM\..\Run: [Cqc] C:\WINDOWS\System32\Reh.exe
O4 - HKLM\..\Run: [Cuh] C:\WINDOWS\System32\Kuv.exe
O4 - HKLM\..\Run: [Sve] C:\WINDOWS\System32\Ror.exe
O4 - HKLM\..\Run: [Jot] C:\WINDOWS\System32\Fjb.exe
O4 - HKLM\..\Run: [Tnt] C:\WINDOWS\Vej.exe
O4 - HKLM\..\Run: [Lej] C:\WINDOWS\System32\Vde.exe
O4 - HKLM\..\Run: [Hst] C:\WINDOWS\Eva.exe
O4 - HKLM\..\Run: [Vlk] C:\WINDOWS\System32\Ctv.exe
O4 - HKLM\..\Run: [Rjn] C:\WINDOWS\System32\Eef.exe
O4 - HKLM\..\Run: [Pti] C:\WINDOWS\Bgc.exe
O4 - HKLM\..\Run: [Tov] C:\WINDOWS\Dmo.exe
O4 - HKLM\..\Run: [Ksl] C:\WINDOWS\Mbc.exe
O4 - HKLM\..\Run: [Bpa] C:\WINDOWS\System32\Kga.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Tce] C:\WINDOWS\Rcc.exe
O4 - HKLM\..\Run: [Ggd] C:\WINDOWS\System32\Hbj.exe
O4 - HKLM\..\Run: [Dfd] C:\WINDOWS\Seb.exe
O4 - HKLM\..\Run: [Nrm] C:\WINDOWS\Rok.exe
O4 - HKLM\..\Run: [Jlr] C:\WINDOWS\System32\Vef.exe
O4 - HKLM\..\Run: [Oao] C:\WINDOWS\System32\Spb.exe
O4 - HKLM\..\Run: [Gba] C:\WINDOWS\System32\Kaa.exe
O4 - HKLM\..\Run: [Cpg] C:\WINDOWS\Tjs.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [scvhost] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Dha] C:\WINDOWS\Cth.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [x3yy] C:\WINDOWS\System32\x3yy\iqcjijdo.exe
O4 - HKCU\..\Run: [Rei] C:\WINDOWS\System32\Gkn.exe
O4 - HKCU\..\Run: [Hic] C:\WINDOWS\Tdh.exe
O4 - HKCU\..\Run: [Jqd] C:\WINDOWS\System32\Vmk.exe
O4 - HKCU\..\Run: [Vkq] C:\WINDOWS\Hhc.exe
O4 - HKCU\..\Run: [Ijh] C:\WINDOWS\System32\Tib.exe
O4 - HKCU\..\Run: [Jel] C:\WINDOWS\System32\Rrb.exe
O4 - HKCU\..\Run: [Bli] C:\WINDOWS\System32\Gce.exe
O4 - HKCU\..\Run: [Aeg] C:\WINDOWS\Pre.exe
O4 - HKCU\..\Run: [Irn] C:\WINDOWS\Nls.exe
O4 - HKCU\..\Run: [Jej] C:\WINDOWS\System32\Abn.exe
O4 - HKCU\..\Run: [Iej] C:\WINDOWS\Bpb.exe
O4 - HKCU\..\Run: [Kbs] C:\WINDOWS\Tli.exe
O4 - HKCU\..\Run: [Jsc] C:\WINDOWS\Foh.exe
O4 - HKCU\..\Run: [Ukb] C:\WINDOWS\System32\Cir.exe
O4 - HKCU\..\Run: [Fka] C:\WINDOWS\System32\Aer.exe
O4 - HKCU\..\Run: [Ouu] C:\WINDOWS\Ulg.exe
O4 - HKCU\..\Run: [Lol] C:\WINDOWS\System32\Tcm.exe
O4 - HKCU\..\Run: [Rlk] C:\WINDOWS\Lsc.exe
O4 - HKCU\..\Run: [Vhp] C:\WINDOWS\System32\Usd.exe
O4 - HKCU\..\Run: [Psv] C:\WINDOWS\Usm.exe
O4 - HKCU\..\Run: [Hml] C:\WINDOWS\System32\Vts.exe
O4 - HKCU\..\Run: [Nnu] C:\WINDOWS\System32\Tak.exe
O4 - HKCU\..\Run: [Edf] C:\WINDOWS\System32\Ree.exe
O4 - HKCU\..\Run: [Dbo] C:\WINDOWS\System32\Rhq.exe
