Go Back   Web User Forums > Security > HijackThis logs help and analysis

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 25-03-05, 00:19
thelauderdale thelauderdale is offline
Newbie
 
Join Date: Mar 2005
Posts: 8
Default HijackThis log: another victim of top-search.us

I found web-user.co.uk and HijackThis in my quest to get rid of top-search.us, which monopolizes my home page and also seems to be giving me popups (advertizing spyware, diet crap, etc.) I looked at other people's logs, though, and they're not as long as mine is (probably because I've had this computer for over five years, without putting any protection on it aside from Norton.) [wince] Help would be *most* appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 7:34:36 PM, on 3/24/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\FCB.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\FREXT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.top-search.us/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.top-search.us/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top-search.us/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.top-search.us/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.top-search.us/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top-search.us/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.top-search.us/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.top-search.us/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.top-search.us/index.html
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\SYSTEM\MSPXS32.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE"
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [Ehr] C:\WINDOWS\SYSTEM\Fcb.exe
O4 - HKLM\..\Run: [Win32 Time Zone] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKLM\..\Run: [Ftf] C:\WINDOWS\Jlk.exe
O4 - HKLM\..\Run: [Vvf] C:\WINDOWS\SYSTEM\Jlv.exe
O4 - HKLM\..\Run: [Cuq] C:\WINDOWS\Kus.exe
O4 - HKLM\..\Run: [Khb] C:\WINDOWS\Cpn.exe
O4 - HKLM\..\Run: [Qki] C:\WINDOWS\SYSTEM\Cli.exe
O4 - HKLM\..\Run: [Tcr] C:\WINDOWS\Bdg.exe
O4 - HKLM\..\Run: [Scc] C:\WINDOWS\Hlc.exe
O4 - HKLM\..\Run: [Jad] C:\WINDOWS\Lcf.exe
O4 - HKLM\..\Run: [Olk] C:\WINDOWS\SYSTEM\Dco.exe
O4 - HKLM\..\Run: [Efe] C:\WINDOWS\SYSTEM\Oqg.exe
O4 - HKLM\..\Run: [Crf] C:\WINDOWS\Flq.exe
O4 - HKLM\..\Run: [Eso] C:\WINDOWS\SYSTEM\Ejh.exe
O4 - HKLM\..\Run: [Khl] C:\WINDOWS\Ani.exe
O4 - HKLM\..\Run: [Cga] C:\WINDOWS\SYSTEM\Frf.exe
O4 - HKLM\..\Run: [Job] C:\WINDOWS\Hne.exe
O4 - HKLM\..\Run: [Vjs] C:\WINDOWS\SYSTEM\Fnb.exe
O4 - HKLM\..\Run: [Set] C:\WINDOWS\SYSTEM\Elm.exe
O4 - HKLM\..\Run: [Ihl] C:\WINDOWS\SYSTEM\Vms.exe
O4 - HKLM\..\Run: [Nco] C:\WINDOWS\SYSTEM\Jop.exe
O4 - HKLM\..\Run: [Rou] C:\WINDOWS\Agf.exe
O4 - HKLM\..\Run: [Mgj] C:\WINDOWS\SYSTEM\Rrv.exe
O4 - HKLM\..\Run: [Okl] C:\WINDOWS\SYSTEM\Qhd.exe
O4 - HKLM\..\Run: [Fdr] C:\WINDOWS\Vgu.exe
O4 - HKLM\..\Run: [Rfj] C:\WINDOWS\SYSTEM\Eed.exe
O4 - HKLM\..\Run: [Rrs] C:\WINDOWS\Fsc.exe
O4 - HKLM\..\Run: [Nqu] C:\WINDOWS\SYSTEM\Rga.exe
O4 - HKLM\..\Run: [Jrc] C:\WINDOWS\Rmp.exe
O4 - HKLM\..\Run: [Muo] C:\WINDOWS\Ujp.exe
O4 - HKLM\..\Run: [Mps] C:\WINDOWS\SYSTEM\Bir.exe
O4 - HKLM\..\Run: [Irs] C:\WINDOWS\SYSTEM\Fem.exe
O4 - HKLM\..\Run: [Nrj] C:\WINDOWS\SYSTEM\Kig.exe
O4 - HKLM\..\Run: [Rst] C:\WINDOWS\Upr.exe
O4 - HKLM\..\Run: [Vuu] C:\WINDOWS\SYSTEM\Lnf.exe
O4 - HKLM\..\Run: [Mrb] C:\WINDOWS\SYSTEM\Ins.exe
O4 - HKLM\..\Run: [Crb] C:\WINDOWS\Ivt.exe
O4 - HKLM\..\Run: [Ltf] C:\WINDOWS\SYSTEM\Usk.exe
O4 - HKLM\..\Run: [Gis] C:\WINDOWS\SYSTEM\Rml.exe
O4 - HKLM\..\Run: [Pto] C:\WINDOWS\SYSTEM\Brc.exe
O4 - HKLM\..\Run: [Rrd] C:\WINDOWS\Ngm.exe
O4 - HKLM\..\Run: [Kmm] C:\WINDOWS\Hcs.exe
O4 - HKLM\..\Run: [Mtr] C:\WINDOWS\SYSTEM\Pke.exe
O4 - HKLM\..\Run: [Mpe] C:\WINDOWS\SYSTEM\Bdo.exe
O4 - HKLM\..\Run: [Qbb] C:\WINDOWS\SYSTEM\Eqg.exe
O4 - HKLM\..\Run: [Dph] C:\WINDOWS\Mhs.exe
O4 - HKLM\..\Run: [Nlu] C:\WINDOWS\SYSTEM\Dvg.exe
O4 - HKLM\..\Run: [Ibe] C:\WINDOWS\Ueu.exe
O4 - HKLM\..\Run: [Rcf] C:\WINDOWS\SYSTEM\Qvo.exe
O4 - HKLM\..\Run: [Upq] C:\WINDOWS\SYSTEM\Pqb.exe
O4 - HKLM\..\Run: [Nvg] C:\WINDOWS\Ccn.exe
O4 - HKLM\..\Run: [Pmc] C:\WINDOWS\Edg.exe
O4 - HKLM\..\Run: [Ltv] C:\WINDOWS\Lqq.exe
O4 - HKLM\..\Run: [Urr] C:\WINDOWS\SYSTEM\Qmg.exe
O4 - HKLM\..\Run: [Tga] C:\WINDOWS\SYSTEM\Usb.exe
O4 - HKLM\..\Run: [Utt] C:\WINDOWS\Pof.exe
O4 - HKLM\..\Run: [Sim] C:\WINDOWS\Uio.exe
O4 - HKLM\..\Run: [Esg] C:\WINDOWS\Gsh.exe
O4 - HKLM\..\Run: [Ihb] C:\WINDOWS\Ffc.exe
O4 - HKLM\..\Run: [Cof] C:\WINDOWS\Rbk.exe
O4 - HKLM\..\Run: [Hlg] C:\WINDOWS\Aou.exe
O4 - HKLM\..\Run: [Ome] C:\WINDOWS\SYSTEM\Mmn.exe
O4 - HKLM\..\Run: [Lcv] C:\WINDOWS\Abc.exe
O4 - HKLM\..\Run: [Cbf] C:\WINDOWS\Fta.exe
O4 - HKLM\..\Run: [Cbh] C:\WINDOWS\SYSTEM\Jhk.exe
O4 - HKLM\..\Run: [Hhm] C:\WINDOWS\SYSTEM\Dai.exe
O4 - HKLM\..\Run: [Pbl] C:\WINDOWS\Shp.exe
O4 - HKLM\..\Run: [Bmt] C:\WINDOWS\Ago.exe
O4 - HKLM\..\Run: [Lik] C:\WINDOWS\Ttb.exe
O4 - HKLM\..\Run: [Ntt] C:\WINDOWS\Opv.exe
O4 - HKLM\..\Run: [Pim] C:\WINDOWS\Rvu.exe
O4 - HKLM\..\Run: [Klk] C:\WINDOWS\SYSTEM\Qoh.exe
O4 - HKLM\..\Run: [Jka] C:\WINDOWS\SYSTEM\Lic.exe
O4 - HKLM\..\Run: [Hfv] C:\WINDOWS\SYSTEM\Gdi.exe
O4 - HKLM\..\Run: [Efg] C:\WINDOWS\Hag.exe
O4 - HKLM\..\Run: [Ivs] C:\WINDOWS\Dlb.exe
O4 - HKLM\..\Run: [Aqu] C:\WINDOWS\SYSTEM\Ida.exe
O4 - HKLM\..\Run: [Jrp] C:\WINDOWS\SYSTEM\Ucc.exe
O4 - HKLM\..\Run: [Fts] C:\WINDOWS\Kbg.exe
O4 - HKLM\..\Run: [Bll] C:\WINDOWS\SYSTEM\Vkb.exe
O4 - HKLM\..\Run: [Clt] C:\WINDOWS\SYSTEM\Agq.exe
O4 - HKLM\..\Run: [Fcb] C:\WINDOWS\SYSTEM\Cbt.exe
O4 - HKLM\..\Run: [Djt] C:\WINDOWS\Jgm.exe
O4 - HKLM\..\Run: [Pdm] C:\WINDOWS\Vep.exe
O4 - HKLM\..\Run: [Mvb] C:\WINDOWS\SYSTEM\Ojg.exe
O4 - HKLM\..\Run: [Ift] C:\WINDOWS\Bgr.exe
O4 - HKLM\..\Run: [Nbb] C:\WINDOWS\Hsf.exe
O4 - HKLM\..\Run: [Qcc] C:\WINDOWS\SYSTEM\Prk.exe
O4 - HKLM\..\Run: [Vpm] C:\WINDOWS\Phe.exe
O4 - HKLM\..\Run: [Vmd] C:\WINDOWS\Bsi.exe
O4 - HKLM\..\Run: [Cpf] C:\WINDOWS\SYSTEM\Oes.exe
O4 - HKLM\..\Run: [Keo] C:\WINDOWS\SYSTEM\Oos.exe
O4 - HKLM\..\Run: [Kps] C:\WINDOWS\Akd.exe
O4 - HKLM\..\Run: [Gul] C:\WINDOWS\SYSTEM\Fvv.exe
O4 - HKLM\..\Run: [Vod] C:\WINDOWS\SYSTEM\Smd.exe
O4 - HKLM\..\Run: [Hoj] C:\WINDOWS\SYSTEM\Emi.exe
O4 - HKLM\..\Run: [Ftv] C:\WINDOWS\Lmv.exe
O4 - HKLM\..\Run: [Dmo] C:\WINDOWS\Rnh.exe
O4 - HKLM\..\Run: [Vqn] C:\WINDOWS\Haj.exe
O4 - HKLM\..\Run: [Ghr] C:\WINDOWS\Pgf.exe
O4 - HKLM\..\Run: [Dpg] C:\WINDOWS\SYSTEM\Iqt.exe
O4 - HKLM\..\Run: [Hab] C:\WINDOWS\Saf.exe
O4 - HKLM\..\Run: [Mua] C:\WINDOWS\Hbi.exe
O4 - HKLM\..\Run: [Cqj] C:\WINDOWS\Brh.exe
O4 - HKLM\..\Run: [Cue] C:\WINDOWS\Jmf.exe
O4 - HKLM\..\Run: [Ecm] C:\WINDOWS\SYSTEM\Gfv.exe
O4 - HKLM\..\Run: [Tvg] C:\WINDOWS\Bav.exe
O4 - HKLM\..\Run: [Fhe] C:\WINDOWS\Ijq.exe
O4 - HKLM\..\Run: [Ejq] C:\WINDOWS\SYSTEM\Bsf.exe
O4 - HKLM\..\Run: [Dsa] C:\WINDOWS\SYSTEM\Uqh.exe
O4 - HKLM\..\Run: [Gfe] C:\WINDOWS\Jpp.exe
O4 - HKLM\..\Run: [Iik] C:\WINDOWS\Tti.exe
O4 - HKLM\..\Run: [Mcs] C:\WINDOWS\SYSTEM\Dbv.exe
O4 - HKLM\..\Run: [Dmu] C:\WINDOWS\SYSTEM\Rgs.exe
O4 - HKLM\..\Run: [Lie] C:\WINDOWS\Oia.exe
O4 - HKLM\..\Run: [Tsl] C:\WINDOWS\Nic.exe
O4 - HKLM\..\Run: [Dam] C:\WINDOWS\Oib.exe
O4 - HKLM\..\Run: [Unl] C:\WINDOWS\Jro.exe
O4 - HKLM\..\Run: [Kbh] C:\WINDOWS\Pus.exe
O4 - HKLM\..\Run: [Eji] C:\WINDOWS\Aln.exe
O4 - HKLM\..\Run: [Iok] C:\WINDOWS\Kuq.exe
O4 - HKLM\..\Run: [Kbs] C:\WINDOWS\SYSTEM\Bjf.exe
O4 - HKLM\..\Run: [Dfi] C:\WINDOWS\SYSTEM\Mec.exe
O4 - HKLM\..\Run: [Sag] C:\WINDOWS\SYSTEM\Hfk.exe
O4 - HKLM\..\Run: [Ooa] C:\WINDOWS\SYSTEM\Dse.exe
O4 - HKLM\..\Run: [Acn] C:\WINDOWS\Pqu.exe
O4 - HKLM\..\Run: [Kqh] C:\WINDOWS\SYSTEM\Svg.exe
O4 - HKLM\..\Run: [Ppr] C:\WINDOWS\SYSTEM\Ddu.exe
O4 - HKLM\..\Run: [Fcp] C:\WINDOWS\Vue.exe
O4 - HKLM\..\Run: [Bct] C:\WINDOWS\Gsl.exe
O4 - HKLM\..\Run: [Ics] C:\WINDOWS\SYSTEM\Qij.exe
O4 - HKLM\..\Run: [Tin] C:\WINDOWS\Fvd.exe
O4 - HKLM\..\Run: [Ela] C:\WINDOWS\SYSTEM\Lho.exe
O4 - HKLM\..\Run: [Qhg] C:\WINDOWS\Kao.exe
O4 - HKLM\..\Run: [Bns] C:\WINDOWS\Lhr.exe
O4 - HKLM\..\Run: [Cbn] C:\WINDOWS\SYSTEM\Rup.exe
O4 - HKLM\..\Run: [Mlr] C:\WINDOWS\SYSTEM\Jrj.exe
O4 - HKLM\..\Run: [Odp] C:\WINDOWS\SYSTEM\Inn.exe
O4 - HKLM\..\Run: [Hce] C:\WINDOWS\SYSTEM\Tgs.exe
O4 - HKLM\..\Run: [Nqp] C:\WINDOWS\SYSTEM\Rpb.exe
O4 - HKLM\..\Run: [Ads] C:\WINDOWS\SYSTEM\Ubi.exe
O4 - HKLM\..\Run: [Hvn] C:\WINDOWS\Oem.exe
O4 - HKLM\..\Run: [Pah] C:\WINDOWS\SYSTEM\Scc.exe
O4 - HKLM\..\Run: [Mlk] C:\WINDOWS\Fhp.exe
O4 - HKLM\..\Run: [Nsd] C:\WINDOWS\Ikt.exe
O4 - HKLM\..\Run: [Daq] C:\WINDOWS\Nnu.exe
O4 - HKLM\..\Run: [Hse] C:\WINDOWS\SYSTEM\Vta.exe
O4 - HKLM\..\Run: [Fcg] C:\WINDOWS\SYSTEM\Mud.exe
O4 - HKLM\..\Run: [Fil] C:\WINDOWS\Gbh.exe
O4 - HKLM\..\Run: [Rnb] C:\WINDOWS\SYSTEM\Okf.exe
O4 - HKLM\..\Run: [Cbv] C:\WINDOWS\SYSTEM\Ngb.exe
O4 - HKLM\..\Run: [Upi] C:\WINDOWS\SYSTEM\Snh.exe
O4 - HKLM\..\Run: [Tlq] C:\WINDOWS\SYSTEM\Nvq.exe
O4 - HKLM\..\Run: [Kaq] C:\WINDOWS\SYSTEM\Tcc.exe
O4 - HKLM\..\Run: [Duc] C:\WINDOWS\Vdp.exe
O4 - HKLM\..\Run: [Lhp] C:\WINDOWS\SYSTEM\Joi.exe
O4 - HKLM\..\Run: [Han] C:\WINDOWS\Pgb.exe
O4 - HKLM\..\Run: [Dkh] C:\WINDOWS\Fsg.exe
O4 - HKLM\..\Run: [Isl] C:\WINDOWS\SYSTEM\Ddn.exe
O4 - HKLM\..\Run: [Anu] C:\WINDOWS\Mja.exe
O4 - HKLM\..\Run: [Jdn] C:\WINDOWS\Bgn.exe
O4 - HKLM\..\Run: [Knf] C:\WINDOWS\Iba.exe
O4 - HKLM\..\Run: [Bjp] C:\WINDOWS\Gec.exe
O4 - HKLM\..\Run: [Kvd] C:\WINDOWS\Toi.exe
O4 - HKLM\..\Run: [Bor] C:\WINDOWS\SYSTEM\Hhh.exe
O4 - HKLM\..\Run: [Fgv] C:\WINDOWS\Mjp.exe
O4 - HKLM\..\Run: [Rhs] C:\WINDOWS\SYSTEM\Tih.exe
O4 - HKLM\..\Run: [Fmg] C:\WINDOWS\SYSTEM\Kto.exe
O4 - HKLM\..\Run: [Aab] C:\WINDOWS\Psl.exe
O4 - HKLM\..\Run: [Fsd] C:\WINDOWS\Aqk.exe
O4 - HKLM\..\Run: [Cjb] C:\WINDOWS\SYSTEM\Jtg.exe
O4 - HKLM\..\Run: [Keh] C:\WINDOWS\Vij.exe
O4 - HKLM\..\Run: [Uhl] C:\WINDOWS\Onl.exe
O4 - HKLM\..\Run: [Mlc] C:\WINDOWS\SYSTEM\Osa.exe
O4 - HKLM\..\Run: [Rgq] C:\WINDOWS\Bld.exe
O4 - HKLM\..\Run: [Ocs] C:\WINDOWS\SYSTEM\Ket.exe
O4 - HKLM\..\Run: [Rji] C:\WINDOWS\Udd.exe
O4 - HKLM\..\Run: [Mtc] C:\WINDOWS\Bli.exe
O4 - HKLM\..\Run: [Rba] C:\WINDOWS\Fir.exe
O4 - HKLM\..\Run: [Phg] C:\WINDOWS\SYSTEM\Rdg.exe
O4 - HKLM\..\Run: [Ctv] C:\WINDOWS\Mro.exe
O4 - HKLM\..\Run: [Dha] C:\WINDOWS\SYSTEM\Car.exe
O4 - HKLM\..\Run: [Ubl] C:\WINDOWS\SYSTEM\Gdo.exe
O4 - HKLM\..\Run: [Tag] C:\WINDOWS\SYSTEM\Skr.exe
O4 - HKLM\..\Run: [Upu] C:\WINDOWS\Khs.exe
O4 - HKLM\..\Run: [Fhf] C:\WINDOWS\SYSTEM\Dch.exe
O4 - HKLM\..\Run: [Ocd] C:\WINDOWS\SYSTEM\Iba.exe
O4 - HKLM\..\Run: [Pia] C:\WINDOWS\SYSTEM\Raq.exe
O4 - HKLM\..\Run: [Dse] C:\WINDOWS\Vfg.exe
O4 - HKLM\..\Run: [Hpg] C:\WINDOWS\Ftk.exe
O4 - HKLM\..\Run: [Rpl] C:\WINDOWS\SYSTEM\Tqv.exe
O4 - HKLM\..\Run: [Gkl] C:\WINDOWS\Req.exe
O4 - HKLM\..\Run: [Ofa] C:\WINDOWS\SYSTEM\Qdb.exe
O4 - HKLM\..\Run: [Era] C:\WINDOWS\SYSTEM\Njn.exe
O4 - HKLM\..\Run: [Bdi] C:\WINDOWS\Kta.exe
O4 - HKLM\..\Run: [Jdb] C:\WINDOWS\SYSTEM\Tui.exe
O4 - HKLM\..\Run: [Aph] C:\WINDOWS\Ioc.exe
O4 - HKLM\..\Run: [Ubm] C:\WINDOWS\Lrp.exe
O4 - HKLM\..\Run: [Ois] C:\WINDOWS\Rmo.exe
O4 - HKLM\..\Run: [Jrd] C:\WINDOWS\SYSTEM\Htr.exe
O4 - HKLM\..\Run: [Gdl] C:\WINDOWS\SYSTEM\Dqg.exe
O4 - HKLM\..\Run: [Nvj] C:\WINDOWS\SYSTEM\Itf.exe
O4 - HKLM\..\Run: [Tfj] C:\WINDOWS\Pjb.exe
O4 - HKLM\..\Run: [Cgg] C:\WINDOWS\Cqi.exe
O4 - HKLM\..\Run: [Tqi] C:\WINDOWS\SYSTEM\Alo.exe
O4 - HKLM\..\Run: [Sbm] C:\WINDOWS\Ugt.exe
O4 - HKLM\..\Run: [Pbe] C:\WINDOWS\Idi.exe
O4 - HKLM\..\Run: [Gjr] C:\WINDOWS\Clt.exe
O4 - HKLM\..\Run: [Nog] C:\WINDOWS\SYSTEM\Cme.exe
O4 - HKLM\..\Run: [Bgh] C:\WINDOWS\SYSTEM\Ekp.exe
O4 - HKLM\..\Run: [Mai] C:\WINDOWS\SYSTEM\Abd.exe
O4 - HKLM\..\Run: [Bdp] C:\WINDOWS\Qji.exe
O4 - HKLM\..\Run: [Drb] C:\WINDOWS\SYSTEM\Enl.exe
O4 - HKLM\..\Run: [Jlb] C:\WINDOWS\SYSTEM\Bai.exe
O4 - HKLM\..\Run: [Vrm] C:\WINDOWS\Psm.exe
O4 - HKLM\..\Run: [Pti] C:\WINDOWS\SYSTEM\Fmi.exe
O4 - HKLM\..\Run: [Ala] C:\WINDOWS\SYSTEM\Enf.exe
O4 - HKLM\..\Run: [Qnk] C:\WINDOWS\SYSTEM\Qlj.exe
O4 - HKLM\..\Run: [Dua] C:\WINDOWS\Ssj.exe
O4 - HKLM\..\Run: [Knl] C:\WINDOWS\SYSTEM\Gkq.exe
O4 - HKLM\..\Run: [Kdg] C:\WINDOWS\SYSTEM\Rtd.exe
O4 - HKLM\..\Run: [Foi] C:\WINDOWS\SYSTEM\Omu.exe
O4 - HKLM\..\Run: [Rfg] C:\WINDOWS\SYSTEM\Leq.exe
O4 - HKLM\..\Run: [Pcj] C:\WINDOWS\Ivc.exe
O4 - HKLM\..\Run: [Dve] C:\WINDOWS\SYSTEM\Hnp.exe
O4 - HKLM\..\Run: [Jap] C:\WINDOWS\SYSTEM\Kla.exe
O4 - HKLM\..\Run: [Ojk] C:\WINDOWS\Ken.exe
O4 - HKLM\..\Run: [Rvi] C:\WINDOWS\SYSTEM\Vvn.exe
O4 - HKLM\..\Run: [Dda] C:\WINDOWS\Jpk.exe
O4 - HKLM\..\Run: [Dtc] C:\WINDOWS\Ppc.exe
O4 - HKLM\..\Run: [Bof] C:\WINDOWS\SYSTEM\Jps.exe
O4 - HKLM\..\Run: [Ved] C:\WINDOWS\SYSTEM\Sdu.exe
O4 - HKLM\..\Run: [Qme] C:\WINDOWS\Fbj.exe
O4 - HKLM\..\Run: [Oga] C:\WINDOWS\Jiv.exe
O4 - HKLM\..\Run: [Npr] C:\WINDOWS\SYSTEM\Vmc.exe
O4 - HKLM\..\Run: [Ccs] C:\WINDOWS\SYSTEM\Aht.exe
O4 - HKLM\..\Run: [Aah] C:\WINDOWS\Ous.exe
O4 - HKLM\..\Run: [Kas] C:\WINDOWS\Jkl.exe
O4 - HKLM\..\Run: [Tbi] C:\WINDOWS\SYSTEM\Sop.exe
O4 - HKLM\..\Run: [Etl] C:\WINDOWS\Bqn.exe
O4 - HKLM\..\Run: [Noh] C:\WINDOWS\Rbi.exe
O4 - HKLM\..\Run: [Cqt] C:\WINDOWS\SYSTEM\Mtk.exe
O4 - HKLM\..\Run: [Dui] C:\WINDOWS\Pjt.exe
O4 - HKLM\..\Run: [Dcr] C:\WINDOWS\Lgu.exe
O4 - HKLM\..\Run: [Jnv] C:\WINDOWS\SYSTEM\Mbt.exe
O4 - HKLM\..\Run: [Itu] C:\WINDOWS\SYSTEM\Jgr.exe
O4 - HKLM\..\Run: [Inm] C:\WINDOWS\Kmu.exe
O4 - HKLM\..\Run: [Dif] C:\WINDOWS\SYSTEM\Svq.exe
O4 - HKLM\..\Run: [Pcb] C:\WINDOWS\SYSTEM\Tlp.exe
O4 - HKLM\..\Run: [Bsi] C:\WINDOWS\Niq.exe
O4 - HKLM\..\Run: [Tbf] C:\WINDOWS\SYSTEM\Fhg.exe
O4 - HKLM\..\Run: [Tmd] C:\WINDOWS\Jvi.exe
O4 - HKLM\..\Run: [Ojh] C:\WINDOWS\Uok.exe
O4 - HKLM\..\Run: [Tqd] C:\WINDOWS\Lkj.exe
O4 - HKLM\..\Run: [Roa] C:\WINDOWS\Sfj.exe
O4 - HKLM\..\Run: [Uto] C:\WINDOWS\SYSTEM\Sqh.exe
O4 - HKLM\..\Run: [Fcs] C:\WINDOWS\Ctp.exe
O4 - HKLM\..\Run: [Elt] C:\WINDOWS\Mls.exe
O4 - HKLM\..\Run: [Pvb] C:\WINDOWS\Tgo.exe
O4 - HKLM\..\Run: [Hjq] C:\WINDOWS\Etf.exe
O4 - HKLM\..\Run: [Atb] C:\WINDOWS\Qia.exe
O4 - HKLM\..\Run: [Vsc] C:\WINDOWS\SYSTEM\Srk.exe
O4 - HKLM\..\Run: [Fri] C:\WINDOWS\Bdi.exe
O4 - HKLM\..\Run: [Hgo] C:\WINDOWS\She.exe
O4 - HKLM\..\Run: [Bpc] C:\WINDOWS\Opd.exe
O4 - HKLM\..\Run: [Mno] C:\WINDOWS\Aun.exe
O4 - HKLM\..\Run: [Ton] C:\WINDOWS\Plu.exe
O4 - HKLM\..\Run: [Pra] C:\WINDOWS\SYSTEM\Ltc.exe
O4 - HKLM\..\Run: [Apb] C:\WINDOWS\Vaj.exe
O4 - HKLM\..\Run: [Bep] C:\WINDOWS\Gsi.exe
O4 - HKLM\..\Run: [Cia] C:\WINDOWS\Oaf.exe
O4 - HKLM\..\Run: [Rar] C:\WINDOWS\SYSTEM\Fkt.exe
O4 - HKLM\..\Run: [Iof] C:\WINDOWS\Pda.exe
O4 - HKLM\..\Run: [Ctt] C:\WINDOWS\SYSTEM\Bkn.exe
O4 - HKLM\..\Run: [Aku] C:\WINDOWS\Koe.exe
O4 - HKLM\..\Run: [Sdj] C:\WINDOWS\SYSTEM\Iui.exe
O4 - HKLM\..\Run: [Cgj] C:\WINDOWS\SYSTEM\Mav.exe
O4 - HKLM\..\Run: [Bsj] C:\WINDOWS\Tmd.exe
O4 - HKLM\..\Run: [Eef] C:\WINDOWS\Unj.exe
O4 - HKLM\..\Run: [Ojj] C:\WINDOWS\Lnq.exe
O4 - HKLM\..\Run: [Pgv] C:\WINDOWS\Fbm.exe
O4 - HKLM\..\Run: [Gtp] C:\WINDOWS\Nvk.exe
O4 - HKLM\..\Run: [Qip] C:\WINDOWS\SYSTEM\Tci.exe
O4 - HKLM\..\Run: [Tif] C:\WINDOWS\Mfb.exe
O4 - HKLM\..\Run: [Dgc] C:\WINDOWS\SYSTEM\Jqp.exe
O4 - HKLM\..\Run: [Sia] C:\WINDOWS\Ebg.exe
O4 - HKLM\..\Run: [Nlt] C:\WINDOWS\Vpt.exe
O4 - HKLM\..\Run: [Blb] C:\WINDOWS\Put.exe
O4 - HKLM\..\Run: [Qsg] C:\WINDOWS\SYSTEM\Saa.exe
O4 - HKLM\..\Run: [Bng] C:\WINDOWS\SYSTEM\Hcc.exe
O4 - HKLM\..\Run: [Tgb] C:\WINDOWS\Etb.exe
O4 - HKLM\..\Run: [Vpf] C:\WINDOWS\Dgh.exe
O4 - HKLM\..\Run: [Nln] C:\WINDOWS\SYSTEM\Ajh.exe
O4 - HKLM\..\Run: [Rth] C:\WINDOWS\Prj.exe
O4 - HKLM\..\Run: [Mjv] C:\WINDOWS\Fei.exe
O4 - HKLM\..\Run: [Vjh] C:\WINDOWS\SYSTEM\Kmh.exe
O4 - HKLM\..\Run: [Gtc] C:\WINDOWS\SYSTEM\Djn.exe
O4 - HKLM\..\Run: [Iht] C:\WINDOWS\SYSTEM\Tmn.exe
O4 - HKLM\..\Run: [Bvl] C:\WINDOWS\Gtj.exe
O4 - HKLM\..\Run: [Cve] C:\WINDOWS\SYSTEM\Pvn.exe
O4 - HKLM\..\Run: [Tao] C:\WINDOWS\Tlo.exe
O4 - HKLM\..\Run: [Moj] C:\WINDOWS\SYSTEM\Ngd.exe
O4 - HKLM\..\Run: [Csm] C:\WINDOWS\Ehg.exe
O4 - HKLM\..\Run: [Hrn] C:\WINDOWS\SYSTEM\Jkn.exe
O4 - HKLM\..\Run: [Bbs] C:\WINDOWS\SYSTEM\Lvn.exe
O4 - HKLM\..\Run: [Qnb] C:\WINDOWS\SYSTEM\Ncd.exe
O4 - HKLM\..\Run: [Tmq] C:\WINDOWS\SYSTEM\Utm.exe
O4 - HKLM\..\Run: [Jfq] C:\WINDOWS\Veh.exe
O4 - HKLM\..\Run: [Fbq] C:\WINDOWS\Egh.exe
O4 - HKLM\..\Run: [Cku] C:\WINDOWS\Mjn.exe
O4 - HKLM\..\Run: [Kng] C:\WINDOWS\SYSTEM\Gnk.exe
O4 - HKLM\..\Run: [Usg] C:\WINDOWS\Pto.exe
O4 - HKLM\..\Run: [Tqn] C:\WINDOWS\SYSTEM\Jpl.exe
O4 - HKLM\..\Run: [Qaq] C:\WINDOWS\SYSTEM\Pej.exe
O4 - HKLM\..\Run: [Brr] C:\WINDOWS\Src.exe
O4 - HKLM\..\Run: [Teu] C:\WINDOWS\Vhs.exe
O4 - HKLM\..\Run: [Utj] C:\WINDOWS\Gcs.exe
O4 - HKLM\..\Run: [Jaj] C:\WINDOWS\SYSTEM\Afb.exe
O4 - HKLM\..\Run: [Ish] C:\WINDOWS\Tth.exe
O4 - HKLM\..\Run: [Rnh] C:\WINDOWS\SYSTEM\Lpr.exe
O4 - HKLM\..\Run: [Dvn] C:\WINDOWS\Odv.exe
O4 - HKLM\..\Run: [Ffn] C:\WINDOWS\Lnb.exe
O4 - HKLM\..\Run: [Ast] C:\WINDOWS\SYSTEM\Hsp.exe
O4 - HKLM\..\Run: [Pbm] C:\WINDOWS\Trp.exe
O4 - HKLM\..\Run: [Qag] C:\WINDOWS\SYSTEM\Jnf.exe
O4 - HKLM\..\Run: [Gkn] C:\WINDOWS\Beq.exe
O4 - HKLM\..\Run: [Atm] C:\WINDOWS\Jgv.exe
O4 - HKLM\..\Run: [Gvr] C:\WINDOWS\Gid.exe
O4 - HKLM\..\Run: [Aqq] C:\WINDOWS\Lhr.exe
O4 - HKLM\..\Run: [Ljm] C:\WINDOWS\Vte.exe
O4 - HKLM\..\Run: [Vim] C:\WINDOWS\SYSTEM\Mql.exe
O4 - HKLM\..\Run: [Eas] C:\WINDOWS\Jtj.exe
O4 - HKLM\..\Run: [Ogs] C:\WINDOWS\Fun.exe
O4 - HKLM\..\Run: [Glv] C:\WINDOWS\Frv.exe
O4 - HKLM\..\Run: [Ngd] C:\WINDOWS\Qoi.exe
O4 - HKLM\..\Run: [Kap] C:\WINDOWS\Ijm.exe
O4 - HKLM\..\Run: [Iaq] C:\WINDOWS\Jac.exe
O4 - HKLM\..\Run: [Iag] C:\WINDOWS\Bni.exe
O4 - HKLM\..\Run: [Bfo] C:\WINDOWS\Msv.exe
O4 - HKLM\..\Run: [Ede] C:\WINDOWS\Vqm.exe
O4 - HKLM\..\Run: [Loj] C:\WINDOWS\SYSTEM\Asf.exe
O4 - HKLM\..\Run: [Jok] C:\WINDOWS\Iqr.exe
O4 - HKLM\..\Run: [Rms] C:\WINDOWS\Rda.exe
O4 - HKLM\..\Run: [Qgc] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Gib] C:\WINDOWS\Qmh.exe
O4 - HKLM\..\Run: [Fim] C:\WINDOWS\Fjd.exe
O4 - HKLM\..\Run: [Dmr] C:\WINDOWS\SYSTEM\Tvc.exe
O4 - HKLM\..\Run: [Siu] C:\WINDOWS\SYSTEM\Ltb.exe
O4 - HKLM\..\Run: [Jke] C:\WINDOWS\SYSTEM\Jss.exe
O4 - HKLM\..\Run: [Dlp] C:\WINDOWS\SYSTEM\Sui.exe
O4 - HKLM\..\Run: [Ata] C:\WINDOWS\SYSTEM\Huh.exe
O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\SYSTEM\Pgj.exe
O4 - HKLM\..\Run: [Frs] C:\WINDOWS\Ntm.exe
O4 - HKLM\..\Run: [Tdk] C:\WINDOWS\Bak.exe
O4 - HKLM\..\Run: [Nqk] C:\WINDOWS\SYSTEM\Pqh.exe
O4 - HKLM\..\Run: [Dbc] C:\WINDOWS\SYSTEM\Ulb.exe
O4 - HKLM\..\Run: [Egn] C:\WINDOWS\SYSTEM\Ejq.exe
O4 - HKLM\..\Run: [Gql] C:\WINDOWS\SYSTEM\Euh.exe
O4 - HKLM\..\Run: [Vvc] C:\WINDOWS\SYSTEM\Cvb.exe
O4 - HKLM\..\Run: [Hql] C:\WINDOWS\Gsr.exe
O4 - HKLM\..\Run: [Lpm] C:\WINDOWS\Tvb.exe
O4 - HKLM\..\Run: [Oic] C:\WINDOWS\SYSTEM\Hhb.exe
O4 - HKLM\..\Run: [Rnq] C:\WINDOWS\SYSTEM\Gcf.exe
O4 - HKLM\..\Run: [Ohi] C:\WINDOWS\SYSTEM\Ocu.exe
O4 - HKLM\..\Run: [Mdo] C:\WINDOWS\Cvs.exe
O4 - HKLM\..\Run: [Vha] C:\WINDOWS\SYSTEM\Gdp.exe
O4 - HKLM\..\Run: [Uti] C:\WINDOWS\SYSTEM\Upd.exe
O4 - HKLM\..\Run: [Eqj] C:\WINDOWS\SYSTEM\Nce.exe
O4 - HKLM\..\Run: [Lsb] C:\WINDOWS\Rci.exe
O4 - HKLM\..\Run: [Sch] C:\WINDOWS\Hio.exe
O4 - HKLM\..\Run: [Vrf] C:\WINDOWS\Eko.exe
O4 - HKLM\..\Run: [Avj] C:\WINDOWS\SYSTEM\Enn.exe
O4 - HKLM\..\Run: [Rgv] C:\WINDOWS\SYSTEM\Fun.exe
O4 - HKLM\..\Run: [Sfa] C:\WINDOWS\Shn.exe
O4 - HKLM\..\Run: [Oqc] C:\WINDOWS\SYSTEM\Dlf.exe
O4 - HKLM\..\Run: [Pum] C:\WINDOWS\Spd.exe
O4 - HKLM\..\Run: [Eao] C:\WINDOWS\Hge.exe
O4 - HKLM\..\Run: [Dqd] C:\WINDOWS\SYSTEM\Cuo.exe