O4 - HKCU\..\Run: [Jui] C:\WINDOWS\Sem.exe
O4 - HKCU\..\Run: [Enm] C:\WINDOWS\System32\Ana.exe
O4 - HKCU\..\Run: [Msb] C:\WINDOWS\System32\Cuc.exe
O4 - HKCU\..\Run: [Lrp] C:\WINDOWS\Gjf.exe
O4 - HKCU\..\Run: [Mgg] C:\WINDOWS\System32\Noo.exe
O4 - HKCU\..\Run: [Mpi] C:\WINDOWS\System32\Faq.exe
O4 - HKCU\..\Run: [Dvt] C:\WINDOWS\Onm.exe
O4 - HKCU\..\Run: [Teg] C:\WINDOWS\System32\Rui.exe
O4 - HKCU\..\Run: [Uvo] C:\WINDOWS\Btt.exe
O4 - HKCU\..\Run: [Hdl] C:\WINDOWS\System32\Qul.exe
O4 - HKCU\..\Run: [Lfl] C:\WINDOWS\System32\Hsl.exe
O4 - HKCU\..\Run: [Qcg] C:\WINDOWS\Cni.exe
O4 - HKCU\..\Run: [Ejb] C:\WINDOWS\System32\Eju.exe
O4 - HKCU\..\Run: [Mek] C:\WINDOWS\Rec.exe
O4 - HKCU\..\Run: [Iod] C:\WINDOWS\Sfl.exe
O4 - HKCU\..\Run: [Eec] C:\WINDOWS\System32\Cjr.exe
O4 - HKCU\..\Run: [Dhb] C:\WINDOWS\System32\Por.exe
O4 - HKCU\..\Run: [Nen] C:\WINDOWS\System32\Pcq.exe
O4 - HKCU\..\Run: [Eja] C:\WINDOWS\System32\Rgn.exe
O4 - HKCU\..\Run: [Mie] C:\WINDOWS\System32\Ece.exe
O4 - HKCU\..\Run: [Omh] C:\WINDOWS\Rrb.exe
O4 - HKCU\..\Run: [Hrv] C:\WINDOWS\System32\Kuu.exe
O4 - HKCU\..\Run: [Hub] C:\WINDOWS\Tkm.exe
O4 - HKCU\..\Run: [Dvs] C:\WINDOWS\Obr.exe
O4 - HKCU\..\Run: [Apd] C:\WINDOWS\System32\Tar.exe
O4 - HKCU\..\Run: [Fqr] C:\WINDOWS\Haj.exe
O4 - HKCU\..\Run: [Doi] C:\WINDOWS\Vml.exe
O4 - HKCU\..\Run: [Chb] C:\WINDOWS\Hqp.exe
O4 - HKCU\..\Run: [Bmg] C:\WINDOWS\System32\Nsr.exe
O4 - HKCU\..\Run: [Tfo] C:\WINDOWS\System32\Kat.exe
O4 - HKCU\..\Run: [Ncf] C:\WINDOWS\System32\Ppp.exe
O4 - HKCU\..\Run: [Bbu] C:\WINDOWS\System32\Ktf.exe
O4 - HKCU\..\Run: [Jgv] C:\WINDOWS\Rvk.exe
O4 - HKCU\..\Run: [Pef] C:\WINDOWS\Bcp.exe
O4 - HKCU\..\Run: [Ial] C:\WINDOWS\Mpn.exe
O4 - HKCU\..\Run: [Rpt] C:\WINDOWS\Rac.exe
O4 - HKCU\..\Run: [Pou] C:\WINDOWS\Mjt.exe
O4 - HKCU\..\Run: [Mrs] C:\WINDOWS\System32\Ksn.exe
O4 - HKCU\..\Run: [Akn] C:\WINDOWS\System32\Uau.exe
O4 - HKCU\..\Run: [Sdm] C:\WINDOWS\System32\Mbc.exe
O4 - HKCU\..\Run: [Fch] C:\WINDOWS\Cmk.exe
O4 - HKCU\..\Run: [Dbk] C:\WINDOWS\System32\Bkq.exe
O4 - HKCU\..\Run: [Moh] C:\WINDOWS\Mbc.exe
O4 - HKCU\..\Run: [Pga] C:\WINDOWS\System32\Qqb.exe
O4 - HKCU\..\Run: [Lmj] C:\WINDOWS\Meq.exe
O4 - HKCU\..\Run: [Uhe] C:\WINDOWS\System32\Riu.exe
O4 - HKCU\..\Run: [Qgf] C:\WINDOWS\Tto.exe
O4 - HKCU\..\Run: [Dgk] C:\WINDOWS\System32\Iai.exe
O4 - HKCU\..\Run: [Knq] C:\WINDOWS\System32\Ntn.exe
O4 - HKCU\..\Run: [Mnk] C:\WINDOWS\System32\Ica.exe
O4 - HKCU\..\Run: [Cii] C:\WINDOWS\System32\Vce.exe
O4 - HKCU\..\Run: [Ups] C:\WINDOWS\System32\Bba.exe
O4 - HKCU\..\Run: [Sng] C:\WINDOWS\System32\Cat.exe
O4 - HKCU\..\Run: [Pfl] C:\WINDOWS\System32\Dcr.exe
O4 - HKCU\..\Run: [Ivd] C:\WINDOWS\System32\Ith.exe
O4 - HKCU\..\Run: [Fuv] C:\WINDOWS\System32\Ucg.exe
O4 - HKCU\..\Run: [Btg] C:\WINDOWS\Hlb.exe
O4 - HKCU\..\Run: [Ugg] C:\WINDOWS\System32\Ukj.exe
O4 - HKCU\..\Run: [Nal] C:\WINDOWS\System32\Ocg.exe
O4 - HKCU\..\Run: [Roa] C:\WINDOWS\System32\Odf.exe
O4 - HKCU\..\Run: [Jhi] C:\WINDOWS\System32\Orf.exe
O4 - HKCU\..\Run: [Doh] C:\WINDOWS\Occ.exe
O4 - HKCU\..\Run: [Phl] C:\WINDOWS\System32\Fks.exe
O4 - HKCU\..\Run: [Jcn] C:\WINDOWS\System32\Elk.exe
O4 - HKCU\..\Run: [Gfs] C:\WINDOWS\Iul.exe
O4 - HKCU\..\Run: [Ahf] C:\WINDOWS\Abi.exe
O4 - HKCU\..\Run: [Aje] C:\WINDOWS\System32\Qgc.exe
O4 - HKCU\..\Run: [Cev] C:\WINDOWS\System32\Onk.exe
O4 - HKCU\..\Run: [Pfo] C:\WINDOWS\System32\Ees.exe
O4 - HKCU\..\Run: [Pjk] C:\WINDOWS\Uhp.exe
O4 - HKCU\..\Run: [Dhu] C:\WINDOWS\System32\Pto.exe
O4 - HKCU\..\Run: [Gst] C:\WINDOWS\System32\Gnb.exe
O4 - HKCU\..\Run: [Aeu] C:\WINDOWS\Uog.exe
O4 - HKCU\..\Run: [Hte] C:\WINDOWS\System32\Kdf.exe
O4 - HKCU\..\Run: [Uug] C:\WINDOWS\Hbl.exe
O4 - HKCU\..\Run: [Gpi] C:\WINDOWS\System32\Ckg.exe
O4 - HKCU\..\Run: [Csj] C:\WINDOWS\Qkm.exe
O4 - HKCU\..\Run: [Rih] C:\WINDOWS\Pva.exe
O4 - HKCU\..\Run: [Hqb] C:\WINDOWS\God.exe
O4 - HKCU\..\Run: [Rrm] C:\WINDOWS\System32\Tsj.exe
O4 - HKCU\..\Run: [Vvu] C:\WINDOWS\Vtv.exe
O4 - HKCU\..\Run: [Qee] C:\WINDOWS\System32\Ame.exe
O4 - HKCU\..\Run: [Vec] C:\WINDOWS\Qnn.exe
O4 - HKCU\..\Run: [Opp] C:\WINDOWS\System32\Gqo.exe
O4 - HKCU\..\Run: [Rcs] C:\WINDOWS\Lkt.exe
O4 - HKCU\..\Run: [Omc] C:\WINDOWS\System32\Ebc.exe
O4 - HKCU\..\Run: [Clg] C:\WINDOWS\System32\Gtd.exe
O4 - HKCU\..\Run: [Rkk] C:\WINDOWS\Eff.exe
O4 - HKCU\..\Run: [Jos] C:\WINDOWS\System32\Kal.exe
O4 - HKCU\..\Run: [Ofp] C:\WINDOWS\System32\Cmq.exe
O4 - HKCU\..\Run: [Vst] C:\WINDOWS\Jal.exe
O4 - HKCU\..\Run: [Nbd] C:\WINDOWS\Tdm.exe
O4 - HKCU\..\Run: [Nbr] C:\WINDOWS\System32\Hof.exe
O4 - HKCU\..\Run: [Ubo] C:\WINDOWS\System32\Skg.exe
O4 - HKCU\..\Run: [Dog] C:\WINDOWS\Psr.exe
O4 - HKCU\..\Run: [Qcs] C:\WINDOWS\Sls.exe
O4 - HKCU\..\Run: [Lkt] C:\WINDOWS\System32\Ksv.exe
O4 - HKCU\..\Run: [Occ] C:\WINDOWS\Nrt.exe
O4 - HKCU\..\Run: [Qqa] C:\WINDOWS\System32\Coa.exe
O4 - HKCU\..\Run: [Kri] C:\WINDOWS\System32\Tte.exe
O4 - HKCU\..\Run: [Mib] C:\WINDOWS\Tmj.exe