O4 - HKLM\..\Run: [Cef] C:\WINDOWS\Ahd.exe
O4 - HKLM\..\Run: [Jvg] C:\WINDOWS\SYSTEM\Pqs.exe
O4 - HKLM\..\Run: [Bhr] C:\WINDOWS\Mdj.exe
O4 - HKLM\..\Run: [Egj] C:\WINDOWS\Dvj.exe
O4 - HKLM\..\Run: [Bkl] C:\WINDOWS\Pmj.exe
O4 - HKLM\..\Run: [Mcq] C:\WINDOWS\SYSTEM\Hfn.exe
O4 - HKLM\..\Run: [Ull] C:\WINDOWS\SYSTEM\Nkh.exe
O4 - HKLM\..\Run: [Jsh] C:\WINDOWS\SYSTEM\Dkc.exe
O4 - HKLM\..\Run: [Cvo] C:\WINDOWS\Tjn.exe
O4 - HKLM\..\Run: [Nlg] C:\WINDOWS\Oer.exe
O4 - HKLM\..\Run: [Dpc] C:\WINDOWS\SYSTEM\Rmd.exe
O4 - HKLM\..\Run: [Nbs] C:\WINDOWS\SYSTEM\Nag.exe
O4 - HKLM\..\Run: [Hmh] C:\WINDOWS\SYSTEM\Ris.exe
O4 - HKLM\..\Run: [Llf] C:\WINDOWS\Oan.exe
O4 - HKLM\..\Run: [Egh] C:\WINDOWS\Fvt.exe
O4 - HKLM\..\Run: [Mkr] C:\WINDOWS\SYSTEM\Jfs.exe
O4 - HKLM\..\Run: [Tln] C:\WINDOWS\SYSTEM\Rkg.exe
O4 - HKLM\..\Run: [Gbv] C:\WINDOWS\SYSTEM\Hpc.exe
O4 - HKLM\..\Run: [Big] C:\WINDOWS\SYSTEM\Kig.exe
O4 - HKLM\..\Run: [Rcl] C:\WINDOWS\Hdc.exe
O4 - HKLM\..\Run: [Sld] C:\WINDOWS\SYSTEM\Lot.exe
O4 - HKLM\..\Run: [Qqu] C:\WINDOWS\Pua.exe
O4 - HKLM\..\Run: [Lpo] C:\WINDOWS\Kbt.exe
O4 - HKLM\..\Run: [Luc] C:\WINDOWS\SYSTEM\Lts.exe
O4 - HKLM\..\Run: [Tba] C:\WINDOWS\SYSTEM\Ded.exe
O4 - HKLM\..\Run: [Vrv] C:\WINDOWS\Mck.exe
O4 - HKLM\..\Run: [Vtp] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Uns] C:\WINDOWS\SYSTEM\Hut.exe
O4 - HKLM\..\Run: [Lnk] C:\WINDOWS\Lvv.exe
O4 - HKLM\..\Run: [Nhl] C:\WINDOWS\SYSTEM\Jcf.exe
O4 - HKLM\..\Run: [Rib] C:\WINDOWS\Dev.exe
O4 - HKLM\..\Run: [Keq] C:\WINDOWS\Kvm.exe
O4 - HKLM\..\Run: [Ecq] C:\WINDOWS\Hsr.exe
O4 - HKLM\..\Run: [Mrq] C:\WINDOWS\Gkd.exe
O4 - HKLM\..\Run: [Qjn] C:\WINDOWS\Ljb.exe
O4 - HKLM\..\Run: [Icj] C:\WINDOWS\Tpt.exe
O4 - HKLM\..\Run: [Jou] C:\WINDOWS\Bbh.exe
O4 - HKLM\..\Run: [Vfs] C:\WINDOWS\SYSTEM\Koa.exe
O4 - HKLM\..\Run: [Ver] C:\WINDOWS\SYSTEM\Cjm.exe
O4 - HKLM\..\Run: [Dkt] C:\WINDOWS\Cta.exe
O4 - HKLM\..\Run: [Uki] C:\WINDOWS\SYSTEM\Uii.exe
O4 - HKLM\..\Run: [Hbd] C:\WINDOWS\Saf.exe
O4 - HKLM\..\Run: [Qtl] C:\WINDOWS\Uec.exe
O4 - HKLM\..\Run: [Hra] C:\WINDOWS\SYSTEM\Edo.exe
O4 - HKLM\..\Run: [Hso] C:\WINDOWS\SYSTEM\Jpn.exe
O4 - HKLM\..\Run: [Cdu] C:\WINDOWS\Krv.exe
O4 - HKLM\..\Run: [Bps] C:\WINDOWS\Lqk.exe
O4 - HKLM\..\Run: [Qra] C:\WINDOWS\SYSTEM\Bjv.exe
O4 - HKLM\..\Run: [Cua] C:\WINDOWS\SYSTEM\Ebj.exe
O4 - HKLM\..\Run: [Ksb] C:\WINDOWS\Euv.exe
O4 - HKLM\..\Run: [Mdt] C:\WINDOWS\SYSTEM\Qlq.exe
O4 - HKLM\..\Run: [Cao] C:\WINDOWS\SYSTEM\Ivu.exe
O4 - HKLM\..\Run: [Ipb] C:\WINDOWS\SYSTEM\Bkt.exe
O4 - HKLM\..\Run: [Epj] C:\WINDOWS\SYSTEM\Gio.exe
O4 - HKLM\..\Run: [Mni] C:\WINDOWS\Vdk.exe
O4 - HKLM\..\Run: [Gto] C:\WINDOWS\Pdm.exe
O4 - HKLM\..\Run: [Mcn] C:\WINDOWS\SYSTEM\Hbu.exe
O4 - HKLM\..\Run: [Ikg] C:\WINDOWS\Uja.exe
O4 - HKLM\..\Run: [Lkr] C:\WINDOWS\Gas.exe
O4 - HKLM\..\Run: [Cav] C:\WINDOWS\Ect.exe
O4 - HKLM\..\Run: [Tdi] C:\WINDOWS\Vcp.exe
O4 - HKLM\..\Run: [Mhq] C:\WINDOWS\Uth.exe
O4 - HKLM\..\Run: [Csv] C:\WINDOWS\Fau.exe
O4 - HKLM\..\Run: [Iqc] C:\WINDOWS\SYSTEM\Kmf.exe
O4 - HKLM\..\Run: [Mjh] C:\WINDOWS\SYSTEM\Nob.exe
O4 - HKLM\..\Run: [Ara] C:\WINDOWS\SYSTEM\Rgd.exe
O4 - HKLM\..\Run: [Nci] C:\WINDOWS\SYSTEM\Buc.exe
O4 - HKLM\..\Run: [Anq] C:\WINDOWS\Ffj.exe
O4 - HKLM\..\Run: [Ksc] C:\WINDOWS\Qee.exe
O4 - HKLM\..\Run: [Kdm] C:\WINDOWS\SYSTEM\Isp.exe
O4 - HKLM\..\Run: [Cut] C:\WINDOWS\SYSTEM\Slb.exe
O4 - HKLM\..\Run: [Eja] C:\WINDOWS\SYSTEM\Drf.exe
O4 - HKLM\..\Run: [Abv] C:\WINDOWS\SYSTEM\Upt.exe
O4 - HKLM\..\Run: [Gdi] C:\WINDOWS\SYSTEM\Mel.exe
O4 - HKLM\..\Run: [Pdo] C:\WINDOWS\Npt.exe
O4 - HKLM\..\Run: [Agt] C:\WINDOWS\Qdq.exe
O4 - HKLM\..\Run: [Kcn] C:\WINDOWS\Dtg.exe
O4 - HKLM\..\Run: [Ria] C:\WINDOWS\Qao.exe
O4 - HKLM\..\Run: [Umg] C:\WINDOWS\SYSTEM\Pgs.exe
O4 - HKLM\..\Run: [Sme] C:\WINDOWS\Fai.exe
O4 - HKLM\..\Run: [Aia] C:\WINDOWS\SYSTEM\Jos.exe
O4 - HKLM\..\Run: [Rag] C:\WINDOWS\SYSTEM\Slj.exe
O4 - HKLM\..\Run: [Pts] C:\WINDOWS\Rsn.exe
O4 - HKLM\..\Run: [Ovg] C:\WINDOWS\SYSTEM\Gro.exe
O4 - HKLM\..\Run: [Jlt] C:\WINDOWS\SYSTEM\Kad.exe
O4 - HKLM\..\Run: [Krf] C:\WINDOWS\Rsi.exe
O4 - HKLM\..\Run: [Utd] C:\WINDOWS\Ksq.exe
O4 - HKLM\..\Run: [Bii] C:\WINDOWS\SYSTEM\Fqo.exe
O4 - HKLM\..\Run: [Dgd] C:\WINDOWS\SYSTEM\Mkk.exe
O4 - HKLM\..\Run: [Jrq] C:\WINDOWS\SYSTEM\Mme.exe
O4 - HKLM\..\Run: [Dgi] C:\WINDOWS\SYSTEM\Ulo.exe
O4 - HKLM\..\Run: [Dcm] C:\WINDOWS\Uqa.exe
O4 - HKLM\..\Run: [Vju] C:\WINDOWS\Klo.exe
O4 - HKLM\..\Run: [Blo] C:\WINDOWS\SYSTEM\Sbq.exe
O4 - HKLM\..\Run: [Man] C:\WINDOWS\Bac.exe
O4 - HKLM\..\Run: [Iti] C:\WINDOWS\SYSTEM\Arr.exe
O4 - HKLM\..\Run: [Omn] C:\WINDOWS\SYSTEM\Ref.exe
O4 - HKLM\..\Run: [Nmh] C:\WINDOWS\Cuv.exe
O4 - HKLM\..\Run: [Mim] C:\WINDOWS\Vhl.exe
O4 - HKLM\..\Run: [Ceg] C:\WINDOWS\Soq.exe
O4 - HKLM\..\Run: [Cor] C:\WINDOWS\Bka.exe
O4 - HKLM\..\Run: [Dvk] C:\WINDOWS\Ksq.exe
O4 - HKLM\..\Run: [Amv] C:\WINDOWS\Ili.exe
O4 - HKLM\..\Run: [Mtq] C:\WINDOWS\SYSTEM\Can.exe
O4 - HKLM\..\Run: [Aom] C:\WINDOWS\Jel.exe
O4 - HKLM\..\Run: [Rfb] C:\WINDOWS\Lko.exe
O4 - HKLM\..\Run: [Vdv] C:\WINDOWS\Jft.exe
O4 - HKLM\..\Run: [Rqc] C:\WINDOWS\SYSTEM\Tkm.exe
O4 - HKLM\..\Run: [Ejr] C:\WINDOWS\Fql.exe
O4 - HKLM\..\Run: [Ntl] C:\WINDOWS\Ccg.exe
O4 - HKLM\..\Run: [Gee] C:\WINDOWS\Rln.exe
O4 - HKLM\..\Run: [Lsl] C:\WINDOWS\Pap.exe
O4 - HKLM\..\Run: [Leg] C:\WINDOWS\Bls.exe
O4 - HKLM\..\Run: [Cdk] C:\WINDOWS\Duk.exe
O4 - HKLM\..\Run: [Nfv] C:\WINDOWS\Dil.exe
O4 - HKLM\..\Run: [Sqo] C:\WINDOWS\Bov.exe
O4 - HKLM\..\Run: [Rnd] C:\WINDOWS\SYSTEM\Qvd.exe
O4 - HKLM\..\Run: [Qja] C:\WINDOWS\SYSTEM\Ifv.exe
O4 - HKLM\..\Run: [Kqs] C:\WINDOWS\SYSTEM\Fko.exe
O4 - HKLM\..\Run: [Hgr] C:\WINDOWS\Vgp.exe
O4 - HKLM\..\Run: [Mjc] C:\WINDOWS\Akt.exe
O4 - HKLM\..\Run: [Bvb] C:\WINDOWS\SYSTEM\Ddm.exe
O4 - HKLM\..\Run: [Jna] C:\WINDOWS\SYSTEM\Ejc.exe
O4 - HKLM\..\Run: [Nhe] C:\WINDOWS\Iss.exe
O4 - HKLM\..\Run: [Hqj] C:\WINDOWS\SYSTEM\Ifo.exe
O4 - HKLM\..\Run: [Hoa] C:\WINDOWS\SYSTEM\Mjj.exe
O4 - HKLM\..\Run: [Our] C:\WINDOWS\SYSTEM\Lic.exe
O4 - HKLM\..\Run: [Onf] C:\WINDOWS\SYSTEM\Doq.exe
O4 - HKLM\..\Run: [Qfb] C:\WINDOWS\Tco.exe
O4 - HKLM\..\Run: [Njs] C:\WINDOWS\SYSTEM\Imk.exe
O4 - HKLM\..\Run: [Lpd] C:\WINDOWS\Ldd.exe
O4 - HKLM\..\Run: [Enp] C:\WINDOWS\Lvj.exe
O4 - HKLM\..\Run: [Rdd] C:\WINDOWS\Uoo.exe
O4 - HKLM\..\Run: [Lnl] C:\WINDOWS\Cem.exe
O4 - HKLM\..\Run: [Uoe] C:\WINDOWS\SYSTEM\Vtp.exe
O4 - HKLM\..\Run: [Buv] C:\WINDOWS\Hhi.exe
O4 - HKLM\..\Run: [Ece] C:\WINDOWS\SYSTEM\Pdi.exe
O4 - HKLM\..\Run: [Orl] C:\WINDOWS\Nke.exe
O4 - HKLM\..\Run: [Jeu] C:\WINDOWS\SYSTEM\Hkt.exe
O4 - HKLM\..\Run: [Oka] C:\WINDOWS\SYSTEM\Anl.exe
O4 - HKLM\..\Run: [Vtb] C:\WINDOWS\Rit.exe
O4 - HKLM\..\Run: [Rud] C:\WINDOWS\SYSTEM\Jms.exe
O4 - HKLM\..\Run: [Ckq] C:\WINDOWS\SYSTEM\Kab.exe
O4 - HKLM\..\Run: [Jih] C:\WINDOWS\SYSTEM\Utc.exe
O4 - HKLM\..\Run: [Mtt] C:\WINDOWS\SYSTEM\Hjr.exe
O4 - HKLM\..\Run: [Egp] C:\WINDOWS\Bjf.exe
O4 - HKLM\..\Run: [Uqc] C:\WINDOWS\SYSTEM\Rea.exe
O4 - HKLM\..\Run: [Ogf] C:\WINDOWS\Qnl.exe
O4 - HKLM\..\Run: [Pdc] C:\WINDOWS\Git.exe
O4 - HKLM\..\Run: [Dfu] C:\WINDOWS\Seh.exe
O4 - HKLM\..\Run: [Grj] C:\WINDOWS\Vjk.exe
O4 - HKLM\..\Run: [Eim] C:\WINDOWS\SYSTEM\Uin.exe
O4 - HKLM\..\Run: [Fdp] C:\WINDOWS\SYSTEM\Uej.exe
O4 - HKLM\..\Run: [Kgv] C:\WINDOWS\SYSTEM\Oom.exe
O4 - HKLM\..\Run: [Pce] C:\WINDOWS\Ihi.exe
O4 - HKLM\..\Run: [Qhf] C:\WINDOWS\SYSTEM\Rsv.exe
O4 - HKLM\..\Run: [Npb] C:\WINDOWS\Buf.exe
O4 - HKLM\..\Run: [Hcm] C:\WINDOWS\Aro.exe
O4 - HKLM\..\Run: [Sjs] C:\WINDOWS\SYSTEM\Lul.exe
O4 - HKLM\..\Run: [Jct] C:\WINDOWS\SYSTEM\Ptq.exe
O4 - HKLM\..\Run: [Str] C:\WINDOWS\Oal.exe
O4 - HKLM\..\Run: [Qlk] C:\WINDOWS\SYSTEM\Dpc.exe
O4 - HKLM\..\Run: [Irr] C:\WINDOWS\SYSTEM\Plq.exe
O4 - HKLM\..\Run: [Pmb] C:\WINDOWS\SYSTEM\Cbs.exe
O4 - HKLM\..\Run: [Khh] C:\WINDOWS\SYSTEM\Ago.exe
O4 - HKLM\..\Run: [Bob] C:\WINDOWS\SYSTEM\Gun.exe
O4 - HKLM\..\Run: [Blt] C:\WINDOWS\Cjs.exe
O4 - HKLM\..\Run: [Cmp] C:\WINDOWS\Dqj.exe
O4 - HKLM\..\Run: [Rdi] C:\WINDOWS\SYSTEM\Vln.exe
O4 - HKLM\..\Run: [Iek] C:\WINDOWS\Rtd.exe
O4 - HKLM\..\Run: [Cov] C:\WINDOWS\SYSTEM\Lpk.exe
O4 - HKLM\..\Run: [Lqu] C:\WINDOWS\SYSTEM\Phs.exe
O4 - HKLM\..\Run: [Ans] C:\WINDOWS\Eeh.exe
O4 - HKLM\..\Run: [Bop] C:\WINDOWS\SYSTEM\Ncj.exe
O4 - HKLM\..\Run: [Eau] C:\WINDOWS\Spk.exe
O4 - HKLM\..\Run: [Eev] C:\WINDOWS\SYSTEM\Qke.exe
O4 - HKLM\..\Run: [Chc] C:\WINDOWS\SYSTEM\Ovv.exe
O4 - HKLM\..\Run: [Ahk] C:\WINDOWS\Fds.exe
O4 - HKLM\..\Run: [Qjq] C:\WINDOWS\Uuk.exe
O4 - HKLM\..\Run: [Kgl] C:\WINDOWS\Utn.exe
O4 - HKLM\..\Run: [Ugr] C:\WINDOWS\SYSTEM\Ava.exe
O4 - HKLM\..\Run: [Vpc] C:\WINDOWS\Gnm.exe
O4 - HKLM\..\Run: [Bmg] C:\WINDOWS\SYSTEM\Llp.exe
O4 - HKLM\..\Run: [Enc] C:\WINDOWS\Bmu.exe
O4 - HKLM\..\Run: [Cqn] C:\WINDOWS\Ecj.exe
O4 - HKLM\..\Run: [Tej] C:\WINDOWS\Hai.exe
O4 - HKLM\..\Run: [Sob] C:\WINDOWS\Uqr.exe
O4 - HKLM\..\Run: [Sth] C:\WINDOWS\SYSTEM\Scv.exe
O4 - HKLM\..\Run: [Mbd] C:\WINDOWS\SYSTEM\Nie.exe
O4 - HKLM\..\Run: [Ogt] C:\WINDOWS\Uqt.exe
O4 - HKLM\..\Run: [Krk] C:\WINDOWS\SYSTEM\Vvr.exe
O4 - HKLM\..\Run: [Jmm] C:\WINDOWS\SYSTEM\Nkq.exe
O4 - HKLM\..\Run: [Jrm] C:\WINDOWS\SYSTEM\Mvs.exe
O4 - HKLM\..\Run: [Jqc] C:\WINDOWS\SYSTEM\Enp.exe
O4 - HKLM\..\Run: [Jve] C:\WINDOWS\Lqr.exe
O4 - HKLM\..\Run: [Cam] C:\WINDOWS\Elv.exe
O4 - HKLM\..\Run: [Bqf] C:\WINDOWS\SYSTEM\Sba.exe
O4 - HKLM\..\Run: [Hmn] C:\WINDOWS\SYSTEM\Rjb.exe
O4 - HKLM\..\Run: [Jmg] C:\WINDOWS\SYSTEM\Mjr.exe
O4 - HKLM\..\Run: [Qpr] C:\WINDOWS\SYSTEM\Epp.exe
O4 - HKLM\..\Run: [Okn] C:\WINDOWS\SYSTEM\Fdg.exe
O4 - HKLM\..\Run: [Rui] C:\WINDOWS\SYSTEM\Lub.exe
O4 - HKLM\..\Run: [Ihv] C:\WINDOWS\Vkq.exe
O4 - HKLM\..\Run: [Feq] C:\WINDOWS\SYSTEM\Men.exe
O4 - HKLM\..\Run: [Fro] C:\WINDOWS\SYSTEM\Bpp.exe
O4 - HKLM\..\Run: [Mfd] C:\WINDOWS\Fub.exe
O4 - HKLM\..\Run: [Kql] C:\WINDOWS\Fjr.exe
O4 - HKLM\..\Run: [Icc] C:\WINDOWS\Tqc.exe
O4 - HKLM\..\Run: [Pqm] C:\WINDOWS\Sdc.exe
O4 - HKLM\..\Run: [Qms] C:\WINDOWS\Tel.exe
O4 - HKLM\..\Run: [Uju] C:\WINDOWS\SYSTEM\Ism.exe
O4 - HKLM\..\Run: [Llp] C:\WINDOWS\Roo.exe
O4 - HKLM\..\Run: [Miu] C:\WINDOWS\Tnb.exe
O4 - HKLM\..\Run: [Bdq] C:\WINDOWS\Dqp.exe
O4 - HKLM\..\Run: [Ljt] C:\WINDOWS\SYSTEM\Cmn.exe
O4 - HKLM\..\Run: [Kmt] C:\WINDOWS\SYSTEM\Ted.exe
O4 - HKLM\..\Run: [Srl] C:\WINDOWS\Hog.exe
O4 - HKLM\..\Run: [Sjh] C:\WINDOWS\SYSTEM\Gid.exe
O4 - HKLM\..\Run: [Jhg] C:\WINDOWS\SYSTEM\Tir.exe
O4 - HKLM\..\Run: [Crt] C:\WINDOWS\SYSTEM\Kjf.exe
O4 - HKLM\..\Run: [Vrh] C:\WINDOWS\SYSTEM\Fin.exe
O4 - HKLM\..\Run: [Tqf] C:\WINDOWS\Uoo.exe
O4 - HKLM\..\Run: [Htf] C:\WINDOWS\SYSTEM\Beu.exe
O4 - HKLM\..\Run: [Jdc] C:\WINDOWS\Vlc.exe
O4 - HKLM\..\Run: [Gdf] C:\WINDOWS\Vkk.exe
O4 - HKLM\..\Run: [Abd] C:\WINDOWS\SYSTEM\Ghh.exe
O4 - HKLM\..\Run: [Cup] C:\WINDOWS\SYSTEM\Chv.exe
O4 - HKLM\..\Run: [Ert] C:\WINDOWS\Oef.exe
O4 - HKLM\..\Run: [Fka] C:\WINDOWS\SYSTEM\Qeb.exe
O4 - HKLM\..\Run: [Fvb] C:\WINDOWS\Lvs.exe
O4 - HKLM\..\Run: [Idr] C:\WINDOWS\SYSTEM\Qak.exe
O4 - HKLM\..\Run: [Vjq] C:\WINDOWS\Jpi.exe
O4 - HKLM\..\Run: [Chg] C:\WINDOWS\Msj.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\Jrd.exe
O4 - HKLM\..\Run: [Okq] C:\WINDOWS\Hpg.exe
O4 - HKLM\..\Run: [Omi] C:\WINDOWS\SYSTEM\Abq.exe
O4 - HKLM\..\Run: [Bdm] C:\WINDOWS\Dls.exe
O4 - HKLM\..\Run: [Evp] C:\WINDOWS\SYSTEM\Hqo.exe
O4 - HKLM\..\Run: [Uaj] C:\WINDOWS\SYSTEM\Ppg.exe
O4 - HKLM\..\Run: [Lgv] C:\WINDOWS\SYSTEM\Smd.exe
O4 - HKLM\..\Run: [Qmg] C:\WINDOWS\Gum.exe
O4 - HKLM\..\Run: [Bpf] C:\WINDOWS\SYSTEM\Fac.exe
O4 - HKLM\..\Run: [Bfc] C:\WINDOWS\SYSTEM\Gfa.exe
O4 - HKLM\..\Run: [Hum] C:\WINDOWS\SYSTEM\Lck.exe
O4 - HKLM\..\Run: [Cid] C:\WINDOWS\Bki.exe
O4 - HKLM\..\Run: [Oaj] C:\WINDOWS\Vbp.exe
O4 - HKLM\..\Run: [Upe] C:\WINDOWS\SYSTEM\Lkt.exe
O4 - HKLM\..\Run: [Kjb] C:\WINDOWS\Eve.exe
O4 - HKLM\..\Run: [Qvi] C:\WINDOWS\SYSTEM\Dcc.exe
O4 - HKLM\..\Run: [Ijb] C:\WINDOWS\Fut.exe
O4 - HKLM\..\Run: [Ipv] C:\WINDOWS\Vuk.exe
O4 - HKLM\..\Run: [Dlq] C:\WINDOWS\Dtt.exe
O4 - HKLM\..\Run: [Htk] C:\WINDOWS\SYSTEM\Ttd.exe
O4 - HKLM\..\Run: [Vui] C:\WINDOWS\SYSTEM\Oqh.exe
O4 - HKLM\..\Run: [Lnv] C:\WINDOWS\SYSTEM\Fri.exe
O4 - HKLM\..\Run: [Seo] C:\WINDOWS\SYSTEM\Mam.exe
O4 - HKLM\..\Run: [Guk] C:\WINDOWS\SYSTEM\Erh.exe
O4 - HKLM\..\Run: [Gth] C:\WINDOWS\SYSTEM\Sue.exe
O4 - HKLM\..\Run: [Sgq] C:\WINDOWS\Gbg.exe
O4 - HKLM\..\Run: [Ljs] C:\WINDOWS\SYSTEM\Hco.exe
O4 - HKLM\..\Run: [Seb] C:\WINDOWS\SYSTEM\Ksm.exe
O4 - HKLM\..\Run: [Ese] C:\WINDOWS\Atl.exe
O4 - HKLM\..\Run: [Nag] C:\WINDOWS\Pis.exe
O4 - HKLM\..\Run: [Fqj] C:\WINDOWS\SYSTEM\Boc.exe
O4 - HKLM\..\Run: [Fpv] C:\WINDOWS\SYSTEM\Rhn.exe
O4 - HKLM\..\Run: [Tch] C:\WINDOWS\SYSTEM\Jkj.exe
O4 - HKLM\..\Run: [Fuh] C:\WINDOWS\Ult.exe
O4 - HKLM\..\Run: [Qha] C:\WINDOWS\SYSTEM\Jba.exe
O4 - HKLM\..\Run: [Tvj] C:\WINDOWS\SYSTEM\Bjv.exe
O4 - HKLM\..\Run: [Tgg] C:\WINDOWS\SYSTEM\Odm.exe
O4 - HKLM\..\Run: [Bqs] C:\WINDOWS\Hri.exe
O4 - HKLM\..\Run: [Rns] C:\WINDOWS\Kan.exe
O4 - HKLM\..\Run: [Tpb] C:\WINDOWS\SYSTEM\Uft.exe
O4 - HKLM\..\Run: [Oop] C:\WINDOWS\SYSTEM\Bng.exe
O4 - HKLM\..\Run: [Tnv] C:\WINDOWS\Tmb.exe
O4 - HKLM\..\Run: [Sbj] C:\WINDOWS\SYSTEM\Ahs.exe
O4 - HKLM\..\Run: [Sht] C:\WINDOWS\Ueh.exe
O4 - HKLM\..\Run: [Vfa] C:\WINDOWS\Ior.exe
O4 - HKLM\..\Run: [Vee] C:\WINDOWS\SYSTEM\Tnp.exe
O4 - HKLM\..\Run: [Qrr] C:\WINDOWS\Ktq.exe
O4 - HKLM\..\Run: [Lfk] C:\WINDOWS\Orr.exe
O4 - HKLM\..\Run: [Piv] C:\WINDOWS\SYSTEM\Arq.exe
O4 - HKLM\..\Run: [Jit] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Rpk] C:\WINDOWS\SYSTEM\Nph.exe
O4 - HKLM\..\Run: [Gfh] C:\WINDOWS\SYSTEM\Mme.exe
O4 - HKLM\..\Run: [Ith] C:\WINDOWS\SYSTEM\Ins.exe
O4 - HKLM\..\Run: [Vcj] C:\WINDOWS\Rel.exe
O4 - HKLM\..\Run: [Kkd] C:\WINDOWS\Kom.exe
O4 - HKLM\..\Run: [Ped] C:\WINDOWS\Dpf.exe
O4 - HKLM\..\Run: [Ruk] C:\WINDOWS\SYSTEM\Ist.exe
O4 - HKLM\..\Run: [Oce] C:\WINDOWS\SYSTEM\Kpr.exe
O4 - HKLM\..\Run: [Qft] C:\WINDOWS\SYSTEM\Dsq.exe
O4 - HKLM\..\Run: [Nqj] C:\WINDOWS\Pro.exe
O4 - HKLM\..\Run: [Pns] C:\WINDOWS\Ttv.exe
O4 - HKLM\..\Run: [Uut] C:\WINDOWS\Cnn.exe
O4 - HKLM\..\Run: [Unk] C:\WINDOWS\SYSTEM\Jpb.exe
O4 - HKLM\..\Run: [Aqj] C:\WINDOWS\Mnn.exe
O4 - HKLM\..\Run: [Qlr] C:\WINDOWS\Dak.exe
O4 - HKLM\..\Run: [Evd] C:\WINDOWS\Rfs.exe
O4 - HKLM\..\Run: [Ujl] C:\WINDOWS\SYSTEM\Pfh.exe
O4 - HKLM\..\Run: [Ftd] C:\WINDOWS\Ndk.exe
O4 - HKLM\..\Run: [Nqb] C:\WINDOWS\SYSTEM\Ili.exe
O4 - HKLM\..\Run: [Iiu] C:\WINDOWS\SYSTEM\Mod.exe
O4 - HKLM\..\Run: [Dsj] C:\WINDOWS\SYSTEM\Cfs.exe
O4 - HKLM\..\Run: [Ajj] C:\WINDOWS\SYSTEM\Gau.exe
O4 - HKLM\..\Run: [Hen] C:\WINDOWS\SYSTEM\Bui.exe
O4 - HKLM\..\Run: [Pef] C:\WINDOWS\SYSTEM\Iml.exe
O4 - HKLM\..\Run: [Dnf] C:\WINDOWS\SYSTEM\Idm.exe
O4 - HKLM\..\Run: [Otu] C:\WINDOWS\Iju.exe
O4 - HKLM\..\Run: [Dqk] C:\WINDOWS\Tim.exe
O4 - HKLM\..\Run: [Rbi] C:\WINDOWS\SYSTEM\Blr.exe
O4 - HKLM\..\Run: [Ape] C:\WINDOWS\SYSTEM\Npo.exe
O4 - HKLM\..\Run: [Ebt] C:\WINDOWS\Mmt.exe
O4 - HKLM\..\Run: [Hbm] C:\WINDOWS\Pet.exe
O4 - HKLM\..\Run: [Kvc] C:\WINDOWS\Kkp.exe
O4 - HKLM\..\Run: [Ctf] C:\WINDOWS\SYSTEM\Lbt.exe
O4 - HKLM\..\Run: [Qsl] C:\WINDOWS\Isu.exe
O4 - HKLM\..\Run: [Fal] C:\WINDOWS\Pha.exe
O4 - HKLM\..\Run: [Jps] C:\WINDOWS\SYSTEM\Mup.exe
O4 - HKLM\..\Run: [Umk] C:\WINDOWS\SYSTEM\Cii.exe
O4 - HKLM\..\Run: [Jmh] C:\WINDOWS\Ulj.exe
O4 - HKLM\..\Run: [Fnb] C:\WINDOWS\SYSTEM\Dtq.exe
O4 - HKLM\..\Run: [Jic] C:\WINDOWS\SYSTEM\Lpc.exe
O4 - HKLM\..\Run: [Qao] C:\WINDOWS\Ual.exe
O4 - HKLM\..\Run: [Opa] C:\WINDOWS\Fps.exe
O4 - HKLM\..\Run: [Fth] C:\WINDOWS\Uqk.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Ehr] C:\WINDOWS\SYSTEM\Fcb.exe
O4 - HKCU\..\Run: [Win32 Time Zone] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKCU\..\Run: [Ftf] C:\WINDOWS\Jlk.exe
O4 - HKCU\..\Run: [Vvf] C:\WINDOWS\SYSTEM\Jlv.exe
O4 - HKCU\..\Run: [Cuq] C:\WINDOWS\Kus.exe
O4 - HKCU\..\Run: [Khb] C:\WINDOWS\Cpn.exe
O4 - HKCU\..\Run: [Qki] C:\WINDOWS\SYSTEM\Cli.exe
O4 - HKCU\..\Run: [Tcr] C:\WINDOWS\Bdg.exe
O4 - HKCU\..\Run: [Scc] C:\WINDOWS\Hlc.exe
O4 - HKCU\..\Run: [Jad] C:\WINDOWS\Lcf.exe
O4 - HKCU\..\Run: [Olk] C:\WINDOWS\SYSTEM\Dco.exe
O4 - HKCU\..\Run: [Efe] C:\WINDOWS\SYSTEM\Oqg.exe
O4 - HKCU\..\Run: [Crf] C:\WINDOWS\Flq.exe
O4 - HKCU\..\Run: [Eso] C:\WINDOWS\SYSTEM\Ejh.exe
O4 - HKCU\..\Run: [Khl] C:\WINDOWS\Ani.exe
O4 - HKCU\..\Run: [Cga] C:\WINDOWS\SYSTEM\Frf.exe
O4 - HKCU\..\Run: [Job] C:\WINDOWS\Hne.exe
O4 - HKCU\..\Run: [Vjs] C:\WINDOWS\SYSTEM\Fnb.exe
O4 - HKCU\..\Run: [Set] C:\WINDOWS\SYSTEM\Elm.exe
O4 - HKCU\..\Run: [Ihl] C:\WINDOWS\SYSTEM\Vms.exe
O4 - HKCU\..\Run: [Nco] C:\WINDOWS\SYSTEM\Jop.exe
O4 - HKCU\..\Run: [Rou] C:\WINDOWS\Agf.exe
O4 - HKCU\..\Run: [Mgj] C:\WINDOWS\SYSTEM\Rrv.exe
O4 - HKCU\..\Run: [Okl] C:\WINDOWS\SYSTEM\Qhd.exe
O4 - HKCU\..\Run: [Fdr] C:\WINDOWS\Vgu.exe
O4 - HKCU\..\Run: [Rfj] C:\WINDOWS\SYSTEM\Eed.exe
O4 - HKCU\..\Run: [Rrs] C:\WINDOWS\Fsc.exe
O4 - HKCU\..\Run: [Nqu] C:\WINDOWS\SYSTEM\Rga.exe
O4 - HKCU\..\Run: [Jrc] C:\WINDOWS\Rmp.exe
O4 - HKCU\..\Run: [Muo] C:\WINDOWS\Ujp.exe
O4 - HKCU\..\Run: [Mps] C:\WINDOWS\SYSTEM\Bir.exe
O4 - HKCU\..\Run: [Irs] C:\WINDOWS\SYSTEM\Fem.exe
O4 - HKCU\..\Run: [Nrj] C:\WINDOWS\SYSTEM\Kig.exe
O4 - HKCU\..\Run: [Rst] C:\WINDOWS\Upr.exe
O4 - HKCU\..\Run: [Vuu] C:\WINDOWS\SYSTEM\Lnf.exe
O4 - HKCU\..\Run: [Mrb] C:\WINDOWS\SYSTEM\Ins.exe
O4 - HKCU\..\Run: [Crb] C:\WINDOWS\Ivt.exe
O4 - HKCU\..\Run: [Ltf] C:\WINDOWS\SYSTEM\Usk.exe
O4 - HKCU\..\Run: [Gis] C:\WINDOWS\SYSTEM\Rml.exe
O4 - HKCU\..\Run: [Pto] C:\WINDOWS\SYSTEM\Brc.exe
O4 - HKCU\..\Run: [Rrd] C:\WINDOWS\Ngm.exe
O4 - HKCU\..\Run: [Kmm] C:\WINDOWS\Hcs.exe
O4 - HKCU\..\Run: [Mtr] C:\WINDOWS\SYSTEM\Pke.exe
O4 - HKCU\..\Run: [Mpe] C:\WINDOWS\SYSTEM\Bdo.exe
O4 - HKCU\..\Run: [Qbb] C:\WINDOWS\SYSTEM\Eqg.exe
O4 - HKCU\..\Run: [Dph] C:\WINDOWS\Mhs.exe
O4 - HKCU\..\Run: [Nlu] C:\WINDOWS\SYSTEM\Dvg.exe
O4 - HKCU\..\Run: [Ibe] C:\WINDOWS\Ueu.exe
O4 - HKCU\..\Run: [Rcf] C:\WINDOWS\SYSTEM\Qvo.exe
O4 - HKCU\..\Run: [Upq] C:\WINDOWS\SYSTEM\Pqb.exe
O4 - HKCU\..\Run: [Nvg] C:\WINDOWS\Ccn.exe
O4 - HKCU\..\Run: [Pmc] C:\WINDOWS\Edg.exe
O4 - HKCU\..\Run: [Ltv] C:\WINDOWS\Lqq.exe
O4 - HKCU\..\Run: [Urr] C:\WINDOWS\SYSTEM\Qmg.exe
O4 - HKCU\..\Run: [Tga] C:\WINDOWS\SYSTEM\Usb.exe
O4 - HKCU\..\Run: [Utt] C:\WINDOWS\Pof.exe
O4 - HKCU\..\Run: [Sim] C:\WINDOWS\Uio.exe
O4 - HKCU\..\Run: [Esg] C:\WINDOWS\Gsh.exe
O4 - HKCU\..\Run: [Ihb] C:\WINDOWS\Ffc.exe
O4 - HKCU\..\Run: [Cof] C:\WINDOWS\Rbk.exe
O4 - HKCU\..\Run: [Hlg] C:\WINDOWS\Aou.exe
O4 - HKCU\..\Run: [Ome] C:\WINDOWS\SYSTEM\Mmn.exe
O4 - HKCU\..\Run: [Lcv] C:\WINDOWS\Abc.exe
O4 - HKCU\..\Run: [Cbf] C:\WINDOWS\Fta.exe
O4 - HKCU\..\Run: [Cbh] C:\WINDOWS\SYSTEM\Jhk.exe
O4 - HKCU\..\Run: [Hhm] C:\WINDOWS\SYSTEM\Dai.exe
O4 - HKCU\..\Run: [Pbl] C:\WINDOWS\Shp.exe
O4 - HKCU\..\Run: [Bmt] C:\WINDOWS\Ago.exe
O4 - HKCU\..\Run: [Lik] C:\WINDOWS\Ttb.exe
O4 - HKCU\..\Run: [Ntt] C:\WINDOWS\Opv.exe
O4 - HKCU\..\Run: [Pim] C:\WINDOWS\Rvu.exe
O4 - HKCU\..\Run: [Klk] C:\WINDOWS\SYSTEM\Qoh.exe
O4 - HKCU\..\Run: [Jka] C:\WINDOWS\SYSTEM\Lic.exe
O4 - HKCU\..\Run: [Hfv] C:\WINDOWS\SYSTEM\Gdi.exe
O4 - HKCU\..\Run: [Efg] C:\WINDOWS\Hag.exe
O4 - HKCU\..\Run: [Ivs] C:\WINDOWS\Dlb.exe
O4 - HKCU\..\Run: [Aqu] C:\WINDOWS\SYSTEM\Ida.exe
O4 - HKCU\..\Run: [Jrp] C:\WINDOWS\SYSTEM\Ucc.exe
O4 - HKCU\..\Run: [Fts] C:\WINDOWS\Kbg.exe
O4 - HKCU\..\Run: [Bll] C:\WINDOWS\SYSTEM\Vkb.exe
O4 - HKCU\..\Run: [Clt] C:\WINDOWS\SYSTEM\Agq.exe
O4 - HKCU\..\Run: [Fcb] C:\WINDOWS\SYSTEM\Cbt.exe
O4 - HKCU\..\Run: [Djt] C:\WINDOWS\Jgm.exe
O4 - HKCU\..\Run: [Pdm] C:\WINDOWS\Vep.exe
O4 - HKCU\..\Run: [Mvb] C:\WINDOWS\SYSTEM\Ojg.exe
O4 - HKCU\..\Run: [Ift] C:\WINDOWS\Bgr.exe
O4 - HKCU\..\Run: [Nbb] C:\WINDOWS\Hsf.exe
O4 - HKCU\..\Run: [Qcc] C:\WINDOWS\SYSTEM\Prk.exe
O4 - HKCU\..\Run: [Vpm] C:\WINDOWS\Phe.exe
O4 - HKCU\..\Run: [Vmd] C:\WINDOWS\Bsi.exe
O4 - HKCU\..\Run: [Cpf] C:\WINDOWS\SYSTEM\Oes.exe
O4 - HKCU\..\Run: [Keo] C:\WINDOWS\SYSTEM\Oos.exe
O4 - HKCU\..\Run: [Kps] C:\WINDOWS\Akd.exe
O4 - HKCU\..\Run: [Gul] C:\WINDOWS\SYSTEM\Fvv.exe
O4 - HKCU\..\Run: [Vod] C:\WINDOWS\SYSTEM\Smd.exe
O4 - HKCU\..\Run: [Hoj] C:\WINDOWS\SYSTEM\Emi.exe
O4 - HKCU\..\Run: [Ftv] C:\WINDOWS\Lmv.exe
O4 - HKCU\..\Run: [Dmo] C:\WINDOWS\Rnh.exe
O4 - HKCU\..\Run: [Vqn] C:\WINDOWS\Haj.exe
O4 - HKCU\..\Run: [Ghr] C:\WINDOWS\Pgf.exe
O4 - HKCU\..\Run: [Dpg] C:\WINDOWS\SYSTEM\Iqt.exe
O4 - HKCU\..\Run: [Hab] C:\WINDOWS\Saf.exe
O4 - HKCU\..\Run: [Mua] C:\WINDOWS\Hbi.exe
O4 - HKCU\..\Run: [Cqj] C:\WINDOWS\Brh.exe
O4 - HKCU\..\Run: [Cue] C:\WINDOWS\Jmf.exe
O4 - HKCU\..\Run: [Ecm] C:\WINDOWS\SYSTEM\Gfv.exe
O4 - HKCU\..\Run: [Tvg] C:\WINDOWS\Bav.exe
O4 - HKCU\..\Run: [Fhe] C:\WINDOWS\Ijq.exe
O4 - HKCU\..\Run: [Ejq] C:\WINDOWS\SYSTEM\Bsf.exe
O4 - HKCU\..\Run: [Dsa] C:\WINDOWS\SYSTEM\Uqh.exe
O4 - HKCU\..\Run: [Gfe] C:\WINDOWS\Jpp.exe
O4 - HKCU\..\Run: [Iik] C:\WINDOWS\Tti.exe
O4 - HKCU\..\Run: [Mcs] C:\WINDOWS\SYSTEM\Dbv.exe
O4 - HKCU\..\Run: [Dmu] C:\WINDOWS\SYSTEM\Rgs.exe
O4 - HKCU\..\Run: [Lie] C:\WINDOWS\Oia.exe
O4 - HKCU\..\Run: [Tsl] C:\WINDOWS\Nic.exe
O4 - HKCU\..\Run: [Dam] C:\WINDOWS\Oib.exe
O4 - HKCU\..\Run: [Unl] C:\WINDOWS\Jro.exe
O4 - HKCU\..\Run: [Kbh] C:\WINDOWS\Pus.exe
O4 - HKCU\..\Run: [Eji] C:\WINDOWS\Aln.exe
O4 - HKCU\..\Run: [Iok] C:\WINDOWS\Kuq.exe
O4 - HKCU\..\Run: [Kbs] C:\WINDOWS\SYSTEM\Bjf.exe
O4 - HKCU\..\Run: [Dfi] C:\WINDOWS\SYSTEM\Mec.exe
O4 - HKCU\..\Run: [Sag] C:\WINDOWS\SYSTEM\Hfk.exe
O4 - HKCU\..\Run: [Ooa] C:\WINDOWS\SYSTEM\Dse.exe
O4 - HKCU\..\Run: [Acn] C:\WINDOWS\Pqu.exe
O4 - HKCU\..\Run: [Kqh] C:\WINDOWS\SYSTEM\Svg.exe
O4 - HKCU\..\Run: [Ppr] C:\WINDOWS\SYSTEM\Ddu.exe
O4 - HKCU\..\Run: [Fcp] C:\WINDOWS\Vue.exe
O4 - HKCU\..\Run: [Bct] C:\WINDOWS\Gsl.exe
O4 - HKCU\..\Run: [Ics] C:\WINDOWS\SYSTEM\Qij.exe
O4 - HKCU\..\Run: [Tin] C:\WINDOWS\Fvd.exe
O4 - HKCU\..\Run: [Ela] C:\WINDOWS\SYSTEM\Lho.exe
O4 - HKCU\..\Run: [Qhg] C:\WINDOWS\Kao.exe
O4 - HKCU\..\Run: [Bns] C:\WINDOWS\Lhr.exe
O4 - HKCU\..\Run: [Cbn] C:\WINDOWS\SYSTEM\Rup.exe
O4 - HKCU\..\Run: [Mlr] C:\WINDOWS\SYSTEM\Jrj.exe
O4 - HKCU\..\Run: [Odp] C:\WINDOWS\SYSTEM\Inn.exe
O4 - HKCU\..\Run: [Hce] C:\WINDOWS\SYSTEM\Tgs.exe
O4 - HKCU\..\Run: [Nqp] C:\WINDOWS\SYSTEM\Rpb.exe
O4 - HKCU\..\Run: [Ads] C:\WINDOWS\SYSTEM\Ubi.exe
O4 - HKCU\..\Run: [Hvn] C:\WINDOWS\Oem.exe
O4 - HKCU\..\Run: [Pah] C:\WINDOWS\SYSTEM\Scc.exe
O4 - HKCU\..\Run: [Mlk] C:\WINDOWS\Fhp.exe
O4 - HKCU\..\Run: [Nsd] C:\WINDOWS\Ikt.exe
O4 - HKCU\..\Run: [Daq] C:\WINDOWS\Nnu.exe
O4 - HKCU\..\Run: [Hse] C:\WINDOWS\SYSTEM\Vta.exe
O4 - HKCU\..\Run: [Fcg] C:\WINDOWS\SYSTEM\Mud.exe
O4 - HKCU\..\Run: [Fil] C:\WINDOWS\Gbh.exe
O4 - HKCU\..\Run: [Rnb] C:\WINDOWS\SYSTEM\Okf.exe
O4 - HKCU\..\Run: [Cbv] C:\WINDOWS\SYSTEM\Ngb.exe
O4 - HKCU\..\Run: [Upi] C:\WINDOWS\SYSTEM\Snh.exe
O4 - HKCU\..\Run: [Tlq] C:\WINDOWS\SYSTEM\Nvq.exe
O4 - HKCU\..\Run: [Kaq] C:\WINDOWS\SYSTEM\Tcc.exe
O4 - HKCU\..\Run: [Duc] C:\WINDOWS\Vdp.exe
O4 - HKCU\..\Run: [Lhp] C:\WINDOWS\SYSTEM\Joi.exe
O4 - HKCU\..\Run: [Han] C:\WINDOWS\Pgb.exe
O4 - HKCU\..\Run: [Dkh] C:\WINDOWS\Fsg.exe
O4 - HKCU\..\Run: [Isl] C:\WINDOWS\SYSTEM\Ddn.exe
O4 - HKCU\..\Run: [Anu] C:\WINDOWS\Mja.exe
O4 - HKCU\..\Run: [Jdn] C:\WINDOWS\Bgn.exe
O4 - HKCU\..\Run: [Knf] C:\WINDOWS\Iba.exe
O4 - HKCU\..\Run: [Bjp] C:\WINDOWS\Gec.exe
O4 - HKCU\..\Run: [Kvd] C:\WINDOWS\Toi.exe
O4 - HKCU\..\Run: [Bor] C:\WINDOWS\SYSTEM\Hhh.exe
O4 - HKCU\..\Run: [Fgv] C:\WINDOWS\Mjp.exe
O4 - HKCU\..\Run: [Rhs] C:\WINDOWS\SYSTEM\Tih.exe
O4 - HKCU\..\Run: [Fmg] C:\WINDOWS\SYSTEM\Kto.exe
O4 - HKCU\..\Run: [Aab] C:\WINDOWS\Psl.exe
O4 - HKCU\..\Run: [Fsd] C:\WINDOWS\Aqk.exe
O4 - HKCU\..\Run: [Cjb] C:\WINDOWS\SYSTEM\Jtg.exe
O4 - HKCU\..\Run: [Keh] C:\WINDOWS\Vij.exe
O4 - HKCU\..\Run: [Uhl] C:\WINDOWS\Onl.exe
O4 - HKCU\..\Run: [Mlc] C:\WINDOWS\SYSTEM\Osa.exe
O4 - HKCU\..\Run: [Rgq] C:\WINDOWS\Bld.exe
O4 - HKCU\..\Run: [Ocs] C:\WINDOWS\SYSTEM\Ket.exe
O4 - HKCU\..\Run: [Rji] C:\WINDOWS\Udd.exe
O4 - HKCU\..\Run: [Mtc] C:\WINDOWS\Bli.exe
O4 - HKCU\..\Run: [Rba] C:\WINDOWS\Fir.exe
O4 - HKCU\..\Run: [Phg] C:\WINDOWS\SYSTEM\Rdg.exe
O4 - HKCU\..\Run: [Ctv] C:\WINDOWS\Mro.exe
O4 - HKCU\..\Run: [Dha] C:\WINDOWS\SYSTEM\Car.exe
O4 - HKCU\..\Run: [Ubl] C:\WINDOWS\SYSTEM\Gdo.exe
O4 - HKCU\..\Run: [Tag] C:\WINDOWS\SYSTEM\Skr.exe
O4 - HKCU\..\Run: [Upu] C:\WINDOWS\Khs.exe
O4 - HKCU\..\Run: [Fhf] C:\WINDOWS\SYSTEM\Dch.exe
O4 - HKCU\..\Run: [Ocd] C:\WINDOWS\SYSTEM\Iba.exe
O4 - HKCU\..\Run: [Pia] C:\WINDOWS\SYSTEM\Raq.exe
O4 - HKCU\..\Run: [Dse] C:\WINDOWS\Vfg.exe
O4 - HKCU\..\Run: [Hpg] C:\WINDOWS\Ftk.exe
O4 - HKCU\..\Run: [Rpl] C:\WINDOWS\SYSTEM\Tqv.exe
O4 - HKCU\..\Run: [Gkl] C:\WINDOWS\Req.exe
O4 - HKCU\..\Run: [Ofa] C:\WINDOWS\SYSTEM\Qdb.exe
O4 - HKCU\..\Run: [Era] C:\WINDOWS\SYSTEM\Njn.exe
O4 - HKCU\..\Run: [Bdi] C:\WINDOWS\Kta.exe
O4 - HKCU\..\Run: [Jdb] C:\WINDOWS\SYSTEM\Tui.exe
O4 - HKCU\..\Run: [Aph] C:\WINDOWS\Ioc.exe
O4 - HKCU\..\Run: [Ubm] C:\WINDOWS\Lrp.exe
O4 - HKCU\..\Run: [Ois] C:\WINDOWS\Rmo.exe
O4 - HKCU\..\Run: [Jrd] C:\WINDOWS\SYSTEM\Htr.exe
O4 - HKCU\..\Run: [Gdl] C:\WINDOWS\SYSTEM\Dqg.exe
O4 - HKCU\..\Run: [Nvj] C:\WINDOWS\SYSTEM\Itf.exe
O4 - HKCU\..\Run: [Tfj] C:\WINDOWS\Pjb.exe
O4 - HKCU\..\Run: [Cgg] C:\WINDOWS\Cqi.exe
O4 - HKCU\..\Run: [Tqi] C:\WINDOWS\SYSTEM\Alo.exe
O4 - HKCU\..\Run: [Sbm] C:\WINDOWS\Ugt.exe
O4 - HKCU\..\Run: [Pbe] C:\WINDOWS\Idi.exe
O4 - HKCU\..\Run: [Gjr] C:\WINDOWS\Clt.exe
O4 - HKCU\..\Run: [Nog] C:\WINDOWS\SYSTEM\Cme.exe
O4 - HKCU\..\Run: [Bgh] C:\WINDOWS\SYSTEM\Ekp.exe
O4 - HKCU\..\Run: [Mai] C:\WINDOWS\SYSTEM\Abd.exe
O4 - HKCU\..\Run: [Bdp] C:\WINDOWS\Qji.exe
O4 - HKCU\..\Run: [Drb] C:\WINDOWS\SYSTEM\Enl.exe
O4 - HKCU\..\Run: [Jlb] C:\WINDOWS\SYSTEM\Bai.exe
O4 - HKCU\..\Run: [Vrm] C:\WINDOWS\Psm.exe
O4 - HKCU\..\Run: [Pti] C:\WINDOWS\SYSTEM\Fmi.exe
O4 - HKCU\..\Run: [Ala] C:\WINDOWS\SYSTEM\Enf.exe
O4 - HKCU\..\Run: [Qnk] C:\WINDOWS\SYSTEM\Qlj.exe
O4 - HKCU\..\Run: [Dua] C:\WINDOWS\Ssj.exe
O4 - HKCU\..\Run: [Knl] C:\WINDOWS\SYSTEM\Gkq.exe
O4 - HKCU\..\Run: [Kdg] C:\WINDOWS\SYSTEM\Rtd.exe
O4 - HKCU\..\Run: [Foi] C:\WINDOWS\SYSTEM\Omu.exe
O4 - HKCU\..\Run: [Rfg] C:\WINDOWS\SYSTEM\Leq.exe
O4 - HKCU\..\Run: [Pcj] C:\WINDOWS\Ivc.exe
O4 - HKCU\..\Run: [Dve] C:\WINDOWS\SYSTEM\Hnp.exe
O4 - HKCU\..\Run: [Jap] C:\WINDOWS\SYSTEM\Kla.exe
O4 - HKCU\..\Run: [Ojk] C:\WINDOWS\Ken.exe
O4 - HKCU\..\Run: [Rvi] C:\WINDOWS\SYSTEM\Vvn.exe
O4 - HKCU\..\Run: [Dda] C:\WINDOWS\Jpk.exe
O4 - HKCU\..\Run: [Dtc] C:\WINDOWS\Ppc.exe
O4 - HKCU\..\Run: [Bof] C:\WINDOWS\SYSTEM\Jps.exe
O4 - HKCU\..\Run: [Ved] C:\WINDOWS\SYSTEM\Sdu.exe
O4 - HKCU\..\Run: [Qme] C:\WINDOWS\Fbj.exe
O4 - HKCU\..\Run: [Oga] C:\WINDOWS\Jiv.exe
O4 - HKCU\..\Run: [Npr] C:\WINDOWS\SYSTEM\Vmc.exe
O4 - HKCU\..\Run: [Ccs] C:\WINDOWS\SYSTEM\Aht.exe
O4 - HKCU\..\Run: [Aah] C:\WINDOWS\Ous.exe
O4 - HKCU\..\Run: [Kas] C:\WINDOWS\Jkl.exe
O4 - HKCU\..\Run: [Tbi] C:\WINDOWS\SYSTEM\Sop.exe
O4 - HKCU\..\Run: [Etl] C:\WINDOWS\Bqn.exe
O4 - HKCU\..\Run: [Noh] C:\WINDOWS\Rbi.exe
O4 - HKCU\..\Run: [Cqt] C:\WINDOWS\SYSTEM\Mtk.exe
O4 - HKCU\..\Run: [Dui] C:\WINDOWS\Pjt.exe
O4 - HKCU\..\Run: [Dcr] C:\WINDOWS\Lgu.exe
O4 - HKCU\..\Run: [Jnv] C:\WINDOWS\SYSTEM\Mbt.exe
O4 - HKCU\..\Run: [Itu] C:\WINDOWS\SYSTEM\Jgr.exe
O4 - HKCU\..\Run: [Inm] C:\WINDOWS\Kmu.exe
O4 - HKCU\..\Run: [Dif] C:\WINDOWS\SYSTEM\Svq.exe
O4 - HKCU\..\Run: [Pcb] C:\WINDOWS\SYSTEM\Tlp.exe
O4 - HKCU\..\Run: [Bsi] C:\WINDOWS\Niq.exe
O4 - HKCU\..\Run: [Tbf] C:\WINDOWS\SYSTEM\Fhg.exe
O4 - HKCU\..\Run: [Tmd] C:\WINDOWS\Jvi.exe
O4 - HKCU\..\Run: [Ojh] C:\WINDOWS\Uok.exe
O4 - HKCU\..\Run: [Tqd] C:\WINDOWS\Lkj.exe
O4 - HKCU\..\Run: [Roa] C:\WINDOWS\Sfj.exe
O4 - HKCU\..\Run: [Uto] C:\WINDOWS\SYSTEM\Sqh.exe
O4 - HKCU\..\Run: [Fcs] C:\WINDOWS\Ctp.exe
O4 - HKCU\..\Run: [Elt] C:\WINDOWS\Mls.exe
O4 - HKCU\..\Run: [Pvb] C:\WINDOWS\Tgo.exe
O4 - HKCU\..\Run: [Hjq] C:\WINDOWS\Etf.exe
O4 - HKCU\..\Run: [Atb] C:\WINDOWS\Qia.exe
O4 - HKCU\..\Run: [Vsc] C:\WINDOWS\SYSTEM\Srk.exe
O4 - HKCU\..\Run: [Fri] C:\WINDOWS\Bdi.exe
O4 - HKCU\..\Run: [Hgo] C:\WINDOWS\She.exe
O4 - HKCU\..\Run: [Bpc] C:\WINDOWS\Opd.exe
O4 - HKCU\..\Run: [Mno] C:\WINDOWS\Aun.exe
O4 - HKCU\..\Run: [Ton] C:\WINDOWS\Plu.exe
O4 - HKCU\..\Run: [Pra] C:\WINDOWS\SYSTEM\Ltc.exe
O4 - HKCU\..\Run: [Apb] C:\WINDOWS\Vaj.exe
O4 - HKCU\..\Run: [Bep] C:\WINDOWS\Gsi.exe
O4 - HKCU\..\Run: [Cia] C:\WINDOWS\Oaf.exe
O4 - HKCU\..\Run: [Rar] C:\WINDOWS\SYSTEM\Fkt.exe
O4 - HKCU\..\Run: [Iof] C:\WINDOWS\Pda.exe
O4 - HKCU\..\Run: [Ctt] C:\WINDOWS\SYSTEM\Bkn.exe
O4 - HKCU\..\Run: [Aku] C:\WINDOWS\Koe.exe
O4 - HKCU\..\Run: [Sdj] C:\WINDOWS\SYSTEM\Iui.exe
O4 - HKCU\..\Run: [Cgj] C:\WINDOWS\SYSTEM\Mav.exe
O4 - HKCU\..\Run: [Bsj] C:\WINDOWS\Tmd.exe
O4 - HKCU\..\Run: [Eef] C:\WINDOWS\Unj.exe
O4 - HKCU\..\Run: [Ojj] C:\WINDOWS\Lnq.exe
O4 - HKCU\..\Run: [Pgv] C:\WINDOWS\Fbm.exe
O4 - HKCU\..\Run: [Gtp] C:\WINDOWS\Nvk.exe
O4 - HKCU\..\Run: [Qip] C:\WINDOWS\SYSTEM\Tci.exe
O4 - HKCU\..\Run: [Tif] C:\WINDOWS\Mfb.exe
O4 - HKCU\..\Run: [Dgc] C:\WINDOWS\SYSTEM\Jqp.exe
O4 - HKCU\..\Run: [Sia] C:\WINDOWS\Ebg.exe
O4 - HKCU\..\Run: [Nlt] C:\WINDOWS\Vpt.exe
O4 - HKCU\..\Run: [Blb] C:\WINDOWS\Put.exe
O4 - HKCU\..\Run: [Qsg] C:\WINDOWS\SYSTEM\Saa.exe
O4 - HKCU\..\Run: [Bng] C:\WINDOWS\SYSTEM\Hcc.exe
O4 - HKCU\..\Run: [Tgb] C:\WINDOWS\Etb.exe
O4 - HKCU\..\Run: [Vpf] C:\WINDOWS\Dgh.exe
O4 - HKCU\..\Run: [Nln] C:\WINDOWS\SYSTEM\Ajh.exe
O4 - HKCU\..\Run: [Rth] C:\WINDOWS\Prj.exe
O4 - HKCU\..\Run: [Mjv] C:\WINDOWS\Fei.exe
O4 - HKCU\..\Run: [Vjh] C:\WINDOWS\SYSTEM\Kmh.exe
O4 - HKCU\..\Run: [Gtc] C:\WINDOWS\SYSTEM\Djn.exe
O4 - HKCU\..\Run: [Iht] C:\WINDOWS\SYSTEM\Tmn.exe
O4 - HKCU\..\Run: [Bvl] C:\WINDOWS\Gtj.exe
O4 - HKCU\..\Run: [Cve] C:\WINDOWS\SYSTEM\Pvn.exe
O4 - HKCU\..\Run: [Tao] C:\WINDOWS\Tlo.exe
O4 - HKCU\..\Run: [Moj] C:\WINDOWS\SYSTEM\Ngd.exe
O4 - HKCU\..\Run: [Csm] C:\WINDOWS\Ehg.exe
O4 - HKCU\..\Run: [Hrn] C:\WINDOWS\SYSTEM\Jkn.exe
O4 - HKCU\..\Run: [Bbs] C:\WINDOWS\SYSTEM\Lvn.exe
O4 - HKCU\..\Run: [Qnb] C:\WINDOWS\SYSTEM\Ncd.exe
O4 - HKCU\..\Run: [Tmq] C:\WINDOWS\SYSTEM\Utm.exe
O4 - HKCU\..\Run: [Jfq] C:\WINDOWS\Veh.exe
O4 - HKCU\..\Run: [Fbq] C:\WINDOWS\Egh.exe
O4 - HKCU\..\Run: [Cku] C:\WINDOWS\Mjn.exe
O4 - HKCU\..\Run: [Kng] C:\WINDOWS\SYSTEM\Gnk.exe
O4 - HKCU\..\Run: [Usg] C:\WINDOWS\Pto.exe
O4 - HKCU\..\Run: [Tqn] C:\WINDOWS\SYSTEM\Jpl.exe
O4 - HKCU\..\Run: [Qaq] C:\WINDOWS\SYSTEM\Pej.exe
O4 - HKCU\..\Run: [Brr] C:\WINDOWS\Src.exe
O4 - HKCU\..\Run: [Teu] C:\WINDOWS\Vhs.exe
O4 - HKCU\..\Run: [Utj] C:\WINDOWS\Gcs.exe
O4 - HKCU\..\Run: [Jaj] C:\WINDOWS\SYSTEM\Afb.exe
O4 - HKCU\..\Run: [Ish] C:\WINDOWS\Tth.exe
O4 - HKCU\..\Run: [Rnh] C:\WINDOWS\SYSTEM\Lpr.exe
O4 - HKCU\..\Run: [Dvn] C:\WINDOWS\Odv.exe
O4 - HKCU\..\Run: [Ffn] C:\WINDOWS\Lnb.exe
O4 - HKCU\..\Run: [Ast] C:\WINDOWS\SYSTEM\Hsp.exe
O4 - HKCU\..\Run: [Pbm] C:\WINDOWS\Trp.exe
O4 - HKCU\..\Run: [Qag] C:\WINDOWS\SYSTEM\Jnf.exe
O4 - HKCU\..\Run: [Gkn] C:\WINDOWS\Beq.exe
O4 - HKCU\..\Run: [Atm] C:\WINDOWS\Jgv.exe
O4 - HKCU\..\Run: [Gvr] C:\WINDOWS\Gid.exe
O4 - HKCU\..\Run: [Aqq] C:\WINDOWS\Lhr.exe
O4 - HKCU\..\Run: [Ljm] C:\WINDOWS\Vte.exe
O4 - HKCU\..\Run: [Vim] C:\WINDOWS\SYSTEM\Mql.exe
O4 - HKCU\..\Run: [Eas] C:\WINDOWS\Jtj.exe
O4 - HKCU\..\Run: [Ogs] C:\WINDOWS\Fun.exe
O4 - HKCU\..\Run: [Glv] C:\WINDOWS\Frv.exe
O4 - HKCU\..\Run: [Ngd] C:\WINDOWS\Qoi.exe
O4 - HKCU\..\Run: [Kap] C:\WINDOWS\Ijm.exe
O4 - HKCU\..\Run: [Iaq] C:\WINDOWS\Jac.exe
O4 - HKCU\..\Run: [Iag] C:\WINDOWS\Bni.exe
O4 - HKCU\..\Run: [Bfo] C:\WINDOWS\Msv.exe
O4 - HKCU\..\Run: [Ede] C:\WINDOWS\Vqm.exe
O4 - HKCU\..\Run: [Loj] C:\WINDOWS\SYSTEM\Asf.exe
O4 - HKCU\..\Run: [Jok] C:\WINDOWS\Iqr.exe
O4 - HKCU\..\Run: [Rms] C:\WINDOWS\Rda.exe
O4 - HKCU\..\Run: [Qgc] C:\WINDOWS\Mll.exe
O4 - HKCU\..\Run: [Gib] C:\WINDOWS\Qmh.exe
O4 - HKCU\..\Run: [Fim] C:\WINDOWS\Fjd.exe
O4 - HKCU\..\Run: [Dmr] C:\WINDOWS\SYSTEM\Tvc.exe
O4 - HKCU\..\Run: [Siu] C:\WINDOWS\SYSTEM\Ltb.exe
O4 - HKCU\..\Run: [Jke] C:\WINDOWS\SYSTEM\Jss.exe
O4 - HKCU\..\Run: [Dlp] C:\WINDOWS\SYSTEM\Sui.exe
O4 - HKCU\..\Run: [Ata] C:\WINDOWS\SYSTEM\Huh.exe
O4 - HKCU\..\Run: [Mmm] C:\WINDOWS\SYSTEM\Pgj.exe
O4 - HKCU\..\Run: [Frs] C:\WINDOWS\Ntm.exe
O4 - HKCU\..\Run: [Tdk] C:\WINDOWS\Bak.exe
O4 - HKCU\..\Run: [Nqk] C:\WINDOWS\SYSTEM\Pqh.exe
O4 - HKCU\..\Run: [Dbc] C:\WINDOWS\SYSTEM\Ulb.exe
O4 - HKCU\..\Run: [Egn] C:\WINDOWS\SYSTEM\Ejq.exe
O4 - HKCU\..\Run: [Gql] C:\WINDOWS\SYSTEM\Euh.exe
O4 - HKCU\..\Run: [Vvc] C:\WINDOWS\SYSTEM\Cvb.exe
O4 - HKCU\..\Run: [Hql] C:\WINDOWS\Gsr.exe
O4 - HKCU\..\Run: [Lpm] C:\WINDOWS\Tvb.exe
O4 - HKCU\..\Run: [Oic] C:\WINDOWS\SYSTEM\Hhb.exe
O4 - HKCU\..\Run: [Rnq] C:\WINDOWS\SYSTEM\Gcf.exe
O4 - HKCU\..\Run: [Ohi] C:\WINDOWS\SYSTEM\Ocu.exe
O4 - HKCU\..\Run: [Mdo] C:\WINDOWS\Cvs.exe
O4 - HKCU\..\Run: [Vha] C:\WINDOWS\SYSTEM\Gdp.exe
O4 - HKCU\..\Run: [Uti] C:\WINDOWS\SYSTEM\Upd.exe
O4 - HKCU\..\Run: [Eqj] C:\WINDOWS\SYSTEM\Nce.exe
O4 - HKCU\..\Run: [Lsb] C:\WINDOWS\Rci.exe
O4 - HKCU\..\Run: [Sch] C:\WINDOWS\Hio.exe
O4 - HKCU\..\Run: [Vrf] C:\WINDOWS\Eko.exe
O4 - HKCU\..\Run: [Avj] C:\WINDOWS\SYSTEM\Enn.exe
O4 - HKCU\..\Run: [Rgv] C:\WINDOWS\SYSTEM\Fun.exe
O4 - HKCU\..\Run: [Sfa] C:\WINDOWS\Shn.exe
O4 - HKCU\..\Run: [Oqc] C:\WINDOWS\SYSTEM\Dlf.exe
O4 - HKCU\..\Run: [Pum] C:\WINDOWS\Spd.exe
O4 - HKCU\..\Run: [Eao] C:\WINDOWS\Hge.exe
O4 - HKCU\..\Run: [Dqd] C:\WINDOWS\SYSTEM\Cuo.exe
O4 - HKCU\..\Run: [Cef] C:\WINDOWS\Ahd.exe
O4 - HKCU\..\Run: [Jvg] C:\WINDOWS\SYSTEM\Pqs.exe
O4 - HKCU\..\Run: [Bhr] C:\WINDOWS\Mdj.exe
O4 - HKCU\..\Run: [Egj] C:\WINDOWS\Dvj.exe
O4 - HKCU\..\Run: [Bkl] C:\WINDOWS\Pmj.exe
O4 - HKCU\..\Run: [Mcq] C:\WINDOWS\SYSTEM\Hfn.exe
O4 - HKCU\..\Run: [Ull] C:\WINDOWS\SYSTEM\Nkh.exe
O4 - HKCU\..\Run: [Jsh] C:\WINDOWS\SYSTEM\Dkc.exe
O4 - HKCU\..\Run: [Cvo] C:\WINDOWS\Tjn.exe
O4 - HKCU\..\Run: [Nlg] C:\WINDOWS\Oer.exe
O4 - HKCU\..\Run: [Dpc] C:\WINDOWS\SYSTEM\Rmd.exe
O4 - HKCU\..\Run: [Nbs] C:\WINDOWS\SYSTEM\Nag.exe
O4 - HKCU\..\Run: [Hmh] C:\WINDOWS\SYSTEM\Ris.exe
O4 - HKCU\..\Run: [Llf] C:\WINDOWS\Oan.exe
O4 - HKCU\..\Run: [Egh] C:\WINDOWS\Fvt.exe
O4 - HKCU\..\Run: [Mkr] C:\WINDOWS\SYSTEM\Jfs.exe
O4 - HKCU\..\Run: [Tln] C:\WINDOWS\SYSTEM\Rkg.exe
O4 - HKCU\..\Run: [Gbv] C:\WINDOWS\SYSTEM\Hpc.exe
O4 - HKCU\..\Run: [Big] C:\WINDOWS\SYSTEM\Kig.exe
O4 - HKCU\..\Run: [Rcl] C:\WINDOWS\Hdc.exe
O4 - HKCU\..\Run: [Sld] C:\WINDOWS\SYSTEM\Lot.exe
O4 - HKCU\..\Run: [Qqu] C:\WINDOWS\Pua.exe
O4 - HKCU\..\Run: [Lpo] C:\WINDOWS\Kbt.exe
O4 - HKCU\..\Run: [Luc] C:\WINDOWS\SYSTEM\Lts.exe
O4 - HKCU\..\Run: [Tba] C:\WINDOWS\SYSTEM\Ded.exe
O4 - HKCU\..\Run: [Vrv] C:\WINDOWS\Mck.exe
O4 - HKCU\..\Run: [Vtp] C:\WINDOWS\Mll.exe
O4 - HKCU\..\Run: [Uns] C:\WINDOWS\SYSTEM\Hut.exe
O4 - HKCU\..\Run: [Lnk] C:\WINDOWS\Lvv.exe
O4 - HKCU\..\Run: [Nhl] C:\WINDOWS\SYSTEM\Jcf.exe
O4 - HKCU\..\Run: [Rib] C:\WINDOWS\Dev.exe
O4 - HKCU\..\Run: [Keq] C:\WINDOWS\Kvm.exe
O4 - HKCU\..\Run: [Ecq] C:\WINDOWS\Hsr.exe
O4 - HKCU\..\Run: [Mrq] C:\WINDOWS\Gkd.exe
O4 - HKCU\..\Run: [Qjn] C:\WINDOWS\Ljb.exe
O4 - HKCU\..\Run: [Icj] C:\WINDOWS\Tpt.exe
O4 - HKCU\..\Run: [Jou] C:\WINDOWS\Bbh.exe
O4 - HKCU\..\Run: [Vfs] C:\WINDOWS\SYSTEM\Koa.exe
O4 - HKCU\..\Run: [Ver] C:\WINDOWS\SYSTEM\Cjm.exe
O4 - HKCU\..\Run: [Dkt] C:\WINDOWS\Cta.exe
O4 - HKCU\..\Run: [Uki] C:\WINDOWS\SYSTEM\Uii.exe
O4 - HKCU\..\Run: [Hbd] C:\WINDOWS\Saf.exe
O4 - HKCU\..\Run: [Qtl] C:\WINDOWS\Uec.exe
O4 - HKCU\..\Run: [Hra] C:\WINDOWS\SYSTEM\Edo.exe
O4 - HKCU\..\Run: [Hso] C:\WINDOWS\SYSTEM\Jpn.exe
O4 - HKCU\..\Run: [Cdu] C:\WINDOWS\Krv.exe
O4 - HKCU\..\Run: [Bps] C:\WINDOWS\Lqk.exe
O4 - HKCU\..\Run: [Qra] C:\WINDOWS\SYSTEM\Bjv.exe
O4 - HKCU\..\Run: [Cua] C:\WINDOWS\SYSTEM\Ebj.exe
O4 - HKCU\..\Run: [Ksb] C:\WINDOWS\Euv.exe
O4 - HKCU\..\Run: [Mdt] C:\WINDOWS\SYSTEM\Qlq.exe
O4 - HKCU\..\Run: [Cao] C:\WINDOWS\SYSTEM\Ivu.exe
O4 - HKCU\..\Run: [Ipb] C:\WINDOWS\SYSTEM\Bkt.exe
O4 - HKCU\..\Run: [Epj] C:\WINDOWS\SYSTEM\Gio.exe
O4 - HKCU\..\Run: [Mni] C:\WINDOWS\Vdk.exe
O4 - HKCU\..\Run: [Gto] C:\WINDOWS\Pdm.exe
O4 - HKCU\..\Run: [Mcn] C:\WINDOWS\SYSTEM\Hbu.exe
O4 - HKCU\..\Run: [Ikg] C:\WINDOWS\Uja.exe
O4 - HKCU\..\Run: [Lkr] C:\WINDOWS\Gas.exe
O4 - HKCU\..\Run: [Cav] C:\WINDOWS\Ect.exe
O4 - HKCU\..\Run: [Tdi] C:\WINDOWS\Vcp.exe
O4 - HKCU\..\Run: [Mhq] C:\WINDOWS\Uth.exe
O4 - HKCU\..\Run: [Csv] C:\WINDOWS\Fau.exe
O4 - HKCU\..\Run: [Iqc] C:\WINDOWS\SYSTEM\Kmf.exe
O4 - HKCU\..\Run: [Mjh] C:\WINDOWS\SYSTEM\Nob.exe
O4 - HKCU\..\Run: [Ara] C:\WINDOWS\SYSTEM\Rgd.exe
O4 - HKCU\..\Run: [Nci] C:\WINDOWS\SYSTEM\Buc.exe
O4 - HKCU\..\Run: [Anq] C:\WINDOWS\Ffj.exe
O4 - HKCU\..\Run: [Ksc] C:\WINDOWS\Qee.exe
O4 - HKCU\..\Run: [Kdm] C:\WINDOWS\SYSTEM\Isp.exe
O4 - HKCU\..\Run: [Cut] C:\WINDOWS\SYSTEM\Slb.exe
O4 - HKCU\..\Run: [Eja] C:\WINDOWS\SYSTEM\Drf.exe
O4 - HKCU\..\Run: [Abv] C:\WINDOWS\SYSTEM\Upt.exe
O4 - HKCU\..\Run: [Gdi] C:\WINDOWS\SYSTEM\Mel.exe
O4 - HKCU\..\Run: [Pdo] C:\WINDOWS\Npt.exe
O4 - HKCU\..\Run: [Agt] C:\WINDOWS\Qdq.exe
O4 - HKCU\..\Run: [Kcn] C:\WINDOWS\Dtg.exe
O4 - HKCU\..\Run: [Ria] C:\WINDOWS\Qao.exe
O4 - HKCU\..\Run: [Umg] C:\WINDOWS\SYSTEM\Pgs.exe
O4 - HKCU\..\Run: [Sme] C:\WINDOWS\Fai.exe
O4 - HKCU\..\Run: [Aia] C:\WINDOWS\SYSTEM\Jos.exe
O4 - HKCU\..\Run: [Rag] C:\WINDOWS\SYSTEM\Slj.exe
O4 - HKCU\..\Run: [Pts] C:\WINDOWS\Rsn.exe
O4 - HKCU\..\Run: [Ovg] C:\WINDOWS\SYSTEM\Gro.exe
O4 - HKCU\..\Run: [Jlt] C:\WINDOWS\SYSTEM\Kad.exe
O4 - HKCU\..\Run: [Krf] C:\WINDOWS\Rsi.exe
O4 - HKCU\..\Run: [Utd] C:\WINDOWS\Ksq.exe
O4 - HKCU\..\Run: [Bii] C:\WINDOWS\SYSTEM\Fqo.exe
O4 - HKCU\..\Run: [Dgd] C:\WINDOWS\SYSTEM\Mkk.exe
O4 - HKCU\..\Run: [Jrq] C:\WINDOWS\SYSTEM\Mme.exe
O4 - HKCU\..\Run: [Dgi] C:\WINDOWS\SYSTEM\Ulo.exe
O4 - HKCU\..\Run: [Dcm] C:\WINDOWS\Uqa.exe
O4 - HKCU\..\Run: [Vju] C:\WINDOWS\Klo.exe
O4 - HKCU\..\Run: [Blo] C:\WINDOWS\SYSTEM\Sbq.exe
O4 - HKCU\..\Run: [Man] C:\WINDOWS\Bac.exe
O4 - HKCU\..\Run: [Iti] C:\WINDOWS\SYSTEM\Arr.exe
O4 - HKCU\..\Run: [Omn] C:\WINDOWS\SYSTEM\Ref.exe
O4 - HKCU\..\Run: [Nmh] C:\WINDOWS\Cuv.exe
O4 - HKCU\..\Run: [Mim] C:\WINDOWS\Vhl.exe
O4 - HKCU\..\Run: [Ceg] C:\WINDOWS\Soq.exe
O4 - HKCU\..\Run: [Cor] C:\WINDOWS\Bka.exe
O4 - HKCU\..\Run: [Dvk] C:\WINDOWS\Ksq.exe
O4 - HKCU\..\Run: [Amv] C:\WINDOWS\Ili.exe
O4 - HKCU\..\Run: [Mtq] C:\WINDOWS\SYSTEM\Can.exe
O4 - HKCU\..\Run: [Aom] C:\WINDOWS\Jel.exe
O4 - HKCU\..\Run: [Rfb] C:\WINDOWS\Lko.exe
O4 - HKCU\..\Run: [Vdv] C:\WINDOWS\Jft.exe
O4 - HKCU\..\Run: [Rqc] C:\WINDOWS\SYSTEM\Tkm.exe
O4 - HKCU\..\Run: [Ejr] C:\WINDOWS\Fql.exe
O4 - HKCU\..\Run: [Ntl] C:\WINDOWS\Ccg.exe
O4 - HKCU\..\Run: [Gee] C:\WINDOWS\Rln.exe
O4 - HKCU\..\Run: [Lsl] C:\WINDOWS\Pap.exe
O4 - HKCU\..\Run: [Leg] C:\WINDOWS\Bls.exe
O4 - HKCU\..\Run: [Cdk] C:\WINDOWS\Duk.exe
O4 - HKCU\..\Run: [Nfv] C:\WINDOWS\Dil.exe
O4 - HKCU\..\Run: [Sqo] C:\WINDOWS\Bov.exe
O4 - HKCU\..\Run: [Rnd] C:\WINDOWS\SYSTEM\Qvd.exe
O4 - HKCU\..\Run: [Qja] C:\WINDOWS\SYSTEM\Ifv.exe
O4 - HKCU\..\Run: [Kqs] C:\WINDOWS\SYSTEM\Fko.exe
O4 - HKCU\..\Run: [Hgr] C:\WINDOWS\Vgp.exe
O4 - HKCU\..\Run: [Mjc] C:\WINDOWS\Akt.exe
O4 - HKCU\..\Run: [Bvb] C
Reply With Quote
  #2  
Old 25-03-05, 22:42
John_McKenna's Avatar
John_McKenna John_McKenna is offline
Global Moderator
 