O4 - HKCU\..\Run: [Cbn] C:\WINDOWS\Gol.exe
O4 - HKCU\..\Run: [Rke] C:\WINDOWS\Tuh.exe
O4 - HKCU\..\Run: [Uin] C:\WINDOWS\Mpr.exe
O4 - HKCU\..\Run: [Efm] C:\WINDOWS\System32\Ist.exe
O4 - HKCU\..\Run: [Ptf] C:\WINDOWS\System32\Gpk.exe
O4 - HKCU\..\Run: [Klp] C:\WINDOWS\Atd.exe
O4 - HKCU\..\Run: [Fgc] C:\WINDOWS\System32\Oqp.exe
O4 - HKCU\..\Run: [Pbm] C:\WINDOWS\System32\Lsl.exe
O4 - HKCU\..\Run: [Rrb] C:\WINDOWS\Ick.exe
O4 - HKCU\..\Run: [Ffe] C:\WINDOWS\Mho.exe
O4 - HKCU\..\Run: [Cou] C:\WINDOWS\System32\Htf.exe
O4 - HKCU\..\Run: [Dpi] C:\WINDOWS\System32\Fvo.exe
O4 - HKCU\..\Run: [Dlu] C:\WINDOWS\System32\Vig.exe
O4 - HKCU\..\Run: [Ceb] C:\WINDOWS\Mbj.exe
O4 - HKCU\..\Run: [Ehc] C:\WINDOWS\Ceo.exe
O4 - HKCU\..\Run: [Qkf] C:\WINDOWS\Dtk.exe
O4 - HKCU\..\Run: [Kkc] C:\WINDOWS\System32\Ocd.exe
O4 - HKCU\..\Run: [Dft] C:\WINDOWS\System32\Hpc.exe
O4 - HKCU\..\Run: [Amf] C:\WINDOWS\Ceh.exe
O4 - HKCU\..\Run: [Gdi] C:\WINDOWS\System32\Ksv.exe
O4 - HKCU\..\Run: [Dlm] C:\WINDOWS\Rsj.exe
O4 - HKCU\..\Run: [Vta] C:\WINDOWS\Aia.exe
O4 - HKCU\..\Run: [Shi] C:\WINDOWS\Mhk.exe
O4 - HKCU\..\Run: [Akg] C:\WINDOWS\Tjg.exe
O4 - HKCU\..\Run: [Jft] C:\WINDOWS\System32\Ulh.exe
O4 - HKCU\..\Run: [Jam] C:\WINDOWS\System32\Ucs.exe
O4 - HKCU\..\Run: [Ooo] C:\WINDOWS\System32\Vdi.exe
O4 - HKCU\..\Run: [Nbi] C:\WINDOWS\System32\Hub.exe
O4 - HKCU\..\Run: [Vbh] C:\WINDOWS\System32\Ljt.exe
O4 - HKCU\..\Run: [Lob] C:\WINDOWS\System32\Blj.exe
O4 - HKCU\..\Run: [Aqn] C:\WINDOWS\Lfa.exe
O4 - HKCU\..\Run: [Bvp] C:\WINDOWS\Igd.exe
O4 - HKCU\..\Run: [Lmd] C:\WINDOWS\Ipd.exe
O4 - HKCU\..\Run: [Fco] C:\WINDOWS\Que.exe
O4 - HKCU\..\Run: [Log] C:\WINDOWS\Itb.exe
O4 - HKCU\..\Run: [Vvo] C:\WINDOWS\Cdo.exe
O4 - HKCU\..\Run: [Aap] C:\WINDOWS\Sre.exe
O4 - HKCU\..\Run: [Qqr] C:\WINDOWS\System32\Cbg.exe
O4 - HKCU\..\Run: [Ppd] C:\WINDOWS\Ehh.exe
O4 - HKCU\..\Run: [Egd] C:\WINDOWS\System32\Shc.exe
O4 - HKCU\..\Run: [Frv] C:\WINDOWS\System32\Gag.exe
O4 - HKCU\..\Run: [Qrb] C:\WINDOWS\System32\Fml.exe
O4 - HKCU\..\Run: [Cqd] C:\WINDOWS\Rhp.exe
O4 - HKCU\..\Run: [Ipn] C:\WINDOWS\Tuk.exe
O4 - HKCU\..\Run: [Ltu] C:\WINDOWS\System32\Pmh.exe
O4 - HKCU\..\Run: [Mbo] C:\WINDOWS\Kek.exe
O4 - HKCU\..\Run: [Klk] C:\WINDOWS\System32\Jef.exe
O4 - HKCU\..\Run: [Cno] C:\WINDOWS\Fjp.exe
O4 - HKCU\..\Run: [Rsn] C:\WINDOWS\Rpl.exe
O4 - HKCU\..\Run: [Ioi] C:\WINDOWS\Jgt.exe
O4 - HKCU\..\Run: [Ebk] C:\WINDOWS\System32\Ndj.exe