Join Date: Jan 2004
Location: England
Posts: 8,153
Default Re: HijackThis log: another victim of top-search.u

Hi and welcome to Webuser. [img]/images/forums/icons/smile.gif[/img]

Are you sure this is your entire log? [img]/images/forums/icons/laugh.gif[/img]

Believe it or not, there appears to be some missing off the bottom.

Before posting a new log though, lets do some general cleaning up.

You have 2 subscription based anti-virus programs running at the moment. Are either of them currrent and up to date? If not, download AVG Free Edition from here.

Reboot your machine and download, install and scan with Spybot S&D as per the instructions here. Don't start the program yet. Update the trojan database by right clicking the link below and selecting 'save as' and save it to the directory where you installed TDS-3, overwriting the previous radius.td3.

<A target="_blank" HREF=http://www.diamondcs.com.au/tds/radius.td3>http://www.diamondcs.com.au/tds/radius.td3</A>


2.Reboot in safe mode and launch TDS-3. In the top bar of the TDS window click System Testing &gt; Full System Scan.

3. Detections will appear in the lower pane of the TDS window. When the scan has eventually finished, right click the lower pane and select 'save as txt' to save the 'scandump.txt'. Leaving the program open, copy and paste the contents of scandump.txt into your next reply.

4. After posting the scanlog, right click the lower TDS pane again and select 'delete' to remove everything labelled 'positive identification'.

5. Reboot the machine in Safe Mode again and run a full system scan with your anti-virus program. Copy & paste a summary of it's findings in your next reply if it detects anything.

6. Reboot in normal mode and post the TDS log, virus scan summary and fresh HijackThis log so we can tackle what's left.


<hr width=100% size=1><font size=1>
<font color=blue>PLEASE DON'T SEND ME YOUR HIJACKTHIS LOG OR HELP REQUESTS VIA PM. PLEASE POST THEM ON THE FORUM</font color=blue>
| <A target="_blank" HREF=http://www.bleepingcomputer.com/forums/index.php?showtutorial=43>Spybot Tutorial | | <A target="_blank" HREF=http://housecall.trendmicro.com/>TrendMicro Scan | | <A target="_blank" HREF=http://www.kaspersky.com/scanforvirus>Kaspersky File Scanner | | <A target="_blank" HREF=http://v4.windowsupdate.microsoft.com/>Windows Updates | Sygate | <A target="_blank" HREF=http://www.javacoolsoftware.com/sbdownload.html>Spywareblaster</A>
</font size=1>
Reply With Quote
  #3  
Old 07-04-05, 02:30
thelauderdale thelauderdale is offline
Newbie
 
Join Date: Mar 2005
Posts: 8
Default Re: HijackThis log: another victim of top-search.u

Hi, John. Yes, I'm still alive and have been implementing your instructions in installments over the past week. I'm currently bogged down somewhere in the middle of TDS Anti-Trojan Step 4. Is there any way I can simply select and delete the lot at a single go? Deleting each 'positive identification' individually could take me the rest of my life. (Somebody's life, at any rate.) See scandump.txt below...if it all shows up. It is some 50 pages long in Word....

Scan Control Dumped @ 09:51:21 06-04-05
RegVal Trace: RAT.Skydance: HKEY_LOCAL_MACHINE
File: SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Skd=C:\WINDOWS\Gmi.exe]

RegVal Trace: Worm.Sonic: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [GDI=C:\WINDOWS\SYSTEM\Mel.exe]

RegVal Trace: Worm.Legion: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [VBE=C:\WINDOWS\Fat.exe]

RegVal Trace: Spy.Stealth Eye: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [cam=C:\WINDOWS\Elv.exe]

RegVal Trace: RAT.Breath Of Death: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Ice=C:\WINDOWS\SYSTEM\Ihq.exe]

RegVal Trace: RAT.Cab Of Filth: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [COF=C:\WINDOWS\Rbk.exe]

RegVal Trace: PSW.Tarno please submit: HKEY_CURRENT_USER
File: Software\Microsoft\Windows\CurrentVersion\Run [hen=C:\WINDOWS\SYSTEM\Ljo.exe]

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\soft.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jlk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kus.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cpn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bdg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\flq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ani.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hne.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\agf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vgu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fsc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rmp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ujp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\upr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ivt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ngm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hcs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mhs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ueu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ccn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\edg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lqq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pof.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uio.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gsh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ffc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rbk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\aou.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\abc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fta.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ssa.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ago.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ttb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\opv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rvu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hag.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dlb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kbg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jgm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vep.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bgr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\phe.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bsi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\akd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lmv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rnh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\haj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pgf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\saf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hbi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\brh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jmf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hcm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ijq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jpp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tti.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oia.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nic.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oib.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pus.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kuq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pqu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vue.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gsl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pcu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fvd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kao.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lhr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oem.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fhp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ikt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bav.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nnu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gbh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vdp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pgb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fsg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mja.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bgn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\iba.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gec.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\toi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mjp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\psl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\aqk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vij.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\onl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bld.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\udd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bli.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fir.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mro.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\khs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vfg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ftk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rre.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\req.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tsr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ioc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lrp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rmo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pjb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cqi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\idi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\clt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qji.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\psm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ssj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ivc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ken.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jpk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ppc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fbj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ous.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jkl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bqn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rbi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qkh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lgu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kmu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\niq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jvi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uok.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lkj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\sfj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mls.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tgo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\etf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qia.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hsf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bdi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\she.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\opd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\aun.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\plu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vaj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gsi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oaf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pda.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\koe.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fct.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\unj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lnq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fbm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nvk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mfb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ebg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jjb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\put.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\etb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dgh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\prj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fei.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ldk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gtj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tlo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ehg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\veh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\egh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mjn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pto.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\src.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vhs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\snd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tth.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ctp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lnb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\beq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jgv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gid.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vte.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jtj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fun.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mfs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qoi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ijm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jac.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hlc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bni.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\msv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vqm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\iqr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rda.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mll.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tmd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qmh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fjd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ntm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bak.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\frv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pqf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bdr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tvb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cvs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kta.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rci.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hio.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\eko.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\shn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\spd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hge.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vlc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mdj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dvj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pmj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pjt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tjn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oer.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oan.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fvt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hdc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pua.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kbt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mck.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lvv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dev.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hsr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nkd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ljb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tpt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bbh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cta.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uec.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\krv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lqk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\euv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vdk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ahd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pdm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uja.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gas.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ect.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vcp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uth.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fau.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ffj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qee.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\npt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qdq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dtg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qao.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fai.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rsn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rsi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ksq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uqa.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bac.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cuv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vhl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\soq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bka.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mat.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ili.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jel.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lko.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jft.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fql.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ccg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ugt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rln.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pap.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bls.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\duk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dil.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bov.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vgp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\akt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\iss.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gkd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tco.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ldd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lvj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uoo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cem.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hhi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nke.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rit.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bjf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vcg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qnl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\klo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\git.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\seh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vjk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ihi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\buf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\aro.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oal.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cjs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dqj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rtd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\eeh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\spk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fds.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uuk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\utn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gnm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bmu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ecj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hai.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uqr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gcs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uqt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lqr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\elv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\odv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vkq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fub.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fjr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tqc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\sdc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tel.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\roo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tnb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dqp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hog.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vkk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oef.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lvs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jpi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\msj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hpg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\trp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dls.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jon.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gum.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vpt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vbp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\eve.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jro.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fut.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vuk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dtt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\aln.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\shp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kvm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jiv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gbg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\atl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pis.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ult.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hri.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kan.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tmb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ueh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ior.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ktq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\orr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rel.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kom.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dpf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pro.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ttv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cnn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lcf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mnn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dak.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rfs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gsr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ndk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bki.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\iju.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tim.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mmt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pet.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kkp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\isu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pha.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ulj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ual.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fps.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uqk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ooi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ple.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dnv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\eke.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\iet.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gjf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jtg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pai.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cvl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\sqe.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ram.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nbe.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\iee.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vjn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lic.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qos.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\krb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cai.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bpo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lgj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hcd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kem.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ksl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fio.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\khh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rhj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tcv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bdf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jsb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\der.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mlp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mna.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fte.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qlr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\anu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qnr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jeu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ggr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\adi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nfo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\enc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hfm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\odr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\juc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gft.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ngu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nuq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\aje.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\odi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kap.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mnb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lfi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dqc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mhl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dal.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bnq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\osu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ira.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rok.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\abu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kbs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\svi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\avr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\doa.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dos.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ieq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nsj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hhg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bgg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fos.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\juq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hca.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vmp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\emm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lvu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mvp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hkn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rfl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uan.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\olr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kgd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ark.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ttk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vol.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\goq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\iug.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gqk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\evl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vbe.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pqv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cbq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jmd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nml.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qcr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ubq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qer.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nqf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jrp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fgb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hrt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\huv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dkc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gds.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vsk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rji.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uco.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oun.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kaf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qbk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mcn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rsg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\aga.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cpu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hjj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qke.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\teo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fat.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\urc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hpi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nqj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pnr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nje.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\era.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bqh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\isg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\aqg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qsu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tef.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dnq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\sgn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hou.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\blo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tec.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vqk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mlk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gkj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vlb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tui.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ltl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rpk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vqv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rrg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qra.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\avo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pbg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qnt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\puv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\iha.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dem.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cog.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qgi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kfp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fth.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tqe.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hbh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kue.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ere.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qjo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rni.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oqf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hpm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dfr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tgg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dbr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gkh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mgq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\reu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ibk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ige.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vgj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jla.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jsd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bml.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tek.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gdc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ecp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vub.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\eno.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qek.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rkr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jfv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pbt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oga.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hgb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vkg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vgq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ala.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bgh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ijt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fdp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\non.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\aov.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uit.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vvf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mms.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kvt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\klg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lpj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hfp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ohk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\iof.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ego.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cjq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kam.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ubv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oni.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\sts.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\unc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\odn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\neu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\scp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\sui.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lss.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vgi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tjt.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\uil.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rvr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nol.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fqe.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jfn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cdi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qgo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jov.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ppk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mpu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mre.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\boq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dsk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pht.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nqa.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bir.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gcr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jes.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gjq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nju.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pvs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jdq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\kmh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lal.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\geh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ann.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dii.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\keb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vko.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rpf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bfi.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cvk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dgp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\enn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mtf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tjk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gvj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ung.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\amd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jrs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\sbb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ama.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dsm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hie.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\sqd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oap.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cgb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tne.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\knp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\sje.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fpj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\psn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ffv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lve.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\okl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bic.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\msc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\grr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fus.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\jru.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lfa.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\npk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bnr.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\adl.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ipk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oco.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vro.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\opa.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ben.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\adm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\usd.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\bad.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tke.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oed.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cap.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ubm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dta.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\eqs.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\dpa.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\oep.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\nuo.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hff.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lno.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\aat.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lpp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\las.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\eim.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hji.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\umj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mqm.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qkg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\gtb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ntp.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\cqc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\til.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hht.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\hac.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\sgf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\qsk.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\skg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\pnn.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ftc.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lag.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\icb.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\lpf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\vvv.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fhf.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rpq.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\fuh.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\mdg.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tsj.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rps.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\sqa.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\tiu.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\rep.exe

Positive identification: TrojanClicker.Win32.Spywad.a
File: c:\windows\ecs.exe

Positive identification: TrojanClicker.Win32.Spywad.a<b
Reply With Quote
  #4  
Old 07-04-05, 11:37
John_McKenna's Avatar
John_McKenna John_McKenna is offline
Global Moderator
 
Join Date: Jan 2004
Location: England
Posts: 8,153
Default Re: HijackThis log: another victim of top-search.u

You have one of the most infected machines I've seen in a long time. I'm afraid there's no easy way around cleaning it. As for the TDS positive identification removals, I'll be honest, I don't remember. My free trial period ran out over a year ago. You may have to individually remove all of them. I'll see if I can find the answer from TDS themselves. In the mean time, keep deleting !!

<hr width=100% size=1><font size=1>
<font color=blue>PLEASE DON'T SEND ME YOUR HIJACKTHIS LOG OR HELP REQUESTS VIA PM. PLEASE POST THEM ON THE FORUM</font color=blue>
| <A target="_blank" HREF=http://www.bleepingcomputer.com/forums/index.php?showtutorial=43>Spybot Tutorial | | <A target="_blank" HREF=http://housecall.trendmicro.com/>TrendMicro Scan | | <A target="_blank" HREF=http://www.kaspersky.com/scanforvirus>Kaspersky File Scanner | | <A target="_blank" HREF=http://v4.windowsupdate.microsoft.com/>Windows Updates | Sygate | <A target="_blank" HREF=http://www.javacoolsoftware.com/sbdownload.html>Spywareblaster</A>
</font size=1>
Reply With Quote
  #5  
Old 11-04-05, 03:00
thelauderdale thelauderdale is offline
Newbie
 
Join Date: Mar 2005
Posts: 8
Default Re: HijackThis log: another victim of top-search.u

It took several hours and two CDs of Edith Piaf, but I finally deleted all the "positive" TDS entries. These are all that are left: they don't show as positive but they seem to be launching the others - how do I get rid them?

Scan Control Dumped @ 09:51:21 06-04-05
RegVal Trace: RAT.Skydance: HKEY_LOCAL_MACHINE
File: SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Skd=C:\WINDOWS\Gmi.exe]

RegVal Trace: Worm.Sonic: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [GDI=C:\WINDOWS\SYSTEM\Mel.exe]

RegVal Trace: Worm.Legion: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [VBE=C:\WINDOWS\Fat.exe]

RegVal Trace: Spy.Stealth Eye: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [cam=C:\WINDOWS\Elv.exe]

RegVal Trace: RAT.Breath Of Death: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Ice=C:\WINDOWS\SYSTEM\Ihq.exe]

RegVal Trace: RAT.Cab Of Filth: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [COF=C:\WINDOWS\Rbk.exe]

RegVal Trace: PSW.Tarno please submit: HKEY_CURRENT_USER
File: Software\Microsoft\Windows\CurrentVersion\Run [hen=C:\WINDOWS\SYSTEM\Ljo.exe]


Also, here is my current HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:48:05 PM, on 4/10/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\WINDOWS\SYSTEM\KOO.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\COMPUTER PROTECTION\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\FREXT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.top-search.us/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.top-search.us/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top-search.us/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.top-search.us/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.top-search.us/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top-search.us/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.top-search.us/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.top-search.us/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.top-search.us/index.html
F1 - win.ini: run=hpfsched
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\COMPUT~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\SYSTEM\MSPXS32.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE"
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [Ehr] C:\WINDOWS\SYSTEM\Fcb.exe
O4 - HKLM\..\Run: [Win32 Time Zone] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKLM\..\Run: [Ftf] C:\WINDOWS\SYSTEM\Lkd.exe
O4 - HKLM\..\Run: [Vvf] C:\WINDOWS\SYSTEM\Jlv.exe
O4 - HKLM\..\Run: [Cuq] C:\WINDOWS\Kus.exe
O4 - HKLM\..\Run: [Khb] C:\WINDOWS\Cpn.exe
O4 - HKLM\..\Run: [Qki] C:\WINDOWS\SYSTEM\Cli.exe
O4 - HKLM\..\Run: [Tcr] C:\WINDOWS\Bdg.exe
O4 - HKLM\..\Run: [Scc] C:\WINDOWS\Hlc.exe
O4 - HKLM\..\Run: [Jad] C:\WINDOWS\Lcf.exe
O4 - HKLM\..\Run: [Olk] C:\WINDOWS\Jnb.exe
O4 - HKLM\..\Run: [Efe] C:\WINDOWS\SYSTEM\Oqg.exe
O4 - HKLM\..\Run: [Crf] C:\WINDOWS\Flq.exe
O4 - HKLM\..\Run: [Eso] C:\WINDOWS\SYSTEM\Ejh.exe
O4 - HKLM\..\Run: [Khl] C:\WINDOWS\Ani.exe
O4 - HKLM\..\Run: [Cga] C:\WINDOWS\SYSTEM\Frf.exe
O4 - HKLM\..\Run: [Job] C:\WINDOWS\Hne.exe
O4 - HKLM\..\Run: [Vjs] C:\WINDOWS\SYSTEM\Fnb.exe
O4 - HKLM\..\Run: [Set] C:\WINDOWS\SYSTEM\Elm.exe
O4 - HKLM\..\Run: [Ihl] C:\WINDOWS\SYSTEM\Vms.exe
O4 - HKLM\..\Run: [Nco] C:\WINDOWS\SYSTEM\Jop.exe
O4 - HKLM\..\Run: [Rou] C:\WINDOWS\Agf.exe
O4 - HKLM\..\Run: [Mgj] C:\WINDOWS\SYSTEM\Rrv.exe
O4 - HKLM\..\Run: [Okl] C:\WINDOWS\SYSTEM\Qhd.exe
O4 - HKLM\..\Run: [Fdr] C:\WINDOWS\Vgu.exe
O4 - HKLM\..\Run: [Rfj] C:\WINDOWS\SYSTEM\Eed.exe
O4 - HKLM\..\Run: [Rrs] C:\WINDOWS\Fsc.exe
O4 - HKLM\..\Run: [Nqu] C:\WINDOWS\SYSTEM\Rga.exe
O4 - HKLM\..\Run: [Jrc] C:\WINDOWS\Rmp.exe
O4 - HKLM\..\Run: [Muo] C:\WINDOWS\Ujp.exe
O4 - HKLM\..\Run: [Mps] C:\WINDOWS\SYSTEM\Bir.exe
O4 - HKLM\..\Run: [Irs] C:\WINDOWS\SYSTEM\Fem.exe
O4 - HKLM\..\Run: [Nrj] C:\WINDOWS\SYSTEM\Kig.exe
O4 - HKLM\..\Run: [Rst] C:\WINDOWS\Upr.exe
O4 - HKLM\..\Run: [Vuu] C:\WINDOWS\SYSTEM\Lnf.exe
O4 - HKLM\..\Run: [Mrb] C:\WINDOWS\SYSTEM\Ins.exe
O4 - HKLM\..\Run: [Crb] C:\WINDOWS\Ivt.exe
O4 - HKLM\..\Run: [Ltf] C:\WINDOWS\SYSTEM\Usk.exe
O4 - HKLM\..\Run: [Gis] C:\WINDOWS\SYSTEM\Rml.exe
O4 - HKLM\..\Run: [Pto] C:\WINDOWS\SYSTEM\Brc.exe
O4 - HKLM\..\Run: [Rrd] C:\WINDOWS\Ngm.exe
O4 - HKLM\..\Run: [Kmm] C:\WINDOWS\Hcs.exe
O4 - HKLM\..\Run: [Mtr] C:\WINDOWS\SYSTEM\Pke.exe
O4 - HKLM\..\Run: [Mpe] C:\WINDOWS\SYSTEM\Bdo.exe
O4 - HKLM\..\Run: [Qbb] C:\WINDOWS\SYSTEM\Eqg.exe
O4 - HKLM\..\Run: [Dph] C:\WINDOWS\Mhs.exe
O4 - HKLM\..\Run: [Nlu] C:\WINDOWS\SYSTEM\Qjf.exe
O4 - HKLM\..\Run: [Ibe] C:\WINDOWS\Ueu.exe
O4 - HKLM\..\Run: [Rcf] C:\WINDOWS\SYSTEM\Qvo.exe
O4 - HKLM\..\Run: [Upq] C:\WINDOWS\SYSTEM\Pqb.exe
O4 - HKLM\..\Run: [Nvg] C:\WINDOWS\Ccn.exe
O4 - HKLM\..\Run: [Pmc] C:\WINDOWS\Edg.exe
O4 - HKLM\..\Run: [Ltv] C:\WINDOWS\Lqq.exe
O4 - HKLM\..\Run: [Urr] C:\WINDOWS\SYSTEM\Qmg.exe
O4 - HKLM\..\Run: [Tga] C:\WINDOWS\SYSTEM\Usb.exe
O4 - HKLM\..\Run: [Utt] C:\WINDOWS\Pof.exe
O4 - HKLM\..\Run: [Sim] C:\WINDOWS\Uio.exe
O4 - HKLM\..\Run: [Esg] C:\WINDOWS\Gsh.exe
O4 - HKLM\..\Run: [Ihb] C:\WINDOWS\Ffc.exe
O4 - HKLM\..\Run: [Cof] C:\WINDOWS\Rbk.exe
O4 - HKLM\..\Run: [Hlg] C:\WINDOWS\Aou.exe
O4 - HKLM\..\Run: [Ome] C:\WINDOWS\SYSTEM\Mmn.exe
O4 - HKLM\..\Run: [Lcv] C:\WINDOWS\Abc.exe
O4 - HKLM\..\Run: [Cbf] C:\WINDOWS\Fta.exe
O4 - HKLM\..\Run: [Cbh] C:\WINDOWS\SYSTEM\Jhk.exe
O4 - HKLM\..\Run: [Hhm] C:\WINDOWS\SYSTEM\Dai.exe
O4 - HKLM\..\Run: [Pbl] C:\WINDOWS\Shp.exe
O4 - HKLM\..\Run: [Bmt] C:\WINDOWS\Ago.exe
O4 - HKLM\..\Run: [Lik] C:\WINDOWS\Ttb.exe
O4 - HKLM\..\Run: [Ntt] C:\WINDOWS\Opv.exe
O4 - HKLM\..\Run: [Pim] C:\WINDOWS\Rvu.exe
O4 - HKLM\..\Run: [Klk] C:\WINDOWS\SYSTEM\Qoh.exe
O4 - HKLM\..\Run: [Jka] C:\WINDOWS\SYSTEM\Lic.exe
O4 - HKLM\..\Run: [Hfv] C:\WINDOWS\Tef.exe
O4 - HKLM\..\Run: [Efg] C:\WINDOWS\Hag.exe
O4 - HKLM\..\Run: [Ivs] C:\WINDOWS\Dlb.exe
O4 - HKLM\..\Run: [Aqu] C:\WINDOWS\SYSTEM\Ida.exe
O4 - HKLM\..\Run: [Jrp] C:\WINDOWS\SYSTEM\Ucc.exe
O4 - HKLM\..\Run: [Fts] C:\WINDOWS\Kbg.exe
O4 - HKLM\..\Run: [Bll] C:\WINDOWS\SYSTEM\Vkb.exe
O4 - HKLM\..\Run: [Clt] C:\WINDOWS\SYSTEM\Agq.exe
O4 - HKLM\..\Run: [Fcb] C:\WINDOWS\SYSTEM\Cbt.exe
O4 - HKLM\..\Run: [Djt] C:\WINDOWS\Jgm.exe
O4 - HKLM\..\Run: [Pdm] C:\WINDOWS\SYSTEM\Shd.exe
O4 - HKLM\..\Run: [Mvb] C:\WINDOWS\SYSTEM\Ojg.exe
O4 - HKLM\..\Run: [Ift] C:\WINDOWS\Bgr.exe
O4 - HKLM\..\Run: [Nbb] C:\WINDOWS\Hsf.exe
O4 - HKLM\..\Run: [Qcc] C:\WINDOWS\SYSTEM\Prk.exe
O4 - HKLM\..\Run: [Vpm] C:\WINDOWS\Phe.exe
O4 - HKLM\..\Run: [Vmd] C:\WINDOWS\Bsi.exe
O4 - HKLM\..\Run: [Cpf] C:\WINDOWS\SYSTEM\Oes.exe
O4 - HKLM\..\Run: [Keo] C:\WINDOWS\SYSTEM\Oos.exe
O4 - HKLM\..\Run: [Kps] C:\WINDOWS\Akd.exe
O4 - HKLM\..\Run: [Gul] C:\WINDOWS\SYSTEM\Fvv.exe
O4 - HKLM\..\Run: [Vod] C:\WINDOWS\SYSTEM\Smd.exe
O4 - HKLM\..\Run: [Hoj] C:\WINDOWS\SYSTEM\Emi.exe
O4 - HKLM\..\Run: [Ftv] C:\WINDOWS\Lmv.exe
O4 - HKLM\..\Run: [Dmo] C:\WINDOWS\Fbd.exe
O4 - HKLM\..\Run: [Vqn] C:\WINDOWS\Haj.exe
O4 - HKLM\..\Run: [Ghr] C:\WINDOWS\Pgf.exe
O4 - HKLM\..\Run: [Dpg] C:\WINDOWS\SYSTEM\Iqt.exe
O4 - HKLM\..\Run: [Hab] C:\WINDOWS\Saf.exe
O4 - HKLM\..\Run: [Mua] C:\WINDOWS\Hbi.exe
O4 - HKLM\..\Run: [Cqj] C:\WINDOWS\Brh.exe
O4 - HKLM\..\Run: [Cue] C:\WINDOWS\Jmf.exe
O4 - HKLM\..\Run: [Ecm] C:\WINDOWS\SYSTEM\Gfv.exe
O4 - HKLM\..\Run: [Tvg] C:\WINDOWS\Bav.exe
O4 - HKLM\..\Run: [Fhe] C:\WINDOWS\Ijq.exe
O4 - HKLM\..\Run: [Ejq] C:\WINDOWS\SYSTEM\Bsf.exe
O4 - HKLM\..\Run: [Dsa] C:\WINDOWS\SYSTEM\Uqh.exe
O4 - HKLM\..\Run: [Gfe] C:\WINDOWS\Jpp.exe
O4 - HKLM\..\Run: [Iik] C:\WINDOWS\Tti.exe
O4 - HKLM\..\Run: [Mcs] C:\WINDOWS\SYSTEM\Dbv.exe
O4 - HKLM\..\Run: [Dmu] C:\WINDOWS\SYSTEM\Rgs.exe
O4 - HKLM\..\Run: [Lie] C:\WINDOWS\Oia.exe
O4 - HKLM\..\Run: [Tsl] C:\WINDOWS\Nic.exe
O4 - HKLM\..\Run: [Dam] C:\WINDOWS\Oib.exe
O4 - HKLM\..\Run: [Unl] C:\WINDOWS\Jro.exe
O4 - HKLM\..\Run: [Kbh] C:\WINDOWS\Pus.exe
O4 - HKLM\..\Run: [Eji] C:\WINDOWS\Aln.exe
O4 - HKLM\..\Run: [Iok] C:\WINDOWS\Kuq.exe
O4 - HKLM\..\Run: [Kbs] C:\WINDOWS\SYSTEM\Bjf.exe
O4 - HKLM\..\Run: [Dfi] C:\WINDOWS\SYSTEM\Mec.exe
O4 - HKLM\..\Run: [Sag] C:\WINDOWS\SYSTEM\Hfk.exe
O4 - HKLM\..\Run: [Ooa] C:\WINDOWS\SYSTEM\Dse.exe
O4 - HKLM\..\Run: [Acn] C:\WINDOWS\Pqu.exe
O4 - HKLM\..\Run: [Kqh] C:\WINDOWS\SYSTEM\Svg.exe
O4 - HKLM\..\Run: [Ppr] C:\WINDOWS\SYSTEM\Ddu.exe
O4 - HKLM\..\Run: [Fcp] C:\WINDOWS\Vue.exe
O4 - HKLM\..\Run: [Bct] C:\WINDOWS\Gsl.exe
O4 - HKLM\..\Run: [Ics] C:\WINDOWS\SYSTEM\Qij.exe
O4 - HKLM\..\Run: [Tin] C:\WINDOWS\Fvd.exe
O4 - HKLM\..\Run: [Ela] C:\WINDOWS\SYSTEM\Lho.exe
O4 - HKLM\..\Run: [Qhg] C:\WINDOWS\Kao.exe
O4 - HKLM\..\Run: [Bns] C:\WINDOWS\Lhr.exe
O4 - HKLM\..\Run: [Cbn] C:\WINDOWS\SYSTEM\Rup.exe
O4 - HKLM\..\Run: [Mlr] C:\WINDOWS\SYSTEM\Jrj.exe
O4 - HKLM\..\Run: [Odp] C:\WINDOWS\SYSTEM\Inn.exe
O4 - HKLM\..\Run: [Hce] C:\WINDOWS\SYSTEM\Tgs.exe
O4 - HKLM\..\Run: [Nqp] C:\WINDOWS\SYSTEM\Rpb.exe
O4 - HKLM\..\Run: [Ads] C:\WINDOWS\SYSTEM\Ubi.exe
O4 - HKLM\..\Run: [Hvn] C:\WINDOWS\Oem.exe
O4 - HKLM\..\Run: [Pah] C:\WINDOWS\SYSTEM\Scc.exe
O4 - HKLM\..\Run: [Mlk] C:\WINDOWS\Fhp.exe
O4 - HKLM\..\Run: [Nsd] C:\WINDOWS\Ikt.exe
O4 - HKLM\..\Run: [Daq] C:\WINDOWS\Nnu.exe
O4 - HKLM\..\Run: [Hse] C:\WINDOWS\SYSTEM\Vta.exe
O4 - HKLM\..\Run: [Fcg] C:\WINDOWS\SYSTEM\Mud.exe
O4 - HKLM\..\Run: [Fil] C:\WINDOWS\Gbh.exe
O4 - HKLM\..\Run: [Rnb] C:\WINDOWS\SYSTEM\Okf.exe
O4 - HKLM\..\Run: [Cbv] C:\WINDOWS\SYSTEM\Ngb.exe
O4 - HKLM\..\Run: [Upi] C:\WINDOWS\SYSTEM\Snh.exe
O4 - HKLM\..\Run: [Tlq] C:\WINDOWS\SYSTEM\Nvq.exe
O4 - HKLM\..\Run: [Kaq] C:\WINDOWS\SYSTEM\Tcc.exe
O4 - HKLM\..\Run: [Duc] C:\WINDOWS\SYSTEM\Nkn.exe
O4 - HKLM\..\Run: [Lhp] C:\WINDOWS\SYSTEM\Joi.exe
O4 - HKLM\..\Run: [Han] C:\WINDOWS\Pgb.exe
O4 - HKLM\..\Run: [Dkh] C:\WINDOWS\Fsg.exe
O4 - HKLM\..\Run: [Isl] C:\WINDOWS\SYSTEM\Nfd.exe
O4 - HKLM\..\Run: [Anu] C:\WINDOWS\Mja.exe
O4 - HKLM\..\Run: [Jdn] C:\WINDOWS\Bgn.exe
O4 - HKLM\..\Run: [Knf] C:\WINDOWS\Iba.exe
O4 - HKLM\..\Run: [Bjp] C:\WINDOWS\Gec.exe
O4 - HKLM\..\Run: [Kvd] C:\WINDOWS\Toi.exe
O4 - HKLM\..\Run: [Bor] C:\WINDOWS\SYSTEM\Hhh.exe
O4 - HKLM\..\Run: [Fgv] C:\WINDOWS\SYSTEM\Mvl.exe
O4 - HKLM\..\Run: [Rhs] C:\WINDOWS\SYSTEM\Tih.exe
O4 - HKLM\..\Run: [Fmg] C:\WINDOWS\SYSTEM\Kto.exe
O4 - HKLM\..\Run: [Aab] C:\WINDOWS\Psl.exe
O4 - HKLM\..\Run: [Fsd] C:\WINDOWS\Aqk.exe
O4 - HKLM\..\Run: [Cjb] C:\WINDOWS\SYSTEM\Jtg.exe
O4 - HKLM\..\Run: [Keh] C:\WINDOWS\Vij.exe
O4 - HKLM\..\Run: [Uhl] C:\WINDOWS\Onl.exe
O4 - HKLM\..\Run: [Mlc] C:\WINDOWS\SYSTEM\Osa.exe
O4 - HKLM\..\Run: [Rgq] C:\WINDOWS\Bld.exe
O4 - HKLM\..\Run: [Ocs] C:\WINDOWS\SYSTEM\Ket.exe
O4 - HKLM\..\Run: [Rji] C:\WINDOWS\Udd.exe
O4 - HKLM\..\Run: [Mtc] C:\WINDOWS\Bli.exe
O4 - HKLM\..\Run: [Rba] C:\WINDOWS\Fir.exe
O4 - HKLM\..\Run: [Phg] C:\WINDOWS\SYSTEM\Rdg.exe
O4 - HKLM\..\Run: [Ctv] C:\WINDOWS\Mro.exe
O4 - HKLM\..\Run: [Dha] C:\WINDOWS\SYSTEM\Hno.exe
O4 - HKLM\..\Run: [Ubl] C:\WINDOWS\SYSTEM\Gdo.exe
O4 - HKLM\..\Run: [Tag] C:\WINDOWS\SYSTEM\Skr.exe
O4 - HKLM\..\Run: [Upu] C:\WINDOWS\Khs.exe
O4 - HKLM\..\Run: [Fhf] C:\WINDOWS\SYSTEM\Clq.exe
O4 - HKLM\..\Run: [Ocd] C:\WINDOWS\SYSTEM\Iba.exe
O4 - HKLM\..\Run: [Pia] C:\WINDOWS\SYSTEM\Raq.exe
O4 - HKLM\..\Run: [Dse] C:\WINDOWS\Vfg.exe
O4 - HKLM\..\Run: [Hpg] C:\WINDOWS\Ftk.exe
O4 - HKLM\..\Run: [Rpl] C:\WINDOWS\SYSTEM\Tqv.exe
O4 - HKLM\..\Run: [Gkl] C:\WINDOWS\Req.exe
O4 - HKLM\..\Run: [Ofa] C:\WINDOWS\SYSTEM\Qdb.exe
O4 - HKLM\..\Run: [Era] C:\WINDOWS\Lgj.exe
O4 - HKLM\..\Run: [Bdi] C:\WINDOWS\Kta.exe
O4 - HKLM\..\Run: [Jdb] C:\WINDOWS\SYSTEM\Tui.exe
O4 - HKLM\..\Run: [Aph] C:\WINDOWS\Ioc.exe
O4 - HKLM\..\Run: [Ubm] C:\WINDOWS\Lrp.exe
O4 - HKLM\..\Run: [Ois] C:\WINDOWS\SYSTEM\Oko.exe
O4 - HKLM\..\Run: [Jrd] C:\WINDOWS\SYSTEM\Htr.exe
O4 - HKLM\..\Run: [Gdl] C:\WINDOWS\SYSTEM\Dqg.exe
O4 - HKLM\..\Run: [Nvj] C:\WINDOWS\SYSTEM\Itf.exe
O4 - HKLM\..\Run: [Tfj] C:\WINDOWS\Pjb.exe
O4 - HKLM\..\Run: [Cgg] C:\WINDOWS\Cqi.exe
O4 - HKLM\..\Run: [Tqi] C:\WINDOWS\SYSTEM\Alo.exe
O4 - HKLM\..\Run: [Sbm] C:\WINDOWS\Ugt.exe
O4 - HKLM\..\Run: [Pbe] C:\WINDOWS\Idi.exe
O4 - HKLM\..\Run: [Gjr] C:\WINDOWS\Clt.exe
O4 - HKLM\..\Run: [Nog] C:\WINDOWS\SYSTEM\Cme.exe
O4 - HKLM\..\Run: [Bgh] C:\WINDOWS\SYSTEM\Ekp.exe
O4 - HKLM\..\Run: [Mai] C:\WINDOWS\SYSTEM\Abd.exe
O4 - HKLM\..\Run: [Bdp] C:\WINDOWS\Qji.exe
O4 - HKLM\..\Run: [Drb] C:\WINDOWS\SYSTEM\Enl.exe
O4 - HKLM\..\Run: [Jlb] C:\WINDOWS\SYSTEM\Bai.exe
O4 - HKLM\..\Run: [Vrm] C:\WINDOWS\Psm.exe
O4 - HKLM\..\Run: [Pti] C:\WINDOWS\SYSTEM\Fmi.exe
O4 - HKLM\..\Run: [Ala] C:\WINDOWS\SYSTEM\Enf.exe
O4 - HKLM\..\Run: [Qnk] C:\WINDOWS\SYSTEM\Dse.exe
O4 - HKLM\..\Run: [Dua] C:\WINDOWS\SYSTEM\Stm.exe
O4 - HKLM\..\Run: [Knl] C:\WINDOWS\SYSTEM\Gkq.exe
O4 - HKLM\..\Run: [Kdg] C:\WINDOWS\SYSTEM\Rtd.exe
O4 - HKLM\..\Run: [Foi] C:\WINDOWS\SYSTEM\Omu.exe
O4 - HKLM\..\Run: [Rfg] C:\WINDOWS\SYSTEM\Leq.exe
O4 - HKLM\..\Run: [Pcj] C:\WINDOWS\Ivc.exe
O4 - HKLM\..\Run: [Dve] C:\WINDOWS\SYSTEM\Hnp.exe
O4 - HKLM\..\Run: [Jap] C:\WINDOWS\Iof.exe
O4 - HKLM\..\Run: [Ojk] C:\WINDOWS\Ken.exe
O4 - HKLM\..\Run: [Rvi] C:\WINDOWS\SYSTEM\Vvn.exe
O4 - HKLM\..\Run: [Dda] C:\WINDOWS\Jpk.exe
O4 - HKLM\..\Run: [Dtc] C:\WINDOWS\Ppc.exe
O4 - HKLM\..\Run: [Bof] C:\WINDOWS\SYSTEM\Dnk.exe
O4 - HKLM\..\Run: [Ved] C:\WINDOWS\Sqe.exe
O4 - HKLM\..\Run: [Qme] C:\WINDOWS\Fbj.exe
O4 - HKLM\..\Run: [Oga] C:\WINDOWS\Jiv.exe
O4 - HKLM\..\Run: [Npr] C:\WINDOWS\Boq.exe
O4 - HKLM\..\Run: [Ccs] C:\WINDOWS\SYSTEM\Aht.exe
O4 - HKLM\..\Run: [Aah] C:\WINDOWS\Ous.exe
O4 - HKLM\..\Run: [Kas] C:\WINDOWS\Jkl.exe
O4 - HKLM\..\Run: [Tbi] C:\WINDOWS\SYSTEM\Sop.exe
O4 - HKLM\..\Run: [Etl] C:\WINDOWS\Bqn.exe
O4 - HKLM\..\Run: [Noh] C:\WINDOWS\Rbi.exe
O4 - HKLM\..\Run: [Cqt] C:\WINDOWS\SYSTEM\Mtk.exe
O4 - HKLM\..\Run: [Dui] C:\WINDOWS\Pjt.exe
O4 - HKLM\..\Run: [Dcr] C:\WINDOWS\Lgu.exe
O4 - HKLM\..\Run: [Jnv] C:\WINDOWS\SYSTEM\Mbt.exe
O4 - HKLM\..\Run: [Itu] C:\WINDOWS\SYSTEM\Jgr.exe
O4 - HKLM\..\Run: [Inm] C:\WINDOWS\Kmu.exe
O4 - HKLM\..\Run: [Dif] C:\WINDOWS\SYSTEM\Svq.exe
O4 - HKLM\..\Run: [Pcb] C:\WINDOWS\SYSTEM\Tlp.exe
O4 - HKLM\..\Run: [Bsi] C:\WINDOWS\Niq.exe
O4 - HKLM\..\Run: [Tbf] C:\WINDOWS\SYSTEM\Fhg.exe
O4 - HKLM\..\Run: [Tmd] C:\WINDOWS\Jvi.exe
O4 - HKLM\..\Run: [Ojh] C:\WINDOWS\Uok.exe
O4 - HKLM\..\Run: [Tqd] C:\WINDOWS\Fio.exe
O4 - HKLM\..\Run: [Roa] C:\WINDOWS\Sfj.exe
O4 - HKLM\..\Run: [Uto] C:\WINDOWS\SYSTEM\Sqh.exe
O4 - HKLM\..\Run: [Fcs] C:\WINDOWS\Ctp.exe
O4 - HKLM\..\Run: [Elt] C:\WINDOWS\Mls.exe
O4 - HKLM\..\Run: [Pvb] C:\WINDOWS\Tgo.exe
O4 - HKLM\..\Run: [Hjq] C:\WINDOWS\Etf.exe
O4 - HKLM\..\Run: [Atb] C:\WINDOWS\Qia.exe
O4 - HKLM\..\Run: [Vsc] C:\WINDOWS\SYSTEM\Srk.exe
O4 - HKLM\..\Run: [Fri] C:\WINDOWS\Bdi.exe
O4 - HKLM\..\Run: [Hgo] C:\WINDOWS\She.exe
O4 - HKLM\..\Run: [Bpc] C:\WINDOWS\Eqg.exe
O4 - HKLM\..\Run: [Mno] C:\WINDOWS\Aun.exe
O4 - HKLM\..\Run: [Ton] C:\WINDOWS\Plu.exe
O4 - HKLM\..\Run: [Pra] C:\WINDOWS\Mcn.exe
O4 - HKLM\..\Run: [Apb] C:\WINDOWS\Vaj.exe
O4 - HKLM\..\Run: [Bep] C:\WINDOWS\Gsi.exe
O4 - HKLM\..\Run: [Cia] C:\WINDOWS\Oaf.exe
O4 - HKLM\..\Run: [Rar] C:\WINDOWS\SYSTEM\Fkt.exe
O4 - HKLM\..\Run: [Iof] C:\WINDOWS\Ijt.exe
O4 - HKLM\..\Run: [Ctt] C:\WINDOWS\SYSTEM\Bkn.exe
O4 - HKLM\..\Run: [Aku] C:\WINDOWS\Koe.exe
O4 - HKLM\..\Run: [Sdj] C:\WINDOWS\SYSTEM\Iui.exe
O4 - HKLM\..\Run: [Cgj] C:\WINDOWS\Kaf.exe
O4 - HKLM\..\Run: [Bsj] C:\WINDOWS\Tmd.exe
O4 - HKLM\..\Run: [Eef] C:\WINDOWS\Unj.exe
O4 - HKLM\..\Run: [Ojj] C:\WINDOWS\Lnq.exe
O4 - HKLM\..\Run: [Pgv] C:\WINDOWS\Fbm.exe
O4 - HKLM\..\Run: [Gtp] C:\WINDOWS\Nvk.exe
O4 - HKLM\..\Run: [Qip] C:\WINDOWS\SYSTEM\Tci.exe
O4 - HKLM\..\Run: [Tif] C:\WINDOWS\Mfb.exe
O4 - HKLM\..\Run: [Dgc] C:\WINDOWS\SYSTEM\Jqp.exe
O4 - HKLM\..\Run: [Sia] C:\WINDOWS\Ebg.exe
O4 - HKLM\..\Run: [Nlt] C:\WINDOWS\Vpt.exe
O4 - HKLM\..\Run: [Blb] C:\WINDOWS\Put.exe
O4 - HKLM\..\Run: [Qsg] C:\WINDOWS\SYSTEM\Saa.exe
O4 - HKLM\..\Run: [Bng] C:\WINDOWS\SYSTEM\Hcc.exe
O4 - HKLM\..\Run: [Tgb] C:\WINDOWS\Etb.exe
O4 - HKLM\..\Run: [Vpf] C:\WINDOWS\Dgh.exe
O4 - HKLM\..\Run: [Nln] C:\WINDOWS\SYSTEM\Ajh.exe
O4 - HKLM\..\Run: [Rth] C:\WINDOWS\Prj.exe
O4 - HKLM\..\Run: [Mjv] C:\WINDOWS\Fei.exe
O4 - HKLM\..\Run: [Vjh] C:\WINDOWS\SYSTEM\Kmh.exe
O4 - HKLM\..\Run: [Gtc] C:\WINDOWS\SYSTEM\Djn.exe
O4 - HKLM\..\Run: [Iht] C:\WINDOWS\SYSTEM\Tmn.exe
O4 - HKLM\..\Run: [Bvl] C:\WINDOWS\Gtj.exe
O4 - HKLM\..\Run: [Cve] C:\WINDOWS\SYSTEM\Pvn.exe
O4 - HKLM\..\Run: [Tao] C:\WINDOWS\Tlo.exe
O4 - HKLM\..\Run: [Moj] C:\WINDOWS\SYSTEM\Ngd.exe
O4 - HKLM\..\Run: [Csm] C:\WINDOWS\Ehg.exe
O4 - HKLM\..\Run: [Hrn] C:\WINDOWS\SYSTEM\Jkn.exe
O4 - HKLM\..\Run: [Bbs] C:\WINDOWS\SYSTEM\Lvn.exe
O4 - HKLM\..\Run: [Qnb] C:\WINDOWS\SYSTEM\Ncd.exe
O4 - HKLM\..\Run: [Tmq] C:\WINDOWS\SYSTEM\Utm.exe
O4 - HKLM\..\Run: [Jfq] C:\WINDOWS\Veh.exe
O4 - HKLM\..\Run: [Fbq] C:\WINDOWS\Egh.exe
O4 - HKLM\..\Run: [Cku] C:\WINDOWS\Mjn.exe
O4 - HKLM\..\Run: [Kng] C:\WINDOWS\SYSTEM\Gnk.exe
O4 - HKLM\..\Run: [Usg] C:\WINDOWS\Pto.exe
O4 - HKLM\..\Run: [Tqn] C:\WINDOWS\SYSTEM\Jpl.exe
O4 - HKLM\..\Run: [Qaq] C:\WINDOWS\SYSTEM\Pej.exe
O4 - HKLM\..\Run: [Brr] C:\WINDOWS\Src.exe
O4 - HKLM\..\Run: [Teu] C:\WINDOWS\Vhs.exe
O4 - HKLM\..\Run: [Utj] C:\WINDOWS\Gcs.exe
O4 - HKLM\..\Run: [Jaj] C:\WINDOWS\SYSTEM\Afb.exe
O4 - HKLM\..\Run: [Ish] C:\WINDOWS\Tth.exe
O4 - HKLM\..\Run: [Rnh] C:\WINDOWS\SYSTEM\Lpr.exe
O4 - HKLM\..\Run: [Dvn] C:\WINDOWS\Odv.exe
O4 - HKLM\..\Run: [Ffn] C:\WINDOWS\Lnb.exe
O4 - HKLM\..\Run: [Ast] C:\WINDOWS\SYSTEM\Hsp.exe
O4 - HKLM\..\Run: [Pbm] C:\WINDOWS\Trp.exe
O4 - HKLM\..\Run: [Qag] C:\WINDOWS\SYSTEM\Jnf.exe
O4 - HKLM\..\Run: [Gkn] C:\WINDOWS\Beq.exe
O4 - HKLM\..\Run: [Atm] C:\WINDOWS\Jgv.exe
O4 - HKLM\..\Run: [Gvr] C:\WINDOWS\Gid.exe
O4 - HKLM\..\Run: [Aqq] C:\WINDOWS\Btt.exe
O4 - HKLM\..\Run: [Ljm] C:\WINDOWS\Vte.exe
O4 - HKLM\..\Run: [Vim] C:\WINDOWS\SYSTEM\Mql.exe
O4 - HKLM\..\Run: [Eas] C:\WINDOWS\Jtj.exe
O4 - HKLM\..\Run: [Ogs] C:\WINDOWS\Fun.exe
O4 - HKLM\..\Run: [Glv] C:\WINDOWS\Frv.exe
O4 - HKLM\..\Run: [Ngd] C:\WINDOWS\Qoi.exe
O4 - HKLM\..\Run: [Kap] C:\WINDOWS\Ijm.exe
O4 - HKLM\..\Run: [Iaq] C:\WINDOWS\Jac.exe
O4 - HKLM\..\Run: [Iag] C:\WINDOWS\Bni.exe
O4 - HKLM\..\Run: [Bfo] C:\WINDOWS\Msv.exe
O4 - HKLM\..\Run: [Ede] C:\WINDOWS\Vqm.exe
O4 - HKLM\..\Run: [Loj] C:\WINDOWS\SYSTEM\Asf.exe
O4 - HKLM\..\Run: [Jok] C:\WINDOWS\Iqr.exe
O4 - HKLM\..\Run: [Rms] C:\WINDOWS\Rda.exe
O4 - HKLM\..\Run: [Qgc] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Gib] C:\WINDOWS\SYSTEM\Rsn.exe
O4 - HKLM\..\Run: [Fim] C:\WINDOWS\Fjd.exe
O4 - HKLM\..\Run: [Dmr] C:\WINDOWS\SYSTEM\Tvc.exe
O4 - HKLM\..\Run: [Siu] C:\WINDOWS\SYSTEM\Ltb.exe
O4 - HKLM\..\Run: [Jke] C:\WINDOWS\SYSTEM\Jss.exe
O4 - HKLM\..\Run: [Dlp] C:\WINDOWS\SYSTEM\Sui.exe
O4 - HKLM\..\Run: [Ata] C:\WINDOWS\SYSTEM\Huh.exe
O4 - HKLM\..\Run: [Mmm] C:\WINDOWS\SYSTEM\Pgj.exe
O4 - HKLM\..\Run: [Frs] C:\WINDOWS\Ntm.exe
O4 - HKLM\..\Run: [Tdk] C:\WINDOWS\Bak.exe
O4 - HKLM\..\Run: [Nqk] C:\WINDOWS\SYSTEM\Pqh.exe
O4 - HKLM\..\Run: [Dbc] C:\WINDOWS\SYSTEM\Brs.exe
O4 - HKLM\..\Run: [Egn] C:\WINDOWS\SYSTEM\Ejq.exe
O4 - HKLM\..\Run: [Gql] C:\WINDOWS\SYSTEM\Euh.exe
O4 - HKLM\..\Run: [Vvc] C:\WINDOWS\SYSTEM\Cvb.exe
O4 - HKLM\..\Run: [Hql] C:\WINDOWS\Lss.exe
O4 - HKLM\..\Run: [Lpm] C:\WINDOWS\Tvb.exe
O4 - HKLM\..\Run: [Oic] C:\WINDOWS\SYSTEM\Hhb.exe
O4 - HKLM\..\Run: [Rnq] C:\WINDOWS\SYSTEM\Gcf.exe
O4 - HKLM\..\Run: [Ohi] C:\WINDOWS\Iee.exe
O4 - HKLM\..\Run: [Mdo] C:\WINDOWS\Cvs.exe
O4 - HKLM\..\Run: [Vha] C:\WINDOWS\SYSTEM\Gdp.exe
O4 - HKLM\..\Run: [Uti] C:\WINDOWS\SYSTEM\Upd.exe
O4 - HKLM\..\Run: [Eqj] C:\WINDOWS\SYSTEM\Nce.exe
O4 - HKLM\..\Run: [Lsb] C:\WINDOWS\Rci.exe
O4 - HKLM\..\Run: [Sch] C:\WINDOWS\Hio.exe
O4 - HKLM\..\Run: [Vrf] C:\WINDOWS\Eko.exe
O4 - HKLM\..\Run: [Avj] C:\WINDOWS\SYSTEM\Enn.exe
O4 - HKLM\..\Run: [Rgv] C:\WINDOWS\SYSTEM\Fun.exe
O4 - HKLM\..\Run: [Sfa] C:\WINDOWS\Shn.exe
O4 - HKLM\..\Run: [Oqc] C:\WINDOWS\SYSTEM\Dlf.exe
O4 - HKLM\..\Run: [Pum] C:\WINDOWS\Spd.exe
O4 - HKLM\..\Run: [Eao] C:\WINDOWS\Hge.exe
O4 - HKLM\..\Run: [Dqd] C:\WINDOWS\SYSTEM\Cuo.exe
O4 - HKLM\..\Run: [Cef] C:\WINDOWS\Ahd.exe
O4 - HKLM\..\Run: [Jvg] C:\WINDOWS\SYSTEM\Pqs.exe
O4 - HKLM\..\Run: [Bhr] C:\WINDOWS\Mnb.exe
O4 - HKLM\..\Run: [Egj] C:\WINDOWS\Dvj.exe
O4 - HKLM\..\Run: [Bkl] C:\WINDOWS\Pmj.exe