O4 - HKCU\..\Run: [Nkj] C:\WINDOWS\System32\Hro.exe
O4 - HKCU\..\Run: [Mne] C:\WINDOWS\Jnt.exe
O4 - HKCU\..\Run: [Kfp] C:\WINDOWS\System32\Mak.exe
O4 - HKCU\..\Run: [Vpa] C:\WINDOWS\Cok.exe
O4 - HKCU\..\Run: [Qev] C:\WINDOWS\Oet.exe
O4 - HKCU\..\Run: [Ani] C:\WINDOWS\System32\Tro.exe
O4 - HKCU\..\Run: [Ksc] C:\WINDOWS\Rng.exe
O4 - HKCU\..\Run: [Jga] C:\WINDOWS\System32\Eoc.exe
O4 - HKCU\..\Run: [Cil] C:\WINDOWS\System32\Bdi.exe
O4 - HKCU\..\Run: [Oss] C:\WINDOWS\Hvn.exe
O4 - HKCU\..\Run: [Nuj] C:\WINDOWS\System32\Gvc.exe
O4 - HKCU\..\Run: [Ljg] C:\WINDOWS\Lmh.exe
O4 - HKCU\..\Run: [Oih] C:\WINDOWS\System32\Mao.exe
O4 - HKCU\..\Run: [Skf] C:\WINDOWS\Gjm.exe
O4 - HKCU\..\Run: [Nsk] C:\WINDOWS\System32\Men.exe
O4 - HKCU\..\Run: [Lbg] C:\WINDOWS\System32\Rbr.exe
O4 - HKCU\..\Run: [Sfq] C:\WINDOWS\System32\Nus.exe
O4 - HKCU\..\Run: [Erc] C:\WINDOWS\System32\Son.exe
O4 - HKCU\..\Run: [Rks] C:\WINDOWS\System32\Nas.exe
O4 - HKCU\..\Run: [Mcn] C:\WINDOWS\Dnp.exe
O4 - HKCU\..\Run: [Pep] C:\WINDOWS\System32\Mqe.exe
O4 - HKCU\..\Run: [Mah] C:\WINDOWS\System32\Dav.exe
O4 - HKCU\..\Run: [Lfv] C:\WINDOWS\System32\Luu.exe
O4 - HKCU\..\Run: [Oqm] C:\WINDOWS\Rkq.exe
O4 - HKCU\..\Run: [Nlo] C:\WINDOWS\Kdf.exe
O4 - HKCU\..\Run: [Vrv] C:\WINDOWS\Ppi.exe
O4 - HKCU\..\Run: [Bss] C:\WINDOWS\System32\Egs.exe
O4 - HKCU\..\Run: [Jid] C:\WINDOWS\System32\Tha.exe
O4 - HKCU\..\Run: [Fiv] C:\WINDOWS\System32\Dub.exe
O4 - HKCU\..\Run: [Ajb] C:\WINDOWS\System32\Gfk.exe
O4 - HKCU\..\Run: [Rim] C:\WINDOWS\System32\Quj.exe
O4 - HKCU\..\Run: [Jtu] C:\WINDOWS\Pfp.exe
O4 - HKCU\..\Run: [Cis] C:\WINDOWS\Onk.exe
O4 - HKCU\..\Run: [Kuo] C:\WINDOWS\Ppv.exe
O4 - HKCU\..\Run: [Lov] C:\WINDOWS\System32\Lmh.exe
O4 - HKCU\..\Run: [Viv] C:\WINDOWS\Dlp.exe
O4 - HKCU\..\Run: [Sob] C:\WINDOWS\System32\Nir.exe
O4 - HKCU\..\Run: [Kmh] C:\WINDOWS\System32\Dkd.exe
O4 - HKCU\..\Run: [Ohv] C:\WINDOWS\Edk.exe
O4 - HKCU\..\Run: [Qqn] C:\WINDOWS\System32\Bvo.exe
O4 - HKCU\..\Run: [Ctq] C:\WINDOWS\Dgk.exe
O4 - HKCU\..\Run: [Pct] C:\WINDOWS\Bcm.exe
O4 - HKCU\..\Run: [Fcq] C:\WINDOWS\System32\Fpb.exe
O4 - HKCU\..\Run: [Jgc] C:\WINDOWS\Hcc.exe
O4 - HKCU\..\Run: [Khl] C:\WINDOWS\System32\Dkq.exe
O4 - HKCU\..\Run: [Iai] C:\WINDOWS\System32\Vpf.exe
O4 - HKCU\..\Run: [Qaa] C:\WINDOWS\Lne.exe
O4 - HKCU\..\Run: [Buo] C:\WINDOWS\Ege.exe
O4 - HKCU\..\Run: [Iet] C:\WINDOWS\System32\Aqp.exe
O4 - HKCU\..\Run: [Unk] C:\WINDOWS\Rgu.exe
O4 - HKCU\..\Run: [Bqm] C:\WINDOWS\System32\Sql.exe