O4 - HKLM\..\Run: [Mcq] C:\WINDOWS\SYSTEM\Hfn.exe
O4 - HKLM\..\Run: [Ull] C:\WINDOWS\SYSTEM\Nkh.exe
O4 - HKLM\..\Run: [Jsh] C:\WINDOWS\SYSTEM\Dkc.exe
O4 - HKLM\..\Run: [Cvo] C:\WINDOWS\Tjn.exe
O4 - HKLM\..\Run: [Nlg] C:\WINDOWS\Oer.exe
O4 - HKLM\..\Run: [Dpc] C:\WINDOWS\SYSTEM\Rmd.exe
O4 - HKLM\..\Run: [Nbs] C:\WINDOWS\SYSTEM\Nag.exe
O4 - HKLM\..\Run: [Hmh] C:\WINDOWS\SYSTEM\Ris.exe
O4 - HKLM\..\Run: [Llf] C:\WINDOWS\Oan.exe
O4 - HKLM\..\Run: [Egh] C:\WINDOWS\Fvt.exe
O4 - HKLM\..\Run: [Mkr] C:\WINDOWS\Fav.exe
O4 - HKLM\..\Run: [Tln] C:\WINDOWS\SYSTEM\Rkg.exe
O4 - HKLM\..\Run: [Gbv] C:\WINDOWS\SYSTEM\Hpc.exe
O4 - HKLM\..\Run: [Big] C:\WINDOWS\SYSTEM\Kig.exe
O4 - HKLM\..\Run: [Rcl] C:\WINDOWS\Hdc.exe
O4 - HKLM\..\Run: [Sld] C:\WINDOWS\SYSTEM\Lot.exe
O4 - HKLM\..\Run: [Qqu] C:\WINDOWS\Pua.exe
O4 - HKLM\..\Run: [Lpo] C:\WINDOWS\Kbt.exe
O4 - HKLM\..\Run: [Luc] C:\WINDOWS\SYSTEM\Lts.exe
O4 - HKLM\..\Run: [Tba] C:\WINDOWS\SYSTEM\Ded.exe
O4 - HKLM\..\Run: [Vrv] C:\WINDOWS\Mck.exe
O4 - HKLM\..\Run: [Vtp] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Uns] C:\WINDOWS\SYSTEM\Hut.exe
O4 - HKLM\..\Run: [Lnk] C:\WINDOWS\Lvv.exe
O4 - HKLM\..\Run: [Nhl] C:\WINDOWS\SYSTEM\Jcf.exe
O4 - HKLM\..\Run: [Rib] C:\WINDOWS\Dev.exe
O4 - HKLM\..\Run: [Keq] C:\WINDOWS\Gtb.exe
O4 - HKLM\..\Run: [Ecq] C:\WINDOWS\Hsr.exe
O4 - HKLM\..\Run: [Mrq] C:\WINDOWS\Gkd.exe
O4 - HKLM\..\Run: [Qjn] C:\WINDOWS\Ljb.exe
O4 - HKLM\..\Run: [Icj] C:\WINDOWS\Tpt.exe
O4 - HKLM\..\Run: [Jou] C:\WINDOWS\Bbh.exe
O4 - HKLM\..\Run: [Vfs] C:\WINDOWS\SYSTEM\Koa.exe
O4 - HKLM\..\Run: [Ver] C:\WINDOWS\SYSTEM\Cjm.exe
O4 - HKLM\..\Run: [Dkt] C:\WINDOWS\Cta.exe
O4 - HKLM\..\Run: [Uki] C:\WINDOWS\SYSTEM\Uii.exe
O4 - HKLM\..\Run: [Hbd] C:\WINDOWS\Saf.exe
O4 - HKLM\..\Run: [Qtl] C:\WINDOWS\Uec.exe
O4 - HKLM\..\Run: [Hra] C:\WINDOWS\SYSTEM\Edo.exe
O4 - HKLM\..\Run: [Hso] C:\WINDOWS\SYSTEM\Jpn.exe
O4 - HKLM\..\Run: [Cdu] C:\WINDOWS\Krv.exe
O4 - HKLM\..\Run: [Bps] C:\WINDOWS\Lqk.exe
O4 - HKLM\..\Run: [Qra] C:\WINDOWS\SYSTEM\Bjv.exe
O4 - HKLM\..\Run: [Cua] C:\WINDOWS\SYSTEM\Ebj.exe
O4 - HKLM\..\Run: [Ksb] C:\WINDOWS\Euv.exe
O4 - HKLM\..\Run: [Mdt] C:\WINDOWS\SYSTEM\Qlq.exe
O4 - HKLM\..\Run: [Cao] C:\WINDOWS\SYSTEM\Ivu.exe
O4 - HKLM\..\Run: [Ipb] C:\WINDOWS\SYSTEM\Bkt.exe
O4 - HKLM\..\Run: [Epj] C:\WINDOWS\SYSTEM\Gio.exe
O4 - HKLM\..\Run: [Mni] C:\WINDOWS\Vdk.exe
O4 - HKLM\..\Run: [Gto] C:\WINDOWS\Pdm.exe
O4 - HKLM\..\Run: [Mcn] C:\WINDOWS\SYSTEM\Hbu.exe
O4 - HKLM\..\Run: [Ikg] C:\WINDOWS\Uja.exe
O4 - HKLM\..\Run: [Lkr] C:\WINDOWS\Gas.exe
O4 - HKLM\..\Run: [Cav] C:\WINDOWS\Ect.exe
O4 - HKLM\..\Run: [Tdi] C:\WINDOWS\Vcp.exe
O4 - HKLM\..\Run: [Mhq] C:\WINDOWS\Uth.exe
O4 - HKLM\..\Run: [Csv] C:\WINDOWS\Fau.exe
O4 - HKLM\..\Run: [Iqc] C:\WINDOWS\SYSTEM\Kmf.exe
O4 - HKLM\..\Run: [Mjh] C:\WINDOWS\SYSTEM\Nob.exe
O4 - HKLM\..\Run: [Ara] C:\WINDOWS\SYSTEM\Rgd.exe
O4 - HKLM\..\Run: [Nci] C:\WINDOWS\SYSTEM\Buc.exe
O4 - HKLM\..\Run: [Anq] C:\WINDOWS\Ffj.exe
O4 - HKLM\..\Run: [Ksc] C:\WINDOWS\Qee.exe
O4 - HKLM\..\Run: [Kdm] C:\WINDOWS\SYSTEM\Isp.exe
O4 - HKLM\..\Run: [Cut] C:\WINDOWS\SYSTEM\Slb.exe
O4 - HKLM\..\Run: [Eja] C:\WINDOWS\SYSTEM\Drf.exe
O4 - HKLM\..\Run: [Abv] C:\WINDOWS\SYSTEM\Upt.exe
O4 - HKLM\..\Run: [Gdi] C:\WINDOWS\SYSTEM\Mel.exe
O4 - HKLM\..\Run: [Pdo] C:\WINDOWS\Npt.exe
O4 - HKLM\..\Run: [Agt] C:\WINDOWS\Bfi.exe
O4 - HKLM\..\Run: [Kcn] C:\WINDOWS\Dtg.exe
O4 - HKLM\..\Run: [Ria] C:\WINDOWS\Qao.exe
O4 - HKLM\..\Run: [Umg] C:\WINDOWS\SYSTEM\Pgs.exe
O4 - HKLM\..\Run: [Sme] C:\WINDOWS\Fai.exe
O4 - HKLM\..\Run: [Aia] C:\WINDOWS\SYSTEM\Jos.exe
O4 - HKLM\..\Run: [Rag] C:\WINDOWS\SYSTEM\Slj.exe
O4 - HKLM\..\Run: [Pts] C:\WINDOWS\Rsn.exe
O4 - HKLM\..\Run: [Ovg] C:\WINDOWS\SYSTEM\Gro.exe
O4 - HKLM\..\Run: [Jlt] C:\WINDOWS\SYSTEM\Kad.exe
O4 - HKLM\..\Run: [Krf] C:\WINDOWS\Rsi.exe
O4 - HKLM\..\Run: [Utd] C:\WINDOWS\Ksq.exe
O4 - HKLM\..\Run: [Bii] C:\WINDOWS\SYSTEM\Fqo.exe
O4 - HKLM\..\Run: [Dgd] C:\WINDOWS\SYSTEM\Mkk.exe
O4 - HKLM\..\Run: [Jrq] C:\WINDOWS\SYSTEM\Mme.exe
O4 - HKLM\..\Run: [Dgi] C:\WINDOWS\SYSTEM\Mbb.exe
O4 - HKLM\..\Run: [Dcm] C:\WINDOWS\Uqa.exe
O4 - HKLM\..\Run: [Vju] C:\WINDOWS\Jmd.exe
O4 - HKLM\..\Run: [Blo] C:\WINDOWS\SYSTEM\Sbq.exe
O4 - HKLM\..\Run: [Man] C:\WINDOWS\Bac.exe
O4 - HKLM\..\Run: [Iti] C:\WINDOWS\SYSTEM\Arr.exe
O4 - HKLM\..\Run: [Omn] C:\WINDOWS\SYSTEM\Ref.exe
O4 - HKLM\..\Run: [Nmh] C:\WINDOWS\Cuv.exe
O4 - HKLM\..\Run: [Mim] C:\WINDOWS\Vhl.exe
O4 - HKLM\..\Run: [Ceg] C:\WINDOWS\Soq.exe
O4 - HKLM\..\Run: [Cor] C:\WINDOWS\Bka.exe
O4 - HKLM\..\Run: [Dvk] C:\WINDOWS\Ksq.exe
O4 - HKLM\..\Run: [Amv] C:\WINDOWS\Ili.exe
O4 - HKLM\..\Run: [Mtq] C:\WINDOWS\SYSTEM\Can.exe
O4 - HKLM\..\Run: [Aom] C:\WINDOWS\Jel.exe
O4 - HKLM\..\Run: [Rfb] C:\WINDOWS\Lko.exe
O4 - HKLM\..\Run: [Vdv] C:\WINDOWS\Jft.exe
O4 - HKLM\..\Run: [Rqc] C:\WINDOWS\SYSTEM\Tkm.exe
O4 - HKLM\..\Run: [Ejr] C:\WINDOWS\Fql.exe
O4 - HKLM\..\Run: [Ntl] C:\WINDOWS\Ccg.exe
O4 - HKLM\..\Run: [Gee] C:\WINDOWS\Rln.exe
O4 - HKLM\..\Run: [Lsl] C:\WINDOWS\Pap.exe
O4 - HKLM\..\Run: [Leg] C:\WINDOWS\Bls.exe
O4 - HKLM\..\Run: [Cdk] C:\WINDOWS\Duk.exe
O4 - HKLM\..\Run: [Nfv] C:\WINDOWS\Dil.exe
O4 - HKLM\..\Run: [Sqo] C:\WINDOWS\Bov.exe
O4 - HKLM\..\Run: [Rnd] C:\WINDOWS\SYSTEM\Qvd.exe
O4 - HKLM\..\Run: [Qja] C:\WINDOWS\SYSTEM\Ifv.exe
O4 - HKLM\..\Run: [Kqs] C:\WINDOWS\SYSTEM\Fko.exe
O4 - HKLM\..\Run: [Hgr] C:\WINDOWS\Vgp.exe
O4 - HKLM\..\Run: [Mjc] C:\WINDOWS\Akt.exe
O4 - HKLM\..\Run: [Bvb] C:\WINDOWS\SYSTEM\Ddm.exe
O4 - HKLM\..\Run: [Jna] C:\WINDOWS\SYSTEM\Rut.exe
O4 - HKLM\..\Run: [Nhe] C:\WINDOWS\Pvs.exe
O4 - HKLM\..\Run: [Hqj] C:\WINDOWS\SYSTEM\Ifo.exe
O4 - HKLM\..\Run: [Hoa] C:\WINDOWS\SYSTEM\Mjj.exe
O4 - HKLM\..\Run: [Our] C:\WINDOWS\SYSTEM\Lic.exe
O4 - HKLM\..\Run: [Onf] C:\WINDOWS\SYSTEM\Nrb.exe
O4 - HKLM\..\Run: [Qfb] C:\WINDOWS\Tco.exe
O4 - HKLM\..\Run: [Njs] C:\WINDOWS\SYSTEM\Imk.exe
O4 - HKLM\..\Run: [Lpd] C:\WINDOWS\Ldd.exe
O4 - HKLM\..\Run: [Enp] C:\WINDOWS\Jfv.exe
O4 - HKLM\..\Run: [Rdd] C:\WINDOWS\Uoo.exe
O4 - HKLM\..\Run: [Lnl] C:\WINDOWS\Dii.exe
O4 - HKLM\..\Run: [Uoe] C:\WINDOWS\SYSTEM\Vtp.exe
O4 - HKLM\..\Run: [Buv] C:\WINDOWS\Hhi.exe
O4 - HKLM\..\Run: [Ece] C:\WINDOWS\SYSTEM\Pdi.exe
O4 - HKLM\..\Run: [Orl] C:\WINDOWS\Nke.exe
O4 - HKLM\..\Run: [Jeu] C:\WINDOWS\SYSTEM\Hkt.exe
O4 - HKLM\..\Run: [Oka] C:\WINDOWS\SYSTEM\Anl.exe
O4 - HKLM\..\Run: [Vtb] C:\WINDOWS\Rit.exe
O4 - HKLM\..\Run: [Rud] C:\WINDOWS\SYSTEM\Vaa.exe
O4 - HKLM\..\Run: [Ckq] C:\WINDOWS\SYSTEM\Kab.exe
O4 - HKLM\..\Run: [Jih] C:\WINDOWS\SYSTEM\Utc.exe
O4 - HKLM\..\Run: [Mtt] C:\WINDOWS\SYSTEM\Hjr.exe
O4 - HKLM\..\Run: [Egp] C:\WINDOWS\Bjf.exe
O4 - HKLM\..\Run: [Uqc] C:\WINDOWS\SYSTEM\Rea.exe
O4 - HKLM\..\Run: [Ogf] C:\WINDOWS\Qnl.exe
O4 - HKLM\..\Run: [Pdc] C:\WINDOWS\Git.exe
O4 - HKLM\..\Run: [Dfu] C:\WINDOWS\Seh.exe
O4 - HKLM\..\Run: [Grj] C:\WINDOWS\Vjk.exe
O4 - HKLM\..\Run: [Eim] C:\WINDOWS\SYSTEM\Uin.exe
O4 - HKLM\..\Run: [Fdp] C:\WINDOWS\SYSTEM\Uej.exe
O4 - HKLM\..\Run: [Kgv] C:\WINDOWS\SYSTEM\Oom.exe
O4 - HKLM\..\Run: [Pce] C:\WINDOWS\Qec.exe
O4 - HKLM\..\Run: [Qhf] C:\WINDOWS\SYSTEM\Rsv.exe
O4 - HKLM\..\Run: [Npb] C:\WINDOWS\Buf.exe
O4 - HKLM\..\Run: [Hcm] C:\WINDOWS\Aro.exe
O4 - HKLM\..\Run: [Sjs] C:\WINDOWS\SYSTEM\Lul.exe
O4 - HKLM\..\Run: [Jct] C:\WINDOWS\SYSTEM\Ptq.exe
O4 - HKLM\..\Run: [Str] C:\WINDOWS\Oal.exe
O4 - HKLM\..\Run: [Qlk] C:\WINDOWS\SYSTEM\Dpc.exe
O4 - HKLM\..\Run: [Irr] C:\WINDOWS\SYSTEM\Plq.exe
O4 - HKLM\..\Run: [Pmb] C:\WINDOWS\SYSTEM\Cbs.exe
O4 - HKLM\..\Run: [Khh] C:\WINDOWS\SYSTEM\Ago.exe
O4 - HKLM\..\Run: [Bob] C:\WINDOWS\SYSTEM\Gun.exe
O4 - HKLM\..\Run: [Blt] C:\WINDOWS\Cjs.exe
O4 - HKLM\..\Run: [Cmp] C:\WINDOWS\Dqj.exe
O4 - HKLM\..\Run: [Rdi] C:\WINDOWS\SYSTEM\Vln.exe
O4 - HKLM\..\Run: [Iek] C:\WINDOWS\Rtd.exe
O4 - HKLM\..\Run: [Cov] C:\WINDOWS\SYSTEM\Lpk.exe
O4 - HKLM\..\Run: [Lqu] C:\WINDOWS\SYSTEM\Phs.exe
O4 - HKLM\..\Run: [Ans] C:\WINDOWS\Eeh.exe
O4 - HKLM\..\Run: [Bop] C:\WINDOWS\SYSTEM\Chl.exe
O4 - HKLM\..\Run: [Eau] C:\WINDOWS\Spk.exe
O4 - HKLM\..\Run: [Eev] C:\WINDOWS\SYSTEM\Qke.exe
O4 - HKLM\..\Run: [Chc] C:\WINDOWS\SYSTEM\Ovv.exe
O4 - HKLM\..\Run: [Ahk] C:\WINDOWS\SYSTEM\Jmp.exe
O4 - HKLM\..\Run: [Qjq] C:\WINDOWS\Uuk.exe
O4 - HKLM\..\Run: [Kgl] C:\WINDOWS\Utn.exe
O4 - HKLM\..\Run: [Ugr] C:\WINDOWS\SYSTEM\Ava.exe
O4 - HKLM\..\Run: [Vpc] C:\WINDOWS\Gnm.exe
O4 - HKLM\..\Run: [Bmg] C:\WINDOWS\SYSTEM\Llp.exe
O4 - HKLM\..\Run: [Enc] C:\WINDOWS\Bmu.exe
O4 - HKLM\..\Run: [Cqn] C:\WINDOWS\Ecj.exe
O4 - HKLM\..\Run: [Tej] C:\WINDOWS\Hai.exe
O4 - HKLM\..\Run: [Sob] C:\WINDOWS\Uqr.exe
O4 - HKLM\..\Run: [Sth] C:\WINDOWS\SYSTEM\Scv.exe
O4 - HKLM\..\Run: [Mbd] C:\WINDOWS\SYSTEM\Nie.exe
O4 - HKLM\..\Run: [Ogt] C:\WINDOWS\Uqt.exe
O4 - HKLM\..\Run: [Krk] C:\WINDOWS\SYSTEM\Vvr.exe
O4 - HKLM\..\Run: [Jmm] C:\WINDOWS\SYSTEM\Nkq.exe
O4 - HKLM\..\Run: [Jrm] C:\WINDOWS\SYSTEM\Mvs.exe
O4 - HKLM\..\Run: [Jqc] C:\WINDOWS\SYSTEM\Enp.exe
O4 - HKLM\..\Run: [Jve] C:\WINDOWS\Oap.exe
O4 - HKLM\..\Run: [Cam] C:\WINDOWS\Elv.exe
O4 - HKLM\..\Run: [Bqf] C:\WINDOWS\SYSTEM\Sba.exe
O4 - HKLM\..\Run: [Hmn] C:\WINDOWS\Emm.exe
O4 - HKLM\..\Run: [Jmg] C:\WINDOWS\SYSTEM\Mjr.exe
O4 - HKLM\..\Run: [Qpr] C:\WINDOWS\Kvt.exe
O4 - HKLM\..\Run: [Okn] C:\WINDOWS\SYSTEM\Fdg.exe
O4 - HKLM\..\Run: [Rui] C:\WINDOWS\SYSTEM\Lub.exe
O4 - HKLM\..\Run: [Ihv] C:\WINDOWS\Vkq.exe
O4 - HKLM\..\Run: [Feq] C:\WINDOWS\SYSTEM\Men.exe
O4 - HKLM\..\Run: [Fro] C:\WINDOWS\SYSTEM\Bpp.exe
O4 - HKLM\..\Run: [Mfd] C:\WINDOWS\Fub.exe
O4 - HKLM\..\Run: [Kql] C:\WINDOWS\Fjr.exe
O4 - HKLM\..\Run: [Icc] C:\WINDOWS\Tqc.exe
O4 - HKLM\..\Run: [Pqm] C:\WINDOWS\Sdc.exe
O4 - HKLM\..\Run: [Qms] C:\WINDOWS\Tel.exe
O4 - HKLM\..\Run: [Uju] C:\WINDOWS\SYSTEM\Ism.exe
O4 - HKLM\..\Run: [Llp] C:\WINDOWS\Roo.exe
O4 - HKLM\..\Run: [Miu] C:\WINDOWS\Tnb.exe
O4 - HKLM\..\Run: [Bdq] C:\WINDOWS\Dqp.exe
O4 - HKLM\..\Run: [Ljt] C:\WINDOWS\SYSTEM\Bdp.exe
O4 - HKLM\..\Run: [Kmt] C:\WINDOWS\SYSTEM\Ted.exe
O4 - HKLM\..\Run: [Srl] C:\WINDOWS\Hog.exe
O4 - HKLM\..\Run: [Sjh] C:\WINDOWS\SYSTEM\Afl.exe
O4 - HKLM\..\Run: [Jhg] C:\WINDOWS\SYSTEM\Tir.exe
O4 - HKLM\..\Run: [Crt] C:\WINDOWS\SYSTEM\Kjf.exe
O4 - HKLM\..\Run: [Vrh] C:\WINDOWS\SYSTEM\Fin.exe
O4 - HKLM\..\Run: [Tqf] C:\WINDOWS\Uoo.exe
O4 - HKLM\..\Run: [Htf] C:\WINDOWS\SYSTEM\Beu.exe
O4 - HKLM\..\Run: [Jdc] C:\WINDOWS\Vlc.exe
O4 - HKLM\..\Run: [Gdf] C:\WINDOWS\Vkk.exe
O4 - HKLM\..\Run: [Abd] C:\WINDOWS\SYSTEM\Kih.exe
O4 - HKLM\..\Run: [Cup] C:\WINDOWS\SYSTEM\Chv.exe
O4 - HKLM\..\Run: [Ert] C:\WINDOWS\Oef.exe
O4 - HKLM\..\Run: [Fka] C:\WINDOWS\SYSTEM\Qeb.exe
O4 - HKLM\..\Run: [Fvb] C:\WINDOWS\Lvs.exe
O4 - HKLM\..\Run: [Idr] C:\WINDOWS\SYSTEM\Qak.exe
O4 - HKLM\..\Run: [Vjq] C:\WINDOWS\Jpi.exe
O4 - HKLM\..\Run: [Chg] C:\WINDOWS\Msj.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\SYSTEM\Jrd.exe
O4 - HKLM\..\Run: [Okq] C:\WINDOWS\SYSTEM\Bkm.exe
O4 - HKLM\..\Run: [Omi] C:\WINDOWS\Ubm.exe
O4 - HKLM\..\Run: [Bdm] C:\WINDOWS\Dls.exe
O4 - HKLM\..\Run: [Evp] C:\WINDOWS\SYSTEM\Hqo.exe
O4 - HKLM\..\Run: [Uaj] C:\WINDOWS\SYSTEM\Ppg.exe
O4 - HKLM\..\Run: [Lgv] C:\WINDOWS\SYSTEM\Smd.exe
O4 - HKLM\..\Run: [Qmg] C:\WINDOWS\Urc.exe
O4 - HKLM\..\Run: [Bpf] C:\WINDOWS\SYSTEM\Fac.exe
O4 - HKLM\..\Run: [Bfc] C:\WINDOWS\SYSTEM\Gfa.exe
O4 - HKLM\..\Run: [Hum] C:\WINDOWS\SYSTEM\Lck.exe
O4 - HKLM\..\Run: [Cid] C:\WINDOWS\Bki.exe
O4 - HKLM\..\Run: [Oaj] C:\WINDOWS\Vbp.exe
O4 - HKLM\..\Run: [Upe] C:\WINDOWS\SYSTEM\Lkt.exe
O4 - HKLM\..\Run: [Kjb] C:\WINDOWS\Eve.exe
O4 - HKLM\..\Run: [Qvi] C:\WINDOWS\SYSTEM\Dcc.exe
O4 - HKLM\..\Run: [Ijb] C:\WINDOWS\Fut.exe
O4 - HKLM\..\Run: [Ipv] C:\WINDOWS\Ama.exe
O4 - HKLM\..\Run: [Dlq] C:\WINDOWS\Dtt.exe
O4 - HKLM\..\Run: [Htk] C:\WINDOWS\SYSTEM\Ttd.exe
O4 - HKLM\..\Run: [Vui] C:\WINDOWS\SYSTEM\Oqh.exe
O4 - HKLM\..\Run: [Lnv] C:\WINDOWS\SYSTEM\Fri.exe
O4 - HKLM\..\Run: [Seo] C:\WINDOWS\SYSTEM\Mam.exe
O4 - HKLM\..\Run: [Guk] C:\WINDOWS\SYSTEM\Erh.exe
O4 - HKLM\..\Run: [Gth] C:\WINDOWS\SYSTEM\Sue.exe
O4 - HKLM\..\Run: [Sgq] C:\WINDOWS\Gbg.exe
O4 - HKLM\..\Run: [Ljs] C:\WINDOWS\SYSTEM\Hco.exe
O4 - HKLM\..\Run: [Seb] C:\WINDOWS\SYSTEM\Ksm.exe
O4 - HKLM\..\Run: [Ese] C:\WINDOWS\Atl.exe
O4 - HKLM\..\Run: [Nag] C:\WINDOWS\Pis.exe
O4 - HKLM\..\Run: [Fqj] C:\WINDOWS\SYSTEM\Fja.exe
O4 - HKLM\..\Run: [Fpv] C:\WINDOWS\SYSTEM\Rhn.exe
O4 - HKLM\..\Run: [Tch] C:\WINDOWS\SYSTEM\Fee.exe
O4 - HKLM\..\Run: [Fuh] C:\WINDOWS\Ult.exe
O4 - HKLM\..\Run: [Qha] C:\WINDOWS\SYSTEM\Jba.exe
O4 - HKLM\..\Run: [Tvj] C:\WINDOWS\Cbv.exe
O4 - HKLM\..\Run: [Tgg] C:\WINDOWS\SYSTEM\Odm.exe
O4 - HKLM\..\Run: [Bqs] C:\WINDOWS\Hri.exe
O4 - HKLM\..\Run: [Rns] C:\WINDOWS\Kan.exe
O4 - HKLM\..\Run: [Tpb] C:\WINDOWS\Ntp.exe
O4 - HKLM\..\Run: [Oop] C:\WINDOWS\SYSTEM\Bng.exe
O4 - HKLM\..\Run: [Tnv] C:\WINDOWS\Tmb.exe
O4 - HKLM\..\Run: [Sbj] C:\WINDOWS\SYSTEM\Ahs.exe
O4 - HKLM\..\Run: [Sht] C:\WINDOWS\Ueh.exe
O4 - HKLM\..\Run: [Vfa] C:\WINDOWS\Ior.exe
O4 - HKLM\..\Run: [Vee] C:\WINDOWS\Ipk.exe
O4 - HKLM\..\Run: [Qrr] C:\WINDOWS\Ktq.exe
O4 - HKLM\..\Run: [Lfk] C:\WINDOWS\Orr.exe
O4 - HKLM\..\Run: [Piv] C:\WINDOWS\SYSTEM\Arq.exe
O4 - HKLM\..\Run: [Jit] C:\WINDOWS\Mll.exe
O4 - HKLM\..\Run: [Rpk] C:\WINDOWS\SYSTEM\Nph.exe
O4 - HKLM\..\Run: [Gfh] C:\WINDOWS\SYSTEM\Mme.exe
O4 - HKLM\..\Run: [Ith] C:\WINDOWS\SYSTEM\Ins.exe
O4 - HKLM\..\Run: [Vcj] C:\WINDOWS\Rel.exe
O4 - HKLM\..\Run: [Kkd] C:\WINDOWS\Kom.exe
O4 - HKLM\..\Run: [Ped] C:\WINDOWS\Dpf.exe
O4 - HKLM\..\Run: [Ruk] C:\WINDOWS\SYSTEM\Ist.exe
O4 - HKLM\..\Run: [Oce] C:\WINDOWS\SYSTEM\Kpr.exe
O4 - HKLM\..\Run: [Qft] C:\WINDOWS\SYSTEM\Dsq.exe
O4 - HKLM\..\Run: [Nqj] C:\WINDOWS\Pro.exe
O4 - HKLM\..\Run: [Pns] C:\WINDOWS\Ttv.exe
O4 - HKLM\..\Run: [Uut] C:\WINDOWS\Cnn.exe
O4 - HKLM\..\Run: [Unk] C:\WINDOWS\SYSTEM\Jpb.exe
O4 - HKLM\..\Run: [Aqj] C:\WINDOWS\Mnn.exe
O4 - HKLM\..\Run: [Qlr] C:\WINDOWS\Dak.exe
O4 - HKLM\..\Run: [Evd] C:\WINDOWS\Rfs.exe
O4 - HKLM\..\Run: [Ujl] C:\WINDOWS\SYSTEM\Pfh.exe
O4 - HKLM\..\Run: [Ftd] C:\WINDOWS\Ndk.exe
O4 - HKLM\..\Run: [Nqb] C:\WINDOWS\SYSTEM\Ili.exe
O4 - HKLM\..\Run: [Iiu] C:\WINDOWS\SYSTEM\Mod.exe
O4 - HKLM\..\Run: [Dsj] C:\WINDOWS\SYSTEM\Cfs.exe
O4 - HKLM\..\Run: [Ajj] C:\WINDOWS\SYSTEM\Gau.exe
O4 - HKLM\..\Run: [Hen] C:\WINDOWS\SYSTEM\Ljo.exe
O4 - HKLM\..\Run: [Pef] C:\WINDOWS\SYSTEM\Eej.exe
O4 - HKLM\..\Run: [Dnf] C:\WINDOWS\SYSTEM\Idm.exe
O4 - HKLM\..\Run: [Otu] C:\WINDOWS\Iju.exe
O4 - HKLM\..\Run: [Dqk] C:\WINDOWS\Tim.exe
O4 - HKLM\..\Run: [Rbi] C:\WINDOWS\SYSTEM\Blr.exe
O4 - HKLM\..\Run: [Ape] C:\WINDOWS\SYSTEM\Npo.exe
O4 - HKLM\..\Run: [Ebt] C:\WINDOWS\Mmt.exe
O4 - HKLM\..\Run: [Hbm] C:\WINDOWS\Pet.exe
O4 - HKLM\..\Run: [Kvc] C:\WINDOWS\Kkp.exe
O4 - HKLM\..\Run: [Ctf] C:\WINDOWS\SYSTEM\Lbt.exe
O4 - HKLM\..\Run: [Qsl] C:\WINDOWS\Isu.exe
O4 - HKLM\..\Run: [Fal] C:\WINDOWS\Pha.exe
O4 - HKLM\..\Run: [Jps] C:\WINDOWS\SYSTEM\Mup.exe
O4 - HKLM\..\Run: [Umk] C:\WINDOWS\SYSTEM\Cii.exe
O4 - HKLM\..\Run: [Jmh] C:\WINDOWS\Ulj.exe
O4 - HKLM\..\Run: [Fnb] C:\WINDOWS\SYSTEM\Dtq.exe
O4 - HKLM\..\Run: [Jic] C:\WINDOWS\SYSTEM\Lpc.exe
O4 - HKLM\..\Run: [Qao] C:\WINDOWS\Ual.exe
O4 - HKLM\..\Run: [Opa] C:\WINDOWS\Fps.exe
O4 - HKLM\..\Run: [Fth] C:\WINDOWS\Uqk.exe
O4 - HKLM\..\Run: [Boh] C:\WINDOWS\Ljb.exe
O4 - HKLM\..\Run: [Hcb] C:\WINDOWS\Ooi.exe
O4 - HKLM\..\Run: [Jul] C:\WINDOWS\Ram.exe
O4 - HKLM\..\Run: [Rqh] C:\WINDOWS\SYSTEM\Tfm.exe
O4 - HKLM\..\Run: [Bbm] C:\WINDOWS\SYSTEM\Aas.exe
O4 - HKLM\..\Run: [Ach] C:\WINDOWS\Odv.exe
O4 - HKLM\..\Run: [Ges] C:\WINDOWS\Dnv.exe
O4 - HKLM\..\Run: [Pne] C:\WINDOWS\Eke.exe
O4 - HKLM\..\Run: [Jsp] C:\WINDOWS\Iet.exe
O4 - HKLM\..\Run: [Hmv] C:\WINDOWS\Gjf.exe
O4 - HKLM\..\Run: [Noj] C:\WINDOWS\SYSTEM\Nni.exe
O4 - HKLM\..\Run: [Krq] C:\WINDOWS\SYSTEM\Aml.exe
O4 - HKLM\..\Run: [Cra] C:\WINDOWS\SYSTEM\Aon.exe
O4 - HKLM\..\Run: [Hpf] C:\WINDOWS\Jtg.exe
O4 - HKLM\..\Run: [Fkp] C:\WINDOWS\Pai.exe
O4 - HKLM\..\Run: [Ltq] C:\WINDOWS\Cvl.exe
O4 - HKLM\..\Run: [Ukf] C:\WINDOWS\SYSTEM\Sgs.exe
O4 - HKLM\..\Run: [Vfr] C:\WINDOWS\Nbe.exe
O4 - HKLM\..\Run: [Tak] C:\WINDOWS\SYSTEM\Bgv.exe
O4 - HKLM\..\Run: [Vou] C:\WINDOWS\Vjn.exe
O4 - HKLM\..\Run: [Nmc] C:\WINDOWS\SYSTEM\Kff.exe
O4 - HKLM\..\Run: [Too] C:\WINDOWS\Qos.exe
O4 - HKLM\..\Run: [Vmb] C:\WINDOWS\SYSTEM\Uoj.exe
O4 - HKLM\..\Run: [Crm] C:\WINDOWS\SYSTEM\Aoc.exe
O4 - HKLM\..\Run: [Sgt] C:\WINDOWS\Cai.exe
O4 - HKLM\..\Run: [Rpa] C:\WINDOWS\SYSTEM\Erd.exe
O4 - HKLM\..\Run: [Hhl] C:\WINDOWS\Bpo.exe
O4 - HKLM\..\Run: [Rhq] C:\WINDOWS\Lgj.exe
O4 - HKLM\..\Run: [Dnq] C:\WINDOWS\Hcd.exe
O4 - HKLM\..\Run: [Bea] C:\WINDOWS\SYSTEM\Plf.exe
O4 - HKLM\..\Run: [Naa] C:\WINDOWS\Kem.exe
O4 - HKLM\..\Run: [Lpl] C:\WINDOWS\Ksl.exe
O4 - HKLM\..\Run: [Idd] C:\WINDOWS\SYSTEM\Maj.exe
O4 - HKLM\..\Run: [Gjv] C:\WINDOWS\SYSTEM\Scg.exe
O4 - HKLM\..\Run: [Pit] C:\WINDOWS\SYSTEM\Cth.exe
O4 - HKLM\..\Run: [Mch] C:\WINDOWS\SYSTEM\Ulc.exe
O4 - HKLM\..\Run: [Dgt] C:\WINDOWS\SYSTEM\Fnb.exe
O4 - HKLM\..\Run: [Ecc] C:\WINDOWS\SYSTEM\Nav.exe
O4 - HKLM\..\Run: [Qit] C:\WINDOWS\Khh.exe
O4 - HKLM\..\Run: [Del] C:\WINDOWS\Rhj.exe
O4 - HKLM\..\Run: [Fjp] C:\WINDOWS\SYSTEM\Qfv.exe
O4 - HKLM\..\Run: [Uuh] C:\WINDOWS\SYSTEM\Kuu.exe
O4 - HKLM\..\Run: [Slk] C:\WINDOWS\SYSTEM\Lnh.exe
O4 - HKLM\..\Run: [Nlq] C:\WINDOWS\SYSTEM\Eof.exe
O4 - HKLM\..\Run: [Oia] C:\WINDOWS\SYSTEM\Ofo.exe
O4 - HKLM\..\Run: [Sva] C:\WINDOWS\Tcv.exe
O4 - HKLM\..\Run: [Cju] C:\WINDOWS\SYSTEM\Chg.exe
O4 - HKLM\..\Run: [Rhf] C:\WINDOWS\Bdf.exe
O4 - HKLM\..\Run: [Gdn] C:\WINDOWS\Jsb.exe
O4 - HKLM\..\Run: [Upt] C:\WINDOWS\SYSTEM\Lpk.exe
O4 - HKLM\..\Run: [Vpa] C:\WINDOWS\Nqf.exe
O4 - HKLM\..\Run: [Uhc] C:\WINDOWS\SYSTEM\Tct.exe
O4 - HKLM\..\Run: [Tkf] C:\WINDOWS\SYSTEM\Ofe.exe
O4 - HKLM\..\Run: [Edg] C:\WINDOWS\SYSTEM\Ken.exe
O4 - HKLM\..\Run: [Egt] C:\WINDOWS\Der.exe
O4 - HKLM\..\Run: [Dmh] C:\WINDOWS\SYSTEM\Pkq.exe
O4 - HKLM\..\Run: [Hfk] C:\WINDOWS\Mlp.exe
O4 - HKLM\..\Run: [Rbq] C:\WINDOWS\SYSTEM\Unp.exe
O4 - HKLM\..\Run: [Pjv] C:\WINDOWS\Mna.exe
O4 - HKLM\..\Run: [Ccd] C:\WINDOWS\Fte.exe
O4 - HKLM\..\Run: [Arc] C:\WINDOWS\Qlr.exe
O4 - HKLM\..\Run: [Fgu] C:\WINDOWS\SYSTEM\Oas.exe
O4 - HKLM\..\Run: [Hhf] C:\WINDOWS\Anu.exe
O4 - HKLM\..\Run: [Vlu] C:\WINDOWS\Qnr.exe
O4 - HKLM\..\Run: [Gsf] C:\WINDOWS\SYSTEM\Euv.exe
O4 - HKLM\..\Run: [Hsb] C:\WINDOWS\Kgd.exe
O4 - HKLM\..\Run: [Qhi] C:\WINDOWS\Ggr.exe
O4 - HKLM\..\Run: [Ahf] C:\WINDOWS\Adi.exe
O4 - HKLM\..\Run: [Pfm] C:\WINDOWS\Nfo.exe
O4 - HKLM\..\Run: [Mkj] C:\WINDOWS\SYSTEM\Mgg.exe
O4 - HKLM\..\Run: [Uao] C:\WINDOWS\Enc.exe
O4 - HKLM\..\Run: [Tdg] C:\WINDOWS\Hcs.exe
O4 - HKLM\..\Run: [Ihe] C:\WINDOWS\Hfm.exe
O4 - HKLM\..\Run: [Rkt] C:\WINDOWS\Odr.exe
O4 - HKLM\..\Run: [Ouf] C:\WINDOWS\SYSTEM\Dcd.exe
O4 - HKLM\..\Run: [Isa] C:\WINDOWS\SYSTEM\Lcv.exe
O4 - HKLM\..\Run: [Mga] C:\WINDOWS\SYSTEM\Ert.exe
O4 - HKLM\..\Run: [Gnr] C:\WINDOWS\Juc.exe
O4 - HKLM\..\Run: [Nvu] C:\WINDOWS\SYSTEM\Ecs.exe
O4 - HKLM\..\Run: [Vte] C:\WINDOWS\SYSTEM\Jap.exe
O4 - HKLM\..\Run: [Ovp] C:\WINDOWS\SYSTEM\Eed.exe
O4 - HKLM\..\Run: [Fjb] C:\WINDOWS\Gft.exe
O4 - HKLM\..\Run: [Iuv] C:\WINDOWS\SYSTEM\Ggg.exe
O4 - HKLM\..\Run: [Edh] C:\WINDOWS\Ngu.exe
O4 - HKLM\..\Run: [Smq] C:\WINDOWS\Nuq.exe
O4 - HKLM\..\Run: [Ukm] C:\WINDOWS\Aje.exe