O4 - HKCU\..\Run: [Kgk] C:\WINDOWS\Cjt.exe
O4 - HKCU\..\Run: [Hdf] C:\WINDOWS\Uvi.exe
O4 - HKCU\..\Run: [Tfl] C:\WINDOWS\System32\Tig.exe
O4 - HKCU\..\Run: [Oks] C:\WINDOWS\System32\Oue.exe
O4 - HKCU\..\Run: [Qgb] C:\WINDOWS\Gvb.exe
O4 - HKCU\..\Run: [Mvr] C:\WINDOWS\Sob.exe
O4 - HKCU\..\Run: [Hfu] C:\WINDOWS\Upl.exe
O4 - HKCU\..\Run: [Sph] C:\WINDOWS\System32\Fef.exe
O4 - HKCU\..\Run: [Tul] C:\WINDOWS\Ago.exe
O4 - HKCU\..\Run: [Ied] C:\WINDOWS\Lju.exe
O4 - HKCU\..\Run: [Vqn] C:\WINDOWS\System32\Tlm.exe
O4 - HKCU\..\Run: [Nuq] C:\WINDOWS\System32\Jav.exe
O4 - HKCU\..\Run: [Clh] C:\WINDOWS\System32\Etp.exe
O4 - HKCU\..\Run: [Kqg] C:\WINDOWS\System32\Nsa.exe
O4 - HKCU\..\Run: [Rju] C:\WINDOWS\Atc.exe
O4 - HKCU\..\Run: [Nqa] C:\WINDOWS\Nif.exe
O4 - HKCU\..\Run: [Nrv] C:\WINDOWS\System32\Arh.exe
O4 - HKCU\..\Run: [Css] C:\WINDOWS\System32\Qsk.exe
O4 - HKCU\..\Run: [Dep] C:\WINDOWS\System32\Enh.exe
O4 - HKCU\..\Run: [Amu] C:\WINDOWS\Tat.exe
O4 - HKCU\..\Run: [Cqr] C:\WINDOWS\System32\Mka.exe
O4 - HKCU\..\Run: [Qpa] C:\WINDOWS\Mea.exe
O4 - HKCU\..\Run: [Ubl] C:\WINDOWS\Lql.exe
O4 - HKCU\..\Run: [Qqf] C:\WINDOWS\System32\Msq.exe
O4 - HKCU\..\Run: [Rbs] C:\WINDOWS\Spv.exe
O4 - HKCU\..\Run: [Rvf] C:\WINDOWS\Sru.exe
O4 - HKCU\..\Run: [Nsq] C:\WINDOWS\System32\Pfj.exe
O4 - HKCU\..\Run: [Suk] C:\WINDOWS\System32\Jiv.exe
O4 - HKCU\..\Run: [Ktf] C:\WINDOWS\Fms.exe
O4 - HKCU\..\Run: [Efu] C:\WINDOWS\Fsm.exe
O4 - HKCU\..\Run: [Ubn] C:\WINDOWS\System32\Hvi.exe
O4 - HKCU\..\Run: [Ngp] C:\WINDOWS\System32\Hlp.exe
O4 - HKCU\..\Run: [Nlu] C:\WINDOWS\System32\Hjo.exe
O4 - HKCU\..\Run: [Ucc] C:\WINDOWS\System32\Rie.exe
O4 - HKCU\..\Run: [Uuo] C:\WINDOWS\Egv.exe
O4 - HKCU\..\Run: [Nfj] C:\WINDOWS\Iku.exe
O4 - HKCU\..\Run: [Jlu] C:\WINDOWS\System32\Mcr.exe
O4 - HKCU\..\Run: [Qvg] C:\WINDOWS\System32\Net.exe
O4 - HKCU\..\Run: [Qrq] C:\WINDOWS\Mst.exe
O4 - HKCU\..\Run: [Mgk] C:\WINDOWS\System32\Ulc.exe
O4 - HKCU\..\Run: [Geu] C:\WINDOWS\System32\Aoq.exe
O4 - HKCU\..\Run: [Gvh] C:\WINDOWS\System32\Ovu.exe
O4 - HKCU\..\Run: [Jnv] C:\WINDOWS\Uqr.exe
O4 - HKCU\..\Run: [Jrm] C:\WINDOWS\Muc.exe
O4 - HKCU\..\Run: [Lge] C:\WINDOWS\System32\Sej.exe
O4 - HKCU\..\Run: [Nvd] C:\WINDOWS\System32\Nvs.exe
O4 - HKCU\..\Run: [Vmk] C:\WINDOWS\System32\Iek.exe
O4 - HKCU\..\Run: [Aee] C:\WINDOWS\System32\Rlp.exe
O4 - HKCU\..\Run: [Ucb] C:\WINDOWS\System32\Occ.exe
O4 - HKCU\..\Run: [Qpv] C:\WINDOWS\System32\Fou.exe
O4 - HKCU\..\Run: [Kft] C:\WINDOWS\Uqv.exe
O4 - HKCU\..\Run: [Ovs] C:\WINDOWS\Lrt.exe
O4 - HKCU\..\Run: [Ape] C:\WINDOWS\System32\Qcg.exe
O4 - HKCU\..\Run: [Iov] C:\WINDOWS\System32\Mgd.exe
O4 - HKCU\..\Run: [Vuu] C:\WINDOWS\Eai.exe
O4 - HKCU\..\Run: [Ljb] C:\WINDOWS\System32\Tfc.exe
O4 - HKCU\..\Run: [Mpr] C:\WINDOWS\Mbi.exe
O4 - HKCU\..\Run: [Ghr] C:\WINDOWS\System32\Ihh.exe
O4 - HKCU\..\Run: [Ord] C:\WINDOWS\Icn.exe
O4 - HKCU\..\Run: [Rdu] C:\WINDOWS\System32\Gev.exe
O4 - HKCU\..\Run: [Kbc] C:\WINDOWS\Nrs.exe
O4 - HKCU\..\Run: [Ule] C:\WINDOWS\Fif.exe
O4 - HKCU\..\Run: [Jth] C:\WINDOWS\System32\Kmv.exe
O4 - HKCU\..\Run: [Gpe] C:\WINDOWS\System32\Mdg.exe
O4 - HKCU\..\Run: [Sca] C:\WINDOWS\Baq.exe
O4 - HKCU\..\Run: [Qtj] C:\WINDOWS\System32\Qco.exe
O4 - HKCU\..\Run: [Gls] C:\WINDOWS\System32\Ese.exe
O4 - HKCU\..\Run: [Ibk] C:\WINDOWS\System32\Ckc.exe
O4 - HKCU\..\Run: [Pkm] C:\WINDOWS\Flr.exe
O4 - HKCU\..\Run: [Bnd] C:\WINDOWS\System32\Ogn.exe
O4 - HKCU\..\Run: [Pif] C:\WINDOWS\System32\Jkn.exe
O4 - HKCU\..\Run: [Aka] C:\WINDOWS\System32\Heo.exe
O4 - HKCU\..\Run: [Tog] C:\WINDOWS\System32\Bos.exe
O4 - HKCU\..\Run: [Cld] C:\WINDOWS\System32\Usp.exe
O4 - HKCU\..\Run: [Ajl] C:\WINDOWS\System32\Cuv.exe
O4 - HKCU\..\Run: [Iqq] C:\WINDOWS\Afe.exe
O4 - HKCU\..\Run: [Rip] C:\WINDOWS\System32\Cms.exe
O4 - HKCU\..\Run: [Glr] C:\WINDOWS\Jju.exe
O4 - HKCU\..\Run: [Pba] C:\WINDOWS\Gvn.exe
O4 - HKCU\..\Run: [Nhh] C:\WINDOWS\System32\Asd.exe
O4 - HKCU\..\Run: [Mig] C:\WINDOWS\System32\Tuh.exe
O4 - HKCU\..\Run: [Att] C:\WINDOWS\System32\Ilr.exe
O4 - HKCU\..\Run: [Ajq] C:\WINDOWS\Jfi.exe
O4 - HKCU\..\Run: [Kjl] C:\WINDOWS\Fqc.exe
O4 - HKCU\..\Run: [Obk] C:\WINDOWS\Cvl.exe
O4 - HKCU\..\Run: [Dui] C:\WINDOWS\System32\Mfq.exe
O4 - HKCU\..\Run: [Fci] C:\WINDOWS\Vfm.exe
O4 - HKCU\..\Run: [Kmb] C:\WINDOWS\Mrl.exe
O4 - HKCU\..\Run: [Olp] C:\WINDOWS\Upa.exe
O4 - HKCU\..\Run: [Jjh] C:\WINDOWS\System32\Cvh.exe
O4 - HKCU\..\Run: [Nvn] C:\WINDOWS\Blv.exe
O4 - HKCU\..\Run: [Smu] C:\WINDOWS\System32\Mhf.exe
O4 - HKCU\..\Run: [Drs] C:\WINDOWS\Apn.exe
O4 - HKCU\..\Run: [Tns] C:\WINDOWS\System32\Kju.exe
O4 - HKCU\..\Run: [Bsl] C:\WINDOWS\System32\Jpq.exe
O4 - HKCU\..\Run: [Mhj] C:\WINDOWS\Ger.exe
O4 - HKCU\..\Run: [Dsg] C:\WINDOWS\Gls.exe
O4 - HKCU\..\Run: [Pnh] C:\WINDOWS\System32\Ani.exe
O4 - HKCU\..\Run: [Afe] C:\WINDOWS\System32\Meq.exe
O4 - HKCU\..\Run: [Khu] C:\WINDOWS\System32\Dne.exe
O4 - HKCU\..\Run: [Tlu] C:\WINDOWS\Qhu.exe