O4 - HKLM\..\Run: [Olm] C:\WINDOWS\Hsf.exe
O4 - HKLM\..\Run: [Mse] C:\WINDOWS\Odi.exe
O4 - HKLM\..\Run: [Nuh] C:\WINDOWS\Kap.exe
O4 - HKLM\..\Run: [Nui] C:\WINDOWS\SYSTEM\Llb.exe
O4 - HKLM\..\Run: [Fpj] C:\WINDOWS\Dqc.exe
O4 - HKLM\..\Run: [Rhh] C:\WINDOWS\SYSTEM\Pmo.exe
O4 - HKLM\..\Run: [Kid] C:\WINDOWS\SYSTEM\Egq.exe
O4 - HKLM\..\Run: [Kls] C:\WINDOWS\Mhl.exe
O4 - HKLM\..\Run: [Rjf] C:\WINDOWS\SYSTEM\Ric.exe
O4 - HKLM\..\Run: [Tpe] C:\WINDOWS\Dal.exe
O4 - HKLM\..\Run: [Dth] C:\WINDOWS\SYSTEM\Sbj.exe
O4 - HKLM\..\Run: [Dsr] C:\WINDOWS\Bnq.exe
O4 - HKLM\..\Run: [Tmm] C:\WINDOWS\SYSTEM\Uup.exe
O4 - HKLM\..\Run: [Tgs] C:\WINDOWS\Osu.exe
O4 - HKLM\..\Run: [Nns] C:\WINDOWS\Ira.exe
O4 - HKLM\..\Run: [Asl] C:\WINDOWS\Rok.exe
O4 - HKLM\..\Run: [Lvc] C:\WINDOWS\SYSTEM\Bot.exe
O4 - HKLM\..\Run: [Vkm] C:\WINDOWS\SYSTEM\Omk.exe
O4 - HKLM\..\Run: [Tun] C:\WINDOWS\SYSTEM\Tdu.exe
O4 - HKLM\..\Run: [Pih] C:\WINDOWS\Abu.exe
O4 - HKLM\..\Run: [Rjc] C:\WINDOWS\Kbs.exe
O4 - HKLM\..\Run: [Ptv] C:\WINDOWS\Svi.exe
O4 - HKLM\..\Run: [Svf] C:\WINDOWS\SYSTEM\Vsu.exe
O4 - HKLM\..\Run: [Pos] C:\WINDOWS\Avr.exe
O4 - HKLM\..\Run: [Gub] C:\WINDOWS\SYSTEM\Asd.exe
O4 - HKLM\..\Run: [Eeu] C:\WINDOWS\SYSTEM\Dmv.exe
O4 - HKLM\..\Run: [Fqm] C:\WINDOWS\Doa.exe
O4 - HKLM\..\Run: [Jeg] C:\WINDOWS\Dos.exe
O4 - HKLM\..\Run: [Jbk] C:\WINDOWS\SYSTEM\Nmk.exe
O4 - HKLM\..\Run: [Lgq] C:\WINDOWS\Ieq.exe
O4 - HKLM\..\Run: [Tig] C:\WINDOWS\Nsj.exe
O4 - HKLM\..\Run: [Qbs] C:\WINDOWS\SYSTEM\Oct.exe
O4 - HKLM\..\Run: [Vuc] C:\WINDOWS\SYSTEM\Gar.exe
O4 - HKLM\..\Run: [Udt] C:\WINDOWS\Hhg.exe
O4 - HKLM\..\Run: [Kgu] C:\WINDOWS\Bgg.exe
O4 - HKLM\..\Run: [Cdm] C:\WINDOWS\Fos.exe
O4 - HKLM\..\Run: [Prj] C:\WINDOWS\SYSTEM\Vce.exe
O4 - HKLM\..\Run: [Llm] C:\WINDOWS\Juq.exe
O4 - HKLM\..\Run: [Hij] C:\WINDOWS\Hca.exe
O4 - HKLM\..\Run: [Pnh] C:\WINDOWS\Vmp.exe
O4 - HKLM\..\Run: [Rin] C:\WINDOWS\SYSTEM\Sel.exe
O4 - HKLM\..\Run: [Obo] C:\WINDOWS\SYSTEM\Bsp.exe
O4 - HKLM\..\Run: [Iff] C:\WINDOWS\Lvu.exe
O4 - HKLM\..\Run: [Ilb] C:\WINDOWS\Dfr.exe
O4 - HKLM\..\Run: [Mlg] C:\WINDOWS\Mvp.exe
O4 - HKLM\..\Run: [Vln] C:\WINDOWS\Hkn.exe
O4 - HKLM\..\Run: [Lqp] C:\WINDOWS\Rfl.exe
O4 - HKLM\..\Run: [Viu] C:\WINDOWS\SYSTEM\Ivr.exe
O4 - HKLM\..\Run: [Tcg] C:\WINDOWS\Uan.exe
O4 - HKLM\..\Run: [Mei] C:\WINDOWS\SYSTEM\Jrr.exe
O4 - HKLM\..\Run: [Tpj] C:\WINDOWS\SYSTEM\Htp.exe
O4 - HKLM\..\Run: [Mam] C:\WINDOWS\SYSTEM\Jlp.exe
O4 - HKLM\..\Run: [Bsr] C:\WINDOWS\Olr.exe
O4 - HKLM\..\Run: [Okd] C:\WINDOWS\Ark.exe
O4 - HKLM\..\Run: [Fmk] C:\WINDOWS\Ttk.exe
O4 - HKLM\..\Run: [Skr] C:\WINDOWS\SYSTEM\Ppl.exe
O4 - HKLM\..\Run: [Idc] C:\WINDOWS\SYSTEM\Spg.exe
O4 - HKLM\..\Run: [Hin] C:\WINDOWS\SYSTEM\Sab.exe
O4 - HKLM\..\Run: [Qmh] C:\WINDOWS\Vol.exe
O4 - HKLM\..\Run: [Mnv] C:\WINDOWS\SYSTEM\Uqr.exe
O4 - HKLM\..\Run: [Ugc] C:\WINDOWS\Goq.exe
O4 - HKLM\..\Run: [Rjr] C:\WINDOWS\SYSTEM\Hfc.exe
O4 - HKLM\..\Run: [Fsc] C:\WINDOWS\SYSTEM\Tcv.exe
O4 - HKLM\..\Run: [Tko] C:\WINDOWS\Iug.exe
O4 - HKLM\..\Run: [Ppc] C:\WINDOWS\Qkh.exe
O4 - HKLM\..\Run: [Tka] C:\WINDOWS\SYSTEM\Fds.exe
O4 - HKLM\..\Run: [Kkp] C:\WINDOWS\Evl.exe
O4 - HKLM\..\Run: [Mau] C:\WINDOWS\Vbe.exe
O4 - HKLM\..\Run: [Pcl] C:\WINDOWS\Pqv.exe
O4 - HKLM\..\Run: [Bmu] C:\WINDOWS\Cbq.exe
O4 - HKLM\..\Run: [Cuv] C:\WINDOWS\SYSTEM\Bjq.exe
O4 - HKLM\..\Run: [Ils] C:\WINDOWS\SYSTEM\Vlj.exe
O4 - HKLM\..\Run: [Ram] C:\WINDOWS\SYSTEM\Bcf.exe
O4 - HKLM\..\Run: [Geq] C:\WINDOWS\SYSTEM\Cek.exe
O4 - HKLM\..\Run: [Jji] C:\WINDOWS\Nml.exe
O4 - HKLM\..\Run: [Kcf] C:\WINDOWS\Qcr.exe
O4 - HKLM\..\Run: [Dgh] C:\WINDOWS\Ubq.exe
O4 - HKLM\..\Run: [Emg] C:\WINDOWS\Qer.exe
O4 - HKLM\..\Run: [Qoq] C:\WINDOWS\SYSTEM\Fvp.exe
O4 - HKLM\..\Run: [Ckt] C:\WINDOWS\SYSTEM\Gas.exe
O4 - HKLM\..\Run: [Guj] C:\WINDOWS\SYSTEM\Bjp.exe
O4 - HKLM\..\Run: [Hmk] C:\WINDOWS\SYSTEM\Unm.exe
O4 - HKLM\..\Run: [Sjp] C:\WINDOWS\Jrp.exe
O4 - HKLM\..\Run: [Odb] C:\WINDOWS\Fgb.exe
O4 - HKLM\..\Run: [Cho] C:\WINDOWS\Hrt.exe
O4 - HKLM\..\Run: [Gno] C:\WINDOWS\SYSTEM\Mbi.exe
O4 - HKLM\..\Run: [Uob] C:\WINDOWS\Huv.exe
O4 - HKLM\..\Run: [Pqt] C:\WINDOWS\Dkc.exe
O4 - HKLM\..\Run: [Uqi] C:\WINDOWS\Gds.exe
O4 - HKLM\..\Run: [Rsr] C:\WINDOWS\SYSTEM\Fid.exe
O4 - HKLM\..\Run: [Fjl] C:\WINDOWS\SYSTEM\Oot.exe
O4 - HKLM\..\Run: [Ill] C:\WINDOWS\SYSTEM\Blf.exe
O4 - HKLM\..\Run: [Ude] C:\WINDOWS\Jgm.exe
O4 - HKLM\..\Run: [Qbr] C:\WINDOWS\SYSTEM\Rdc.exe
O4 - HKLM\..\Run: [Avd] C:\WINDOWS\Vsk.exe
O4 - HKLM\..\Run: [Pat] C:\WINDOWS\Cco.exe
O4 - HKLM\..\Run: [Ihs] C:\WINDOWS\Pro.exe
O4 - HKLM\..\Run: [Oat] C:\WINDOWS\Rji.exe
O4 - HKLM\..\Run: [Hik] C:\WINDOWS\Uco.exe
O4 - HKLM\..\Run: [Kqt] C:\WINDOWS\Oun.exe
O4 - HKLM\..\Run: [Rme] C:\WINDOWS\SYSTEM\Ovl.exe
O4 - HKLM\..\Run: [Tdh] C:\WINDOWS\Qbk.exe
O4 - HKLM\..\Run: [Gsb] C:\WINDOWS\Sui.exe
O4 - HKLM\..\Run: [Qgg] C:\WINDOWS\SYSTEM\Psb.exe
O4 - HKLM\..\Run: [Blu] C:\WINDOWS\Rsg.exe
O4 - HKLM\..\Run: [Dds] C:\WINDOWS\SYSTEM\Rcf.exe
O4 - HKLM\..\Run: [Igq] C:\WINDOWS\SYSTEM\Ucc.exe
O4 - HKLM\..\Run: [Bmc] C:\WINDOWS\SYSTEM\Lto.exe
O4 - HKLM\..\Run: [Edq] C:\WINDOWS\Aga.exe
O4 - HKLM\..\Run: [Ehs] C:\WINDOWS\SYSTEM\Jkl.exe
O4 - HKLM\..\Run: [Thi] C:\WINDOWS\SYSTEM\Dqv.exe
O4 - HKLM\..\Run: [Bua] C:\WINDOWS\SYSTEM\Blv.exe
O4 - HKLM\..\Run: [Vug] C:\WINDOWS\Cpu.exe
O4 - HKLM\..\Run: [Kum] C:\WINDOWS\SYSTEM\Ghl.exe
O4 - HKLM\..\Run: [Pha] C:\WINDOWS\Hjj.exe
O4 - HKLM\..\Run: [Llo] C:\WINDOWS\SYSTEM\Osj.exe
O4 - HKLM\..\Run: [Iql] C:\WINDOWS\Qke.exe
O4 - HKLM\..\Run: [Tkp] C:\WINDOWS\Teo.exe
O4 - HKLM\..\Run: [Lvk] C:\WINDOWS\SYSTEM\Dtq.exe
O4 - HKLM\..\Run: [Mhn] C:\WINDOWS\SYSTEM\Orh.exe
O4 - HKLM\..\Run: [Vbe] C:\WINDOWS\Fat.exe
O4 - HKLM\..\Run: [Dll] C:\WINDOWS\SYSTEM\Fmn.exe
O4 - HKLM\..\Run: [Cpo] C:\WINDOWS\Hpi.exe
O4 - HKLM\..\Run: [Eoj] C:\WINDOWS\Nqj.exe
O4 - HKLM\..\Run: [Fhb] C:\WINDOWS\SYSTEM\Jvs.exe
O4 - HKLM\..\Run: [Fnl] C:\WINDOWS\Pnr.exe
O4 - HKLM\..\Run: [Ovn] C:\WINDOWS\SYSTEM\Vjl.exe
O4 - HKLM\..\Run: [Jer] C:\WINDOWS\Nje.exe
O4 - HKLM\..\Run: [Bij] C:\WINDOWS\Era.exe
O4 - HKLM\..\Run: [Rho] C:\WINDOWS\SYSTEM\Fir.exe
O4 - HKLM\..\Run: [Kfc] C:\WINDOWS\SYSTEM\Bep.exe
O4 - HKLM\..\Run: [Neo] C:\WINDOWS\Bqh.exe
O4 - HKLM\..\Run: [Toj] C:\WINDOWS\Isg.exe
O4 - HKLM\..\Run: [Rlv] C:\WINDOWS\SYSTEM\Vna.exe
O4 - HKLM\..\Run: [Ptg] C:\WINDOWS\Aqg.exe
O4 - HKLM\..\Run: [Dtp] C:\WINDOWS\Qsu.exe
O4 - HKLM\..\Run: [Vkl] C:\WINDOWS\Dnq.exe
O4 - HKLM\..\Run: [Sij] C:\WINDOWS\SYSTEM\Oog.exe
O4 - HKLM\..\Run: [Dfd] C:\WINDOWS\SYSTEM\Itv.exe
O4 - HKLM\..\Run: [Ugj] C:\WINDOWS\Sgn.exe
O4 - HKLM\..\Run: [Obq] C:\WINDOWS\Rmo.exe
O4 - HKLM\..\Run: [Gge] C:\WINDOWS\SYSTEM\Qvi.exe
O4 - HKLM\..\Run: [Jfr] C:\WINDOWS\SYSTEM\Qdn.exe
O4 - HKLM\..\Run: [Jbr] C:\WINDOWS\Hou.exe
O4 - HKLM\..\Run: [Nmt] C:\WINDOWS\SYSTEM\Qfv.exe
O4 - HKLM\..\Run: [Jta] C:\WINDOWS\SYSTEM\Ktn.exe
O4 - HKLM\..\Run: [Aev] C:\WINDOWS\SYSTEM\Ilo.exe
O4 - HKLM\..\Run: [Abr] C:\WINDOWS\Blo.exe
O4 - HKLM\..\Run: [Jcc] C:\WINDOWS\SYSTEM\Mjr.exe
O4 - HKLM\..\Run: [Ccr] C:\WINDOWS\SYSTEM\Rmb.exe
O4 - HKLM\..\Run: [Sem] C:\WINDOWS\SYSTEM\Sav.exe
O4 - HKLM\..\Run: [Vcq] C:\WINDOWS\SYSTEM\Akg.exe
O4 - HKLM\..\Run: [Seg] C:\WINDOWS\SYSTEM\Lag.exe
O4 - HKLM\..\Run: [Bpg] C:\WINDOWS\SYSTEM\Hfp.exe
O4 - HKLM\..\Run: [Fij] C:\WINDOWS\SYSTEM\Ker.exe
O4 - HKLM\..\Run: [Kjk] C:\WINDOWS\Tec.exe
O4 - HKLM\..\Run: [Tie] C:\WINDOWS\SYSTEM\Plm.exe
O4 - HKLM\..\Run: [Vqt] C:\WINDOWS\SYSTEM\Omp.exe
O4 - HKLM\..\Run: [Dgp] C:\WINDOWS\SYSTEM\Eos.exe
O4 - HKLM\..\Run: [Jgd] C:\WINDOWS\Onl.exe
O4 - HKLM\..\Run: [Her] C:\WINDOWS\SYSTEM\Ruf.exe
O4 - HKLM\..\Run: [Uma] C:\WINDOWS\Vqk.exe
O4 - HKLM\..\Run: [img]/images/forums/icons/mad.gif[/img] C:\WINDOWS\Mlk.exe
O4 - HKLM\..\Run: [Ivt] C:\WINDOWS\Qia.exe
O4 - HKLM\..\Run: [Gmm] C:\WINDOWS\Gkj.exe
O4 - HKLM\..\Run: [Aen] C:\WINDOWS\SYSTEM\Kog.exe
O4 - HKLM\..\Run: [Qnn] C:\WINDOWS\SYSTEM\Mcj.exe
O4 - HKLM\..\Run: [Hvb] C:\WINDOWS\SYSTEM\Ksh.exe
O4 - HKLM\..\Run: [Lep] C:\WINDOWS\Vlb.exe
O4 - HKLM\..\Run: [Mso] C:\WINDOWS\SYSTEM\Img.exe
O4 - HKLM\..\Run: [Sqn] C:\WINDOWS\Tui.exe
O4 - HKLM\..\Run: [Npp] C:\WINDOWS\Ltl.exe
O4 - HKLM\..\Run: [Occ] C:\WINDOWS\Pbg.exe
O4 - HKLM\..\Run: [Uch] C:\WINDOWS\SYSTEM\Ero.exe
O4 - HKLM\..\Run: [Frr] C:\WINDOWS\SYSTEM\Hth.exe
O4 - HKLM\..\Run: [Tha] C:\WINDOWS\SYSTEM\Ghr.exe
O4 - HKLM\..\Run: [Cvp] C:\WINDOWS\Vqv.exe
O4 - HKLM\..\Run: [Nsl] C:\WINDOWS\Rrg.exe
O4 - HKLM\..\Run: [Jqq] C:\WINDOWS\SYSTEM\Dat.exe
O4 - HKLM\..\Run: [Iga] C:\WINDOWS\Qra.exe
O4 - HKLM\..\Run: [Kla] C:\WINDOWS\SYSTEM\Moi.exe
O4 - HKLM\..\Run: [Pnj] C:\WINDOWS\Avo.exe
O4 - HKLM\..\Run: [Nbv] C:\WINDOWS\SYSTEM\Flk.exe
O4 - HKLM\..\Run: [Lpt] C:\WINDOWS\Qnt.exe
O4 - HKLM\..\Run: [Dps] C:\WINDOWS\Puv.exe
O4 - HKLM\..\Run: [Spc] C:\WINDOWS\SYSTEM\Koo.exe
O4 - HKLM\..\Run: [Asv] C:\WINDOWS\Iha.exe
O4 - HKLM\..\Run: [Icq] C:\WINDOWS\SYSTEM\Qou.exe
O4 - HKLM\..\Run: [Ecj] C:\WINDOWS\Dem.exe
O4 - HKLM\..\Run: [Rej] C:\WINDOWS\SYSTEM\Iqq.exe
O4 - HKLM\..\Run: [Cth] C:\WINDOWS\Cog.exe
O4 - HKLM\..\Run: [Ihr] C:\WINDOWS\SYSTEM\Dvj.exe
O4 - HKLM\..\Run: [Ggt] C:\WINDOWS\SYSTEM\Pps.exe
O4 - HKLM\..\Run: [Rsb] C:\WINDOWS\Qgi.exe
O4 - HKLM\..\Run: [Qsa] C:\WINDOWS\Kfp.exe
O4 - HKLM\..\Run: [Gab] C:\WINDOWS\Fth.exe
O4 - HKLM\..\Run: [Dee] C:\WINDOWS\Hbh.exe
O4 - HKLM\..\Run: [Ibs] C:\WINDOWS\Tqe.exe
O4 - HKLM\..\Run: [Ild] C:\WINDOWS\SYSTEM\Qpp.exe
O4 - HKLM\..\Run: [Cou] C:\WINDOWS\SYSTEM\Ura.exe
O4 - HKLM\..\Run: [Kvn] C:\WINDOWS\Kue.exe
O4 - HKLM\..\Run: [Iuq] C:\WINDOWS\Ere.exe
O4 - HKLM\..\Run: [Ril] C:\WINDOWS\SYSTEM\Rue.exe
O4 - HKLM\..\Run: [Tvq] C:\WINDOWS\Qjo.exe
O4 - HKLM\..\Run: [Lck] C:\WINDOWS\SYSTEM\Phd.exe
O4 - HKLM\..\Run: [Hgd] C:\WINDOWS\SYSTEM\Lfb.exe
O4 - HKLM\..\Run: [Ssp] C:\WINDOWS\Rni.exe
O4 - HKLM\..\Run: [Ejl] C:\WINDOWS\Oqf.exe
O4 - HKLM\..\Run: [Npl] C:\WINDOWS\SYSTEM\Gus.exe
O4 - HKLM\..\Run: [Bme] C:\WINDOWS\Hpm.exe
O4 - HKLM\..\Run: [Hvr] C:\WINDOWS\SYSTEM\Sev.exe
O4 - HKLM\..\Run: [Vmu] C:\WINDOWS\SYSTEM\Lqo.exe
O4 - HKLM\..\Run: [Akl] C:\WINDOWS\SYSTEM\Unm.exe
O4 - HKLM\..\Run: [Kpn] C:\WINDOWS\SYSTEM\Pcl.exe
O4 - HKLM\..\Run: [Cep] C:\WINDOWS\Tgg.exe
O4 - HKLM\..\Run: [Ppt] C:\WINDOWS\Dbr.exe
O4 - HKLM\..\Run: [Ccn] C:\WINDOWS\SYSTEM\Iti.exe
O4 - HKLM\..\Run: [Ice] C:\WINDOWS\SYSTEM\Ihq.exe
O4 - HKLM\..\Run: [Apk] C:\WINDOWS\Gkh.exe
O4 - HKLM\..\Run: [Akg] C:\WINDOWS\Mgq.exe
O4 - HKLM\..\Run: [Ohm] C:\WINDOWS\Reu.exe
O4 - HKLM\..\Run: [Dih] C:\WINDOWS\Ibk.exe
O4 - HKLM\..\Run: [Kcp] C:\WINDOWS\Ige.exe
O4 - HKLM\..\Run: [Bph] C:\WINDOWS\Vgj.exe
O4 - HKLM\..\Run: [Rem] C:\WINDOWS\Jla.exe
O4 - HKLM\..\Run: [Gfu] C:\WINDOWS\SYSTEM\Lru.exe
O4 - HKLM\..\Run: [Msg] C:\WINDOWS\Jsd.exe
O4 - HKLM\..\Run: [Sbi] C:\WINDOWS\Bml.exe
O4 - HKLM\..\Run: [Gij] C:\WINDOWS\SYSTEM\Jsr.exe
O4 - HKLM\..\Run: [Uip] C:\WINDOWS\SYSTEM\Qil.exe
O4 - HKLM\..\Run: [Jbm] C:\WINDOWS\Adm.exe
O4 - HKLM\..\Run: [Fdg] C:\WINDOWS\Mbp.exe
O4 - HKLM\..\Run: [Ber] C:\WINDOWS\SYSTEM\Dsn.exe
O4 - HKLM\..\Run: [Ggg] C:\WINDOWS\Gdc.exe
O4 - HKLM\..\Run: [Ihi] C:\WINDOWS\Ecp.exe
O4 - HKLM\..\Run: [Gdv] C:\WINDOWS\SYSTEM\Adp.exe
O4 - HKLM\..\Run: [Ptl] C:\WINDOWS\SYSTEM\Uim.exe
O4 - HKLM\..\Run: [Uvu] C:\WINDOWS\SYSTEM\Nph.exe
O4 - HKLM\..\Run: [Cqq] C:\WINDOWS\SYSTEM\Cbd.exe
O4 - HKLM\..\Run: [Fdm] C:\WINDOWS\Vub.exe
O4 - HKLM\..\Run: [Qgf] C:\WINDOWS\SYSTEM\Vel.exe
O4 - HKLM\..\Run: [Qfe] C:\WINDOWS\SYSTEM\Put.exe
O4 - HKLM\..\Run: [Pjg] C:\WINDOWS\SYSTEM\Ufg.exe
O4 - HKLM\..\Run: [Qot] C:\WINDOWS\SYSTEM\Bch.exe
O4 - HKLM\..\Run: [Eds] C:\WINDOWS\Eno.exe
O4 - HKLM\..\Run: [Mqs] C:\WINDOWS\SYSTEM\Nkm.exe
O4 - HKLM\..\Run: [Leq] C:\WINDOWS\Qek.exe
O4 - HKLM\..\Run: [Vvd] C:\WINDOWS\SYSTEM\Tqg.exe
O4 - HKLM\..\Run: [Fni] C:\WINDOWS\Rkr.exe
O4 - HKLM\..\Run: [Jfa] C:\WINDOWS\SYSTEM\Iha.exe
O4 - HKLM\..\Run: [Mpg] C:\WINDOWS\Pbt.exe
O4 - HKLM\..\Run: [Akr] C:\WINDOWS\Oga.exe
O4 - HKLM\..\Run: [Vdt] C:\WINDOWS\Neu.exe
O4 - HKLM\..\Run: [Fdd] C:\WINDOWS\SYSTEM\Jrv.exe
O4 - HKLM\..\Run: [Bpd] C:\WINDOWS\Mhl.exe
O4 - HKLM\..\Run: [Mld] C:\WINDOWS\SYSTEM\Ilf.exe
O4 - HKLM\..\Run: [Qtj] C:\WINDOWS\Kam.exe
O4 - HKLM\..\Run: [Jqs] C:\WINDOWS\Vgq.exe
O4 - HKLM\..\Run: [Bts] C:\WINDOWS\SYSTEM\Bke.exe
O4 - HKLM\..\Run: [Iks] C:\WINDOWS\SYSTEM\Nov.exe
O4 - HKLM\..\Run: [Dcp] C:\WINDOWS\Ala.exe
O4 - HKLM\..\Run: [Vrb] C:\WINDOWS\Bgh.exe
O4 - HKLM\..\Run: [Ops] C:\WINDOWS\SYSTEM\Hod.exe
O4 - HKLM\..\Run: [Loh] C:\WINDOWS\SYSTEM\Vpv.exe
O4 - HKLM\..\Run: [Spd] C:\WINDOWS\SYSTEM\Hgi.exe
O4 - HKLM\..\Run: [Pig] C:\WINDOWS\Fdp.exe
O4 - HKLM\..\Run: [Heq] C:\WINDOWS\SYSTEM\Akn.exe
O4 - HKLM\..\Run: [Sca] C:\WINDOWS\SYSTEM\Nml.exe
O4 - HKLM\..\Run: [Lgh] C:\WINDOWS\SYSTEM\Crk.exe
O4 - HKLM\..\Run: [Bsq] C:\WINDOWS\SYSTEM\Guk.exe
O4 - HKLM\..\Run: [Ali] C:\WINDOWS\Non.exe
O4 - HKLM\..\Run: [Nmv] C:\WINDOWS\Aov.exe
O4 - HKLM\..\Run: [Mtd] C:\WINDOWS\Uit.exe
O4 - HKLM\..\Run: [Bqt] C:\WINDOWS\Vvf.exe
O4 - HKLM\..\Run: [Qus] C:\WINDOWS\SYSTEM\Sfk.exe
O4 - HKLM\..\Run: [Ncv] C:\WINDOWS\Mms.exe
O4 - HKLM\..\Run: [Dko] C:\WINDOWS\SYSTEM\Vmv.exe
O4 - HKLM\..\Run: [Ims] C:\WINDOWS\SYSTEM\Sue.exe
O4 - HKLM\..\Run: [Ehv] C:\WINDOWS\SYSTEM\Mqn.exe
O4 - HKLM\..\Run: [Eid] C:\WINDOWS\SYSTEM\Gqo.exe
O4 - HKLM\..\Run: [Dug] C:\WINDOWS\Klg.exe
O4 - HKLM\..\Run: [Hel] C:\WINDOWS\SYSTEM\Csv.exe
O4 - HKLM\..\Run: [Qrm] C:\WINDOWS\Lpj.exe
O4 - HKLM\..\Run: [Jog] C:\WINDOWS\SYSTEM\Vbm.exe
O4 - HKLM\..\Run: [Ojo] C:\WINDOWS\SYSTEM\Gin.exe
O4 - HKLM\..\Run: [Ddv] C:\WINDOWS\Hfp.exe
O4 - HKLM\..\Run: [Qpa] C:\WINDOWS\SYSTEM\Mdg.exe
O4 - HKLM\..\Run: [Rgl] C:\WINDOWS\Ohk.exe
O4 - HKLM\..\Run: [Olu] C:\WINDOWS\SYSTEM\Cpe.exe
O4 - HKLM\..\Run: [Rrv] C:\WINDOWS\SYSTEM\Rjn.exe
O4 - HKLM\..\Run: [Bib] C:\WINDOWS\SYSTEM\Kul.exe
O4 - HKLM\..\Run: [Uoq] C:\WINDOWS\SYSTEM\Qvb.exe
O4 - HKLM\..\Run: [Qbm] C:\WINDOWS\Ego.exe
O4 - HKLM\..\Run: [Urm] C:\WINDOWS\Cjq.exe
O4 - HKLM\..\Run: [Gcs] C:\WINDOWS\Ubv.exe
O4 - HKLM\..\Run: [Lov] C:\WINDOWS\Oni.exe
O4 - HKLM\..\Run: [Kga] C:\WINDOWS\SYSTEM\Dvj.exe
O4 - HKLM\..\Run: [Usf] C:\WINDOWS\Sts.exe
O4 - HKLM\..\Run: [Nkp] C:\WINDOWS\Unc.exe
O4 - HKLM\..\Run: [Thl] C:\WINDOWS\SYSTEM\Noa.exe
O4 - HKLM\..\Run: [Mou] C:\WINDOWS\Odn.exe
O4 - HKLM\..\Run: [Nov] C:\WINDOWS\SYSTEM\Ajq.exe
O4 - HKLM\..\Run: [Diu] C:\WINDOWS\SYSTEM\Caq.exe
O4 - HKLM\..\Run: [Vmg] C:\WINDOWS\Scp.exe
O4 - HKLM\..\Run: [Njb] C:\WINDOWS\SYSTEM\Str.exe
O4 - HKLM\..\Run: [Fvn] C:\WINDOWS\SYSTEM\Vse.exe
O4 - HKLM\..\Run: [Cgs] C:\WINDOWS\SYSTEM\Tao.exe
O4 - HKLM\..\Run: [Aue] C:\WINDOWS\SYSTEM\Jrb.exe
O4 - HKLM\..\Run: [Taj] C:\WINDOWS\Vgi.exe
O4 - HKLM\..\Run: [Iqi] C:\WINDOWS\Tjt.exe
O4 - HKLM\..\Run: [Dup] C:\WINDOWS\SYSTEM\Oko.exe
O4 - HKLM\..\Run: [Gfr] C:\WINDOWS\SYSTEM\Gtn.exe
O4 - HKLM\..\Run: [Jqv] C:\WINDOWS\Uil.exe
O4 - HKLM\..\Run: [Ebo] C:\WINDOWS\Psn.exe
O4 - HKLM\..\Run: [Egr] C:\WINDOWS\SYSTEM\Keh.exe
O4 - HKLM\..\Run: [Qgd] C:\WINDOWS\SYSTEM\Pmr.exe
O4 - HKLM\..\Run: [Mph] C:\WINDOWS\SYSTEM\Ikq.exe
O4 - HKLM\..\Run: [Ljn] C:\WINDOWS\Rvr.exe
O4 - HKLM\..\Run: [Tbg] C:\WINDOWS\Nol.exe
O4 - HKLM\..\Run: [Dii] C:\WINDOWS\Fqe.exe
O4 - HKLM\..\Run: [Nkl] C:\WINDOWS\Jfn.exe
O4 - HKLM\..\Run: [Hvg] C:\WINDOWS\Cdi.exe
O4 - HKLM\..\Run: [Doi] C:\WINDOWS\SYSTEM\Mug.exe
O4 - HKLM\..\Run: [Slo] C:\WINDOWS\Jov.exe
O4 - HKLM\..\Run: [Kmu] C:\WINDOWS\SYSTEM\Pft.exe
O4 - HKLM\..\Run: [Mbk] C:\WINDOWS\SYSTEM\Drj.exe
O4 - HKLM\..\Run: [Hbn] C:\WINDOWS\SYSTEM\Klo.exe
O4 - HKLM\..\Run: [Cig] C:\WINDOWS\SYSTEM\Dpd.exe
O4 - HKLM\..\Run: [Qmq] C:\WINDOWS\SYSTEM\Mog.exe
O4 - HKLM\..\Run: [Fnr] C:\WINDOWS\SYSTEM\Fuh.exe
O4 - HKLM\..\Run: [Erq] C:\WINDOWS\Ppk.exe
O4 - HKLM\..\Run: [Mqp] C:\WINDOWS\Mpu.exe
O4 - HKLM\..\Run: [Vrl] C:\WINDOWS\SYSTEM\Sld.exe
O4 - HKLM\..\Run: [Efn] C:\WINDOWS\Mre.exe
O4 - HKLM\..\Run: [Iev] C:\WINDOWS\SYSTEM\Cpc.exe
O4 - HKLM\..\Run: [Ret] C:\WINDOWS\SYSTEM\Gkd.exe
O4 - HKLM\..\Run: [Nvk] C:\WINDOWS\SYSTEM\Its.exe
O4 - HKLM\..\Run: [Fsg] C:\WINDOWS\SYSTEM\Gam.exe
O4 - HKLM\..\Run: [Jhv] C:\WINDOWS\SYSTEM\Thj.exe
O4 - HKLM\..\Run: [Baa] C:\WINDOWS\Dsk.exe
O4 - HKLM\..\Run: [Grg] C:\WINDOWS\Pht.exe
O4 - HKLM\..\Run: [Lud] C:\WINDOWS\Nqa.exe
O4 - HKLM\..\Run: [Rfn] C:\WINDOWS\Bir.exe
O4 - HKLM\..\Run: [Ijn] C:\WINDOWS\SYSTEM\Rmq.exe
O4 - HKLM\..\Run: [Fsk] C:\WINDOWS\Gcr.exe
O4 - HKLM\..\Run: [Kvv] C:\WINDOWS\Jes.exe
O4 - HKLM\..\Run: [Cgq] C:\WINDOWS\SYSTEM\Kst.exe
O4 - HKLM\..\Run: [Sfb] C:\WINDOWS\Gjq.exe
O4 - HKLM\..\Run: [Oqf] C:\WINDOWS\SYSTEM\Inl.exe
O4 - HKLM\..\Run: [Jeq] C:\WINDOWS\Nju.exe
O4 - HKLM\..\Run: [Chb] C:\WINDOWS\SYSTEM\Afs.exe
O4 - HKLM\..\Run: [Qqi] C:\WINDOWS\SYSTEM\Hkc.exe
O4 - HKLM\..\Run: [Rmm] C:\WINDOWS\SYSTEM\Qaf.exe
O4 - HKLM\..\Run: [Eqg] C:\WINDOWS\SYSTEM\Jal.exe
O4 - HKLM\..\Run: [Usp] C:\WINDOWS\SYSTEM\Hbk.exe
O4 - HKLM\..\Run: [Pqp] C:\WINDOWS\Jdq.exe
O4 - HKLM\..\Run: [Elu] C:\WINDOWS\Kmh.exe
O4 - HKLM\..\Run: [Hea] C:\WINDOWS\Lal.exe
O4 - HKLM\..\Run: [Fur] C:\WINDOWS\Geh.exe
O4 - HKLM\..\Run: [Qvg] C:\WINDOWS\Ann.exe
O4 - HKLM\..\Run: [Kof] C:\WINDOWS\Keb.exe
O4 - HKLM\..\Run: [Bvu] C:\WINDOWS\Vko.exe
O4 - HKLM\..\Run: [Cpc] C:\WINDOWS\SYSTEM\Qhd.exe
O4 - HKLM\..\Run: [Sgo] C:\WINDOWS\SYSTEM\Obc.exe
O4 - HKLM\..\Run: [Enr] C:\WINDOWS\Rpf.exe
O4 - HKLM\..\Run: [Hje] C:\WINDOWS\SYSTEM\Avd.exe
O4 - HKLM\..\Run: [Thq] C:\WINDOWS\Cvk.exe
O4 - HKLM\..\Run: [Gav] C:\WINDOWS\Dgp.exe
O4 - HKLM\..\Run: [Qjp] C:\WINDOWS\Enn.exe
O4 - HKLM\..\Run: [Pot] C:\WINDOWS\Mtf.exe
O4 - HKLM\..\Run: [Hbk] C:\WINDOWS\SYSTEM\Dri.exe
O4 - HKLM\..\Run: [Hct] C:\WINDOWS\Tjk.exe
O4 - HKLM\..\Run: [Pdr] C:\WINDOWS\SYSTEM\Cis.exe
O4 - HKLM\..\Run: [Cac] C:\WINDOWS\Gvj.exe
O4 - HKLM\..\Run: [Lah] C:\WINDOWS\SYSTEM\Tjn.exe
O4 - HKLM\..\Run: [Qer] C:\WINDOWS\SYSTEM\Ncq.exe
O4 - HKLM\..\Run: [Qaj] C:\WINDOWS\Ung.exe
O4 - HKLM\..\Run: [Ebu] C:\WINDOWS\SYSTEM\Drj.exe
O4 - HKLM\..\Run: [Ttj] C:\WINDOWS\Cvk.exe
O4 - HKLM\..\Run: [Nqh] C:\WINDOWS\SYSTEM\Bvc.exe
O4 - HKLM\..\Run: [Tjo] C:\WINDOWS\SYSTEM\Smq.exe
O4 - HKLM\..\Run: [Soo] C:\WINDOWS\SYSTEM\Pcv.exe
O4 - HKLM\..\Run: [Kpv] C:\WINDOWS\SYSTEM\Gkk.exe
O4 - HKLM\..\Run: [Ebb] C:\WINDOWS\SYSTEM\Bth.exe
O4 - HKLM\..\Run: [Rdq] C:\WINDOWS\SYSTEM\Hst.exe
O4 - HKLM\..\Run: [Dms] C:\WINDOWS\SYSTEM\Kgo.exe
O4 - HKLM\..\Run: [Alv] C:\WINDOWS\Amd.exe
O4 - HKLM\..\Run: [Ofd] C:\WINDOWS\SYSTEM\Qnk.exe
O4 - HKLM\..\Run: [Glc] C:\WINDOWS\Jrs.exe
O4 - HKLM\..\Run: [Iop] C:\WINDOWS\SYSTEM\Dme.exe
O4 - HKLM\..\Run: [Fkf] C:\WINDOWS\Sbb.exe
O4 - HKLM\..\Run: [Jst] C:\WINDOWS\SYSTEM\Bpm.exe
O4 - HKLM\..\Run: [Lcu] C:\WINDOWS\Dsm.exe
O4 - HKLM\..\Run: [Pcg] C:\WINDOWS\SYSTEM\Vvp.exe
O4 - HKLM\..\Run: [Vek] C:\WINDOWS\SYSTEM\Eqp.exe
O4 - HKLM\..\Run: [Kia] C:\WINDOWS\Hie.exe
O4 - HKLM\..\Run: [Kmr] C:\WINDOWS\SYSTEM\Efu.exe
O4 - HKLM\..\Run: [Hsp] C:\WINDOWS\SYSTEM\Qhb.exe
O4 - HKLM\..\Run: [Eot] C:\WINDOWS\Sqd.exe
O4 - HKLM\..\Run: [Boq] C:\WINDOWS\SYSTEM\Ruf.exe
O4 - HKLM\..\Run: [Bio] C:\WINDOWS\Cgb.exe
O4 - HKLM\..\Run: [Ebq] C:\WINDOWS\Tne.exe
O4 - HKLM\..\Run: [Cnq] C:\WINDOWS\SYSTEM\Fom.exe
O4 - HKLM\..\Run: [Frm] C:\WINDOWS\SYSTEM\Lfe.e
Reply With Quote
  #6  
Old 11-04-05, 08:12
John_McKenna's Avatar
John_McKenna John_McKenna is offline
Global Moderator
 
Join Date: Jan 2004
Location: England
Posts: 8,153
Default Re: HijackThis log: another victim of top-search.u

After your last post I did a little research on this one and had a feeling the infected files would reappear.

Print these instructions or save them to notepad.

Kasperskey Anti-Virus apparently works at removing this infection.

Please empty the quarantine folders of any anti-virus or anti-spyware programs you may have and then empty your recycle bin.


Please download the trial version of Kapsperskey Anti-Virus from here:

here if you don't know how to do this.

Now Start a full system scan. Click on the protection tab and Choose *Scan My Computer*. When the scan has finished, click on *View reports* under the Protection tab.

When you go to View Reports, you will see a list. Rightclick on the report *Full Scan* and a menu opens: choose *export detailed report to file* which allows you to save the log. It defaults as a .csv file, but you can save it as .txt. Give it a name and click *save* to save the log and then close KAV.


Reboot into normal mode and post a fresh HijackThis log along with the KAV report (if not hideously long.




<hr width=100% size=1>Click Here if my help has been worthy of a Donation towards the fight against spyware.</font color=blue>[/b]

| <A target="_blank" HREF=http://www.bleepingcomputer.com/forums/index.php?showtutorial=43>Spybot Tutorial | | <A target="_blank" HREF=http://www.kaspersky.com/scanforvirus>Kaspersky File Scanner | | <A target="_blank" HREF=http://v4.windowsupdate.microsoft.com/>Windows Updates | Sygate | <A target="_blank" HREF=http://www.javacoolsoftware.com/sbdownload.html>Spywareblaster</A>



Reply With Quote
  #7  
Old 30-04-05, 17:58
thelauderdale thelauderdale is offline
Newbie
 
Join Date: Mar 2005
Posts: 8
Default Re: HijackThis log: another victim of top-search.u

I followed all of your instructions with Kasperskey. Here is the KAV log I saved at the end. I ran a fresh HijackThis log, but to call it hideously long would be an understatement. I can try posting it anyway if you think I should, though.


Statistics:
Task start time: 4/30/05 12:35:37 PM
Task completion time: 4/30/05 1:38:54 PM
Objects scanned: 83378
Viruses detected: 44
Viruses disinfected: 0
Objects deleted: 41
Objects quarantined: 0

Settings:
Objects to be scanned:
My Computer
If an infected object is found:
Perform recommended action
Scan level:
Maximum Protection
Objects to be excluded from the scan scope:
Option not used

Report:
C:\WINDOWS\DGO.EXE is infected with a virus Trojan-Clicker.Win32.Spywad.a 4/30/05 12:36:20 PM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run [Tav=C:\WINDOWS\Dgo.exe] is infected with a virus Registry: startUp link to C:\WINDOWS\DGO.EXE object with "Infected" verdict 4/30/05 12:36:20 PM
C:\WINDOWS\DGO.EXE moved to the backup storage 4/30/05 12:36:20 PM
C:\WINDOWS\DGO.EXE deleted 4/30/05 12:36:20 PM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run [Tav=C:\WINDOWS\Dgo.exe] deleted 4/30/05 12:36:20 PM
C:\WINDOWS\SYSTEM\COK.EXE is infected with a virus Trojan-Clicker.Win32.Spywad.a 4/30/05 12:36:21 PM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run [Bih=C:\WINDOWS\SYSTEM\Cok.exe] is infected with a virus Registry: startUp link to C:\WINDOWS\SYSTEM\COK.EXE object with "Infected" verdict 4/30/05 12:36:21 PM
C:\WINDOWS\SYSTEM\COK.EXE moved to the backup storage 4/30/05 12:36:21 PM
C:\WINDOWS\SYSTEM\COK.EXE cannot be deleted, write-protected 4/30/05 12:36:21 PM
C:\WINDOWS\SYSTEM\DPK.EXE is infected with a virus Trojan-Clicker.Win32.Spywad.a 4/30/05 12:36:38 PM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run [Gkn=C:\WINDOWS\SYSTEM\Dpk.exe] is infected with a virus Registry: startUp link to C:\WINDOWS\SYSTEM\DPK.EXE object with "Infected" verdict 4/30/05 12:36:38 PM
C:\WINDOWS\SYSTEM\DPK.EXE moved to the backup storage 4/30/05 12:36:38 PM
C:\WINDOWS\SYSTEM\DPK.EXE deleted 4/30/05 12:36:38 PM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run [Gkn=C:\WINDOWS\SYSTEM\Dpk.exe] deleted 4/30/05 12:36:38 PM
c:\q793090.exe is infected with a virus Trojan-Downloader.Win32.Small.alq 4/30/05 12:37:51 PM
c:\q793090.exe moved to the backup storage 4/30/05 12:37:51 PM
c:\q793090.exe deleted 4/30/05 12:37:51 PM
c:\WINDOWS\Kol.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:32 PM
c:\WINDOWS\Kol.html moved to the backup storage 4/30/05 12:39:33 PM
c:\WINDOWS\Kol.html deleted 4/30/05 12:39:33 PM
c:\WINDOWS\desktop.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:33 PM
c:\WINDOWS\desktop.html moved to the backup storage 4/30/05 12:39:33 PM
c:\WINDOWS\desktop.html deleted 4/30/05 12:39:33 PM
c:\WINDOWS\Ttt.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:33 PM
c:\WINDOWS\Ttt.html moved to the backup storage 4/30/05 12:39:33 PM
c:\WINDOWS\Ttt.html deleted 4/30/05 12:39:33 PM
c:\WINDOWS\Gei.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:33 PM
c:\WINDOWS\Gei.html moved to the backup storage 4/30/05 12:39:33 PM
c:\WINDOWS\Gei.html deleted 4/30/05 12:39:33 PM
c:\WINDOWS\Sbc.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:34 PM
c:\WINDOWS\Sbc.html moved to the backup storage 4/30/05 12:39:34 PM
c:\WINDOWS\Sbc.html deleted 4/30/05 12:39:34 PM
c:\WINDOWS\Hrf.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:34 PM
c:\WINDOWS\Hrf.html moved to the backup storage 4/30/05 12:39:34 PM
c:\WINDOWS\Hrf.html deleted 4/30/05 12:39:34 PM
c:\WINDOWS\Lni.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:34 PM
c:\WINDOWS\Lni.html moved to the backup storage 4/30/05 12:39:34 PM
c:\WINDOWS\Lni.html deleted 4/30/05 12:39:34 PM
c:\WINDOWS\Aju.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:34 PM
c:\WINDOWS\Aju.html moved to the backup storage 4/30/05 12:39:34 PM
c:\WINDOWS\Aju.html deleted 4/30/05 12:39:34 PM
c:\WINDOWS\Kmv.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:34 PM
c:\WINDOWS\Kmv.html moved to the backup storage 4/30/05 12:39:34 PM
c:\WINDOWS\Kmv.html deleted 4/30/05 12:39:34 PM
c:\WINDOWS\Vre.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:34 PM
c:\WINDOWS\Vre.html moved to the backup storage 4/30/05 12:39:35 PM
c:\WINDOWS\Vre.html deleted 4/30/05 12:39:35 PM
c:\WINDOWS\Hhm.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:35 PM
c:\WINDOWS\Hhm.html moved to the backup storage 4/30/05 12:39:35 PM
c:\WINDOWS\Hhm.html deleted 4/30/05 12:39:35 PM
c:\WINDOWS\Vbl.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:35 PM
c:\WINDOWS\Vbl.html moved to the backup storage 4/30/05 12:39:35 PM
c:\WINDOWS\Vbl.html deleted 4/30/05 12:39:35 PM
c:\WINDOWS\Lan.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:35 PM
c:\WINDOWS\Lan.html moved to the backup storage 4/30/05 12:39:35 PM
c:\WINDOWS\Lan.html deleted 4/30/05 12:39:35 PM
c:\WINDOWS\Sjc.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:35 PM
c:\WINDOWS\Sjc.html moved to the backup storage 4/30/05 12:39:35 PM
c:\WINDOWS\Sjc.html deleted 4/30/05 12:39:35 PM
c:\WINDOWS\Pjp.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:35 PM
c:\WINDOWS\Pjp.html moved to the backup storage 4/30/05 12:39:35 PM
c:\WINDOWS\Pjp.html deleted 4/30/05 12:39:35 PM
c:\WINDOWS\Gqm.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:36 PM
c:\WINDOWS\Gqm.html moved to the backup storage 4/30/05 12:39:36 PM
c:\WINDOWS\Gqm.html deleted 4/30/05 12:39:36 PM
c:\WINDOWS\Icn.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:36 PM
c:\WINDOWS\Icn.html moved to the backup storage 4/30/05 12:39:36 PM
c:\WINDOWS\Icn.html deleted 4/30/05 12:39:36 PM
c:\WINDOWS\Ped.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:36 PM
c:\WINDOWS\Ped.html moved to the backup storage 4/30/05 12:39:36 PM
c:\WINDOWS\Ped.html deleted 4/30/05 12:39:36 PM
c:\WINDOWS\Ler.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:36 PM
c:\WINDOWS\Ler.html moved to the backup storage 4/30/05 12:39:36 PM
c:\WINDOWS\Ler.html deleted 4/30/05 12:39:36 PM
c:\WINDOWS\Fnj.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:36 PM
c:\WINDOWS\Fnj.html moved to the backup storage 4/30/05 12:39:36 PM
c:\WINDOWS\Fnj.html deleted 4/30/05 12:39:36 PM
c:\WINDOWS\Rhq.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:36 PM
c:\WINDOWS\Rhq.html moved to the backup storage 4/30/05 12:39:37 PM
c:\WINDOWS\Rhq.html deleted 4/30/05 12:39:37 PM
c:\WINDOWS\Hen.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:37 PM
c:\WINDOWS\Hen.html moved to the backup storage 4/30/05 12:39:37 PM
c:\WINDOWS\Hen.html deleted 4/30/05 12:39:37 PM
c:\WINDOWS\Vjm.exe is infected with a virus Trojan-Clicker.Win32.Spywad.a 4/30/05 12:39:37 PM
c:\WINDOWS\Vjm.exe moved to the backup storage 4/30/05 12:39:37 PM
c:\WINDOWS\Vjm.exe deleted 4/30/05 12:39:37 PM
c:\WINDOWS\Rbc.exe is infected with a virus Trojan-Clicker.Win32.Spywad.a 4/30/05 12:39:37 PM
c:\WINDOWS\Rbc.exe moved to the backup storage 4/30/05 12:39:37 PM
c:\WINDOWS\Rbc.exe deleted 4/30/05 12:39:37 PM
c:\WINDOWS\Kts.html is infected with a virus Trojan-Clicker.Win32.Spywad.b 4/30/05 12:39:37 PM
c:\WINDOWS\Kts.html moved to the backup storage 4/30/05 12:39:37 PM
c:\WINDOWS\Kts.html deleted 4/30/05 12:39:37 PM
c:\WINDOWS\Psu.exe is infected with a virus Trojan-Clicker.Win32.Spywad.a 4/30/05 12:39:37 PM
c:\WINDOWS\Psu.exe moved to the backup storage 4/30/05 12:39:38 PM
c:\WINDOWS\Psu.exe deleted 4/30/05 12:39:38 PM
c:\WINDOWS\SYSTEM\mspxs32.dll is infected with a virus Trojan-Proxy.Win32.Tramal.b 4/30/05 12:57:20 PM
c:\WINDOWS\SYSTEM\mspxs32.dll moved to the backup storage 4/30/05 12:57:20 PM
c:\WINDOWS\SYSTEM\mspxs32.dll deleted 4/30/05 12:57:20 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ITSPI7K1\ul019[1].htm is infected with a virus Exploit.HTML.Mht 4/30/05 1:08:13 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ITSPI7K1\ul019[1].htm moved to the backup storage 4/30/05 1:08:14 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ITSPI7K1\ul019[1].htm deleted 4/30/05 1:08:14 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ITSPI7K1\loader[1].exe is infected with a virus Trojan-Downloader.Win32.Small.xa 4/30/05 1:08:32 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ITSPI7K1\loader[1].exe moved to the backup storage 4/30/05 1:08:32 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ITSPI7K1\loader[1].exe deleted 4/30/05 1:08:32 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\2XSQISNU\index[3].htm is infected with a virus Exploit.HTML.FileDownload 4/30/05 1:09:21 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\2XSQISNU\index[3].htm moved to the backup storage 4/30/05 1:09:21 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\2XSQISNU\index[3].htm deleted 4/30/05 1:09:21 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\2XSQISNU\on-line[2].exe is infected with a virus Trojan-Downloader.Win32.Small.amb 4/30/05 1:09:24 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\2XSQISNU\on-line[2].exe moved to the backup storage 4/30/05 1:09:24 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\2XSQISNU\on-line[2].exe deleted 4/30/05 1:09:24 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\2XSQISNU\7tN8zekHzIC-rdu5CUg[1].chm/on-line.exe is infected with a virus Trojan-Downloader.Win32.Small.amb 4/30/05 1:09:31 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\2XSQISNU\7tN8zekHzIC-rdu5CUg[1].chm object could not be disinfected, this action is prohibited for the given type of archives 4/30/05 1:09:31 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\2XSQISNU\7tN8zekHzIC-rdu5CUg[1].chm is infected with a virus Trojan-Downloader.Win32.Small.amb 4/30/05 1:09:31 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\2XSQISNU\on-line[1].exe is infected with a virus Trojan-Downloader.Win32.Small.amb 4/30/05 1:09:31 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\2XSQISNU\on-line[1].exe moved to the backup storage 4/30/05 1:09:32 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\2XSQISNU\on-line[1].exe deleted 4/30/05 1:09:32 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\KTERKX2B\hdplugin_1018_bundle37v 0d28[1].cab\HDPlugin1018.dll is infected with a virus not-a-virus:AdWare.Gator.1018 4/30/05 1:09:56 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\KTERKX2B\hdplugin_1018_bundle37v 0d28[1].cab moved to the backup storage 4/30/05 1:09:57 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\KTERKX2B\hdplugin_1018_bundle37v 0d28[1].cab\HDPlugin1018.dll deleted 4/30/05 1:09:57 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\KTERKX2B\arr3[1].jar\Counter.class is a Trojan Trojan.Java.ClassLoader.i 4/30/05 1:10:29 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\KTERKX2B\arr3[1].jar moved to the backup storage 4/30/05 1:10:30 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\KTERKX2B\arr3[1].jar\Counter.class deleted 4/30/05 1:10:30 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\KTERKX2B\arr3[1].jar\VerifierBug.class is a Trojan Trojan.Java.ClassLoader.k 4/30/05 1:10:30 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\KTERKX2B\arr3[1].jar\VerifierBug.class deleted 4/30/05 1:10:30 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\KTERKX2B\arr3[1].jar\Beyond.class is a Trojan Trojan.Java.ClassLoader.k 4/30/05 1:10:30 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\KTERKX2B\arr3[1].jar\Beyond.class deleted 4/30/05 1:10:30 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ARJ9J7I3\ah2g_5DeO8YA_-jYYK4[1].chm/on-line.exe is infected with a virus Trojan-Downloader.Win32.Small.amb 4/30/05 1:11:21 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ARJ9J7I3\ah2g_5DeO8YA_-jYYK4[1].chm object could not be disinfected, this action is prohibited for the given type of archives 4/30/05 1:11:21 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ARJ9J7I3\ah2g_5DeO8YA_-jYYK4[1].chm is infected with a virus Trojan-Downloader.Win32.Small.amb 4/30/05 1:11:21 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ARJ9J7I3\index[2].htm is infected with a virus Exploit.HTML.FileDownload 4/30/05 1:11:33 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ARJ9J7I3\index[2].htm moved to the backup storage 4/30/05 1:11:33 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ARJ9J7I3\index[2].htm deleted 4/30/05 1:11:33 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ARJ9J7I3\ul019[1].htm is infected with a virus Exploit.HTML.Mht 4/30/05 1:11:41 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ARJ9J7I3\ul019[1].htm moved to the backup storage 4/30/05 1:11:41 PM
c:\WINDOWS\Temporary Internet Files\Content.IE5\ARJ9J7I3\ul019[1].htm deleted 4/30/05 1:11:41 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\arrow1.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\arrow2.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bck1.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bck2.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt11.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt12.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt13.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt21.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt22.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt23.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt31.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt32.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt33.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt41.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt42.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt43.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt51.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt52.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt53.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt61.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\bt62.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\checkbox1.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\checkbox2.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\checkbox3.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\checkbox4.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\default.skn password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\defbtn1.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\defbtn2.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\defbtn3.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\glyph1.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\glyph2.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\glyph3.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\glyph4.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\glyph5.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\glyph6.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\glyph7.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\main.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\preview.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\sprite1.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\tab1.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\aawsepersonal.exe/WISE0022.BIN\tab2.bmp password protected, has not been processed 4/30/05 1:35:30 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck2.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\default.skn password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp password protected, has not been processed 4/30/05 1:37:02 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp password protected, has not been processed 4/30/05 1:37:03 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\tab1.bmp password protected, has not been processed 4/30/05 1:37:03 PM
c:\Computer Protection\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\tab2.bmp password protected, has not been processed 4/30/05 1:37:03 PM


<hr width=100% size=1>
Reply With Quote
  #8  
Old 30-04-05, 19:15
John_McKenna's Avatar
John_McKenna John_McKenna is offline
Global Moderator
 
Join Date: Jan 2004
Location: England
Posts: 8,153
Default Re: HijackThis log: another victim of top-search.u

What took you so long? [img]/images/forums/icons/smile.gif[/img]

We now have a proper fix for this you'll be glad to know.

Please just post the top section (running processes) of the HijackThis log. I need to make sure a running process which is the root of the infection hasn't morphed since your last log was posted.


<hr width=100% size=1>CLICK HERE AND CONSIDER DONATING IF I'VE HELPED YOU.</font color=blue>[/b]


Reply With Quote
  #9  
Old 01-05-05, 18:23
thelauderdale thelauderdale is offline
Newbie
 
Join Date: Mar 2005
Posts: 8
Default Re: HijackThis log: another victim of top-search.u

I was being a wimp. Thank you so much for your help on this.


Logfile of HijackThis v1.99.1
Scan saved at 2:15:21 PM, on 5/1/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRA~1\NETROPA\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\COMPUTER PROTECTION\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\FREXT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.top-search.us/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.top-search.us/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.top-search.us/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top-search.us/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.top-search.us/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.top-search.us/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.top-search.us/index.html
F1 - win.ini: run=hpfsched
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\COMPUT~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\SYSTEM\MSPXS32.DLL (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [PiDunHk] "C:\PROGRAM FILES\PRODINET\BIN\PIDUNHK.EXE"
O4 - HKLM\..\Run: [Ehr] C:\WINDOWS\SYSTEM\Fcb.exe
O4 - HKLM\..\Run: [Win32 Time Zone] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKLM\..\Run: [Ftf] C:\WINDOWS\SYSTEM\Lkd.exe
O4 - HKLM\..\Run: [Vvf] C:\WINDOWS\SYSTEM\Jlv.exe
O4 - HKLM\..\Run: [Cuq] C:\WINDOWS\Kus.exe
O4 - HKLM\..\Run: [Khb] C:\WINDOWS\Cpn.exe
O4 - HKLM\..\Run: [Qki] C:\WINDOWS\SYSTEM\Cli.exe
O4 - HKLM\..\Run: [Tcr] C:\WINDOWS\Bdg.exe
O4 - HKLM\..\Run: [Scc] C:\WINDOWS\Hlc.exe
O4 - HKLM\..\Run: [Jad] C:\WINDOWS\Lcf.exe
O4 - HKLM\..\Run: [Olk] C:\WINDOWS\Jnb.exe
O4 - HKLM\..\Run: [Efe] C:\WINDOWS\SYSTEM\Oqg.exe
O4 - HKLM\..\Run: [Crf] C:\WINDOWS\Flq.exe
O4 - HKLM\..\Run: [Eso] C:\WINDOWS\SYSTEM\Ejh.exe
O4 - HKLM\..\Run: [Khl] C:\WINDOWS\Ani.exe
O4 - HKLM\..\Run: [Cga] C:\WINDOWS\SYSTEM\Frf.exe
O4 - HKLM\..\Run: [Job] C:\WINDOWS\Hne.exe
O4 - HKLM\..\Run: [Vjs] C:\WINDOWS\SYSTEM\Fnb.exe
O4 - HKLM\..\Run: [Set] C:\WINDOWS\SYSTEM\Elm.exe
O4 - HKLM\..\Run: [Ihl] C:\WINDOWS\SYSTEM\Vms.exe
O4 - HKLM\..\Run: [Nco] C:\WINDOWS\SYSTEM\Jop.exe
O4 - HKLM\..\Run: [Rou] C:\WINDOWS\Agf.exe

...etc. for about 57 pages.

(And I'm all about making a donation, though Paypal makes me a little nervous. This has already been a great help.)

<hr width=100% size=1>
Reply With Quote
  #10  
Old 01-05-05, 20:40
John_McKenna's Avatar
John_McKenna John_McKenna is offline
Global Moderator
 
Join Date: Jan 2004
Location: England
Posts: 8,153
Default Re: HijackThis log: another victim of top-search.u

It looks like Kasperskey and Microsoft AS have taken care of the reinfector.

There should be a 3 letter .exe present in the running processes like in yoyr first log (KOO.EXE).

This is going to take you a while but it should just be a case of removing all the random 3 letter .exe's which have infested your HijackThis log.


Please run HJT again and place a check before the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.top-search.us/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.top-search.us/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.top-search.us/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top-search.us/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.top-search.us/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.top-search.us/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.top-search.us/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.top-search.us/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.top-search.us/index.html
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINDOWS\SYSTEM\MSPXS32.DLL (file missing)
O4 - HKLM\..\Run: [Ehr] C:\WINDOWS\SYSTEM\Fcb.exe
O4 - HKLM\..\Run: [Win32 Time Zone] C:\WINDOWS\SYSTEM\explorer32.exe
O4 - HKLM\..\Run: [Ftf] C:\WINDOWS\SYSTEM\Lkd.exe
O4 - HKLM\..\Run: [Vvf] C:\WINDOWS\SYSTEM\Jlv.exe
O4 - HKLM\..\Run: [Cuq] C:\WINDOWS\Kus.exe
O4 - HKLM\..\Run: [Khb] C:\WINDOWS\Cpn.exe
O4 - HKLM\..\Run: [Qki] C:\WINDOWS\SYSTEM\Cli.exe
O4 - HKLM\..\Run: [Tcr] C:\WINDOWS\Bdg.exe
O4 - HKLM\..\Run: [Scc] C:\WINDOWS\Hlc.exe
O4 - HKLM\..\Run: [Jad] C:\WINDOWS\Lcf.exe
O4 - HKLM\..\Run: [Olk] C:\WINDOWS\Jnb.exe
O4 - HKLM\..\Run: [Efe] C:\WINDOWS\SYSTEM\Oqg.exe
O4 - HKLM\..\Run: [Crf] C:\WINDOWS\Flq.exe
O4 - HKLM\..\Run: [Eso] C:\WINDOWS\SYSTEM\Ejh.exe
O4 - HKLM\..\Run: [Khl] C:\WINDOWS\Ani.exe
O4 - HKLM\..\Run: [Cga] C:\WINDOWS\SYSTEM\Frf.exe
O4 - HKLM\..\Run: [Job] C:\WINDOWS\Hne.exe
O4 - HKLM\..\Run: [Vjs] C:\WINDOWS\SYSTEM\Fnb.exe
O4 - HKLM\..\Run: [Set] C:\WINDOWS\SYSTEM\Elm.exe
O4 - HKLM\..\Run: [Ihl] C:\WINDOWS\SYSTEM\Vms.exe
O4 - HKLM\..\Run: [Nco] C:\WINDOWS\SYSTEM\Jop.exe
O4 - HKLM\..\Run: [Rou] C:\WINDOWS\Agf.exe
<font color=red>Plus all the other random 3 letter .exe's!!</font color=red>

When all have been checkmarked, close ALL OPEN WINDOWS/BROWSERS and click Fix Checked.


Reboot into Safe Mode. Find and delete the following file in bold:

C:\WINDOWS\SYSTEM\explorer32.exe &lt;--Note the 32. DO NOT delete explorer.exe


Reboot again and post a fresh log please.

NOTE: The reason the HJT log is so massive now is that you left the infection to breed. Please fix this asap or it will get further out of hand eventually crashing the entire system.

<hr width=100% size=1>CLICK HERE AND CONSIDER DONATING IF I'VE HELPED YOU.</font color=blue>[/b]


<P ID="edit"><FONT SIZE=-1>Edited by John_McKenna on 01/05/2005 21:42 (server time).</FONT></P>
Reply With Quote
Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


Search the forum

Search

© Dennis Publishing Limited Licensed by Felden





All times are GMT. The time now is 10:04.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright Dennis Publishing 2010, All rights reserved