O4 - HKCU\..\Run: [Hdv] C:\WINDOWS\System32\Euc.exe
O4 - HKCU\..\Run: [Ons] C:\WINDOWS\System32\Gtq.exe
O4 - HKCU\..\Run: [Sds] C:\WINDOWS\Vjh.exe
O4 - HKCU\..\Run: [Unv] C:\WINDOWS\Bto.exe
O4 - HKCU\..\Run: [Ffi] C:\WINDOWS\System32\Ntv.exe
O4 - HKCU\..\Run: [Oqt] C:\WINDOWS\Cvv.exe
O4 - HKCU\..\Run: [Gsn] C:\WINDOWS\System32\Vnv.exe
O4 - HKCU\..\Run: [Ogt] C:\WINDOWS\Kot.exe
O4 - HKCU\..\Run: [Crj] C:\WINDOWS\System32\Tbk.exe
O4 - HKCU\..\Run: [Aln] C:\WINDOWS\System32\Jap.exe
O4 - HKCU\..\Run: [Lns] C:\WINDOWS\Vge.exe
O4 - HKCU\..\Run: [Kfk] C:\WINDOWS\Nlb.exe
O4 - HKCU\..\Run: [Msl] C:\WINDOWS\Iqs.exe
O4 - HKCU\..\Run: [Iis] C:\WINDOWS\Avf.exe
O4 - HKCU\..\Run: [Qfc] C:\WINDOWS\System32\Kkg.exe
O4 - HKCU\..\Run: [Mtj] C:\WINDOWS\Caf.exe
O4 - HKCU\..\Run: [Rho] C:\WINDOWS\System32\Hco.exe
O4 - HKCU\..\Run: [Llb] C:\WINDOWS\Nid.exe
O4 - HKCU\..\Run: [Iql] C:\WINDOWS\Hve.exe
O4 - HKCU\..\Run: [Vpr] C:\WINDOWS\System32\Jci.exe
O4 - HKCU\..\Run: [Vnc] C:\WINDOWS\Jnh.exe
O4 - HKCU\..\Run: [Jiq] C:\WINDOWS\Sbn.exe
O4 - HKCU\..\Run: [Ibj] C:\WINDOWS\System32\Cur.exe
O4 - HKCU\..\Run: [Qrj] C:\WINDOWS\Qqr.exe
O4 - HKCU\..\Run: [Gsj] C:\WINDOWS\Geu.exe
O4 - HKCU\..\Run: [Fbv] C:\WINDOWS\Btv.exe
O4 - HKCU\..\Run: [Cap] C:\WINDOWS\Sgb.exe
O4 - HKCU\..\Run: [Qje] C:\WINDOWS\System32\Rdk.exe
O4 - HKCU\..\Run: [Qvv] C:\WINDOWS\Jgv.exe
O4 - HKCU\..\Run: [Lqt] C:\WINDOWS\System32\Igd.exe
O4 - HKCU\..\Run: [Tkl] C:\WINDOWS\Sta.exe
O4 - HKCU\..\Run: [Ntd] C:\WINDOWS\Qjr.exe
O4 - HKCU\..\Run: [Qil] C:\WINDOWS\System32\Bgf.exe
O4 - HKCU\..\Run: [Arr] C:\WINDOWS\Iit.exe
O4 - HKCU\..\Run: [Osc] C:\WINDOWS\Oah.exe
O4 - HKCU\..\Run: [Grc] C:\WINDOWS\Bli.exe
O4 - HKCU\..\Run: [Vtp] C:\WINDOWS\System32\Iqr.exe
O4 - HKCU\..\Run: [Ode] C:\WINDOWS\System32\Tgi.exe
O4 - HKCU\..\Run: [Vpd] C:\WINDOWS\Gek.exe
O4 - HKCU\..\Run: [Oaj] C:\WINDOWS\System32\Jic.exe
O4 - HKCU\..\Run: [Eph] C:\WINDOWS\System32\Plg.exe
O4 - HKCU\..\Run: [Ouf] C:\WINDOWS\Rli.exe
O4 - HKCU\..\Run: [Ulk] C:\WINDOWS\System32\Qfu.exe
O4 - HKCU\..\Run: [Jpu] C:\WINDOWS\System3

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - EchoStarter

Tech Clinic / Crazy infection... and Winds 2.4?

Tech Clinic / Crazy infection... and Winds 2.4?

Tech Clinic / Crazy infection... and Winds 2.4?

Tech Clinic / Crazy infection... and Winds 2.4?

Tech Clinic / Crazy infection... and Winds 2.4?

Tech Clinic / Crazy infection... and Winds 2.4?