Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

All my experts are baffled by this Hijack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby njustice » March 26th, 2005, 7:43 am

Download CW-Shredder at the link below:
http://cwshredder.net/bin/CWShredder.exe

Download 'SpSeHjfix'. into a folder.

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

Run CWShredder - Hit The FIX button!

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.
njustice
Regular Member
 
Posts: 108
Joined: February 24th, 2005, 2:55 pm
Advertisement
Register to Remove

Unread postby jbhlaw » March 28th, 2005, 11:00 am

Check and check. (I already had loaded CWShredder from a previous post). The requested logs are as follows:

SpSeHjfix log:


(3/28/05 8:27:12 AM) SPSeHjFix started v1.1.0
(3/28/05 8:27:12 AM) OS: WinXP Service Pack 1 (5.1.2600)
(3/28/05 8:27:12 AM) Language: english
(3/28/05 8:27:16 AM) Disinfect started
(3/28/05 8:27:16 AM) Bad-Dll(IEP): (not found)
(3/28/05 8:27:16 AM) Bad-Dll(IEP) in BHO: (not found)
(3/28/05 8:27:16 AM) Searchassistant Uninstaller found: Error
(3/28/05 8:27:16 AM) Searchassistant Uninstaller - Keys Deleted
(3/28/05 8:27:16 AM) UBF: 7
(3/28/05 8:27:16 AM) UBB: 3
(3/28/05 8:27:16 AM) UBR: 1243
(3/28/05 8:27:16 AM) Bad IE-pages:
(3/28/05 8:27:20 AM) Temp-Files delete on Reboot
(3/28/05 8:27:20 AM) File added to delete: c:\docume~1\johnbh~1\locals~1\temp\~dfc47c.tmp
(3/28/05 8:27:20 AM) File added to delete: c:\docume~1\johnbh~1\locals~1\temp\adobe
(3/28/05 8:27:20 AM) File added to delete: c:\docume~1\johnbh~1\locals~1\temp\adobe\acrobat
(3/28/05 8:27:20 AM) File added to delete: c:\docume~1\johnbh~1\locals~1\temp\history
(3/28/05 8:27:20 AM) File added to delete: c:\docume~1\johnbh~1\locals~1\temp\msohtml1
(3/28/05 8:27:20 AM) File added to delete: c:\docume~1\johnbh~1\locals~1\temp\temporary internet files
(3/28/05 8:27:20 AM) File added to delete: c:\docume~1\johnbh~1\locals~1\temp\temporary internet files\content.ie5
(3/28/05 8:27:20 AM) Reboot


HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:59:32 AM, on 3/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\Nvc.exe
C:\winnt\system32\swcroot.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bodog.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Vtc] C:\WINNT\Vjp.exe
O4 - HKLM\..\Run: [Rib] C:\WINNT\System32\Rei.exe
O4 - HKLM\..\Run: [Qhb] C:\WINNT\System32\Kcn.exe
O4 - HKLM\..\Run: [Klv] C:\WINNT\System32\Hpv.exe
O4 - HKLM\..\Run: [Eoq] C:\WINNT\System32\Jjd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Mge] C:\WINNT\Dnt.exe
O4 - HKLM\..\Run: [Scj] C:\WINNT\Btb.exe
O4 - HKLM\..\Run: [Lqu] C:\WINNT\System32\Lus.exe
O4 - HKLM\..\Run: [Nas] C:\WINNT\Jlo.exe
O4 - HKLM\..\Run: [Tph] C:\WINNT\Ebs.exe
O4 - HKLM\..\Run: [Dru] C:\WINNT\System32\Kmd.exe
O4 - HKLM\..\Run: [Vnm] C:\WINNT\System32\Amv.exe
O4 - HKLM\..\Run: [Ono] C:\WINNT\System32\Vhs.exe
O4 - HKLM\..\Run: [Qqm] C:\WINNT\Qls.exe
O4 - HKLM\..\Run: [Onl] C:\WINNT\System32\Lro.exe
O4 - HKLM\..\Run: [Bco] C:\WINNT\Dan.exe
O4 - HKLM\..\Run: [Cqa] C:\WINNT\System32\Crj.exe
O4 - HKLM\..\Run: [Mie] C:\WINNT\Utv.exe
O4 - HKLM\..\Run: [San] C:\WINNT\System32\Ggm.exe
O4 - HKLM\..\Run: [Odl] C:\WINNT\System32\Vke.exe
O4 - HKLM\..\Run: [Igg] C:\WINNT\Fot.exe
O4 - HKLM\..\Run: [Eoc] C:\WINNT\System32\Fik.exe
O4 - HKLM\..\Run: [Hfg] C:\WINNT\System32\Ctk.exe
O4 - HKLM\..\Run: [Rfq] C:\WINNT\System32\Jpu.exe
O4 - HKLM\..\Run: [Lkj] C:\WINNT\Qfo.exe
O4 - HKLM\..\Run: [Use] C:\WINNT\System32\Rvb.exe
O4 - HKLM\..\Run: [Gkq] C:\WINNT\System32\Qnj.exe
O4 - HKLM\..\Run: [Mkb] C:\WINNT\Qpa.exe
O4 - HKLM\..\Run: [Fsj] C:\WINNT\Cet.exe
O4 - HKLM\..\Run: [Rue] C:\WINNT\Fqp.exe
O4 - HKLM\..\Run: [Out] C:\WINNT\Ovk.exe
O4 - HKLM\..\Run: [Vkf] C:\WINNT\Etu.exe
O4 - HKLM\..\Run: [Qvk] C:\WINNT\System32\Iej.exe
O4 - HKLM\..\Run: [Ose] C:\WINNT\System32\Dhh.exe
O4 - HKLM\..\Run: [Iqf] C:\WINNT\Kpn.exe
O4 - HKLM\..\Run: [Bmn] C:\WINNT\System32\Vkj.exe
O4 - HKLM\..\Run: [Jtq] C:\WINNT\Pfs.exe
O4 - HKLM\..\Run: [Pcg] C:\WINNT\Bmt.exe
O4 - HKLM\..\Run: [Kjr] C:\WINNT\Sbg.exe
O4 - HKLM\..\Run: [Vrp] C:\WINNT\System32\Bhs.exe
O4 - HKLM\..\Run: [Oir] C:\WINNT\System32\Flp.exe
O4 - HKLM\..\Run: [Jes] C:\WINNT\System32\Ecg.exe
O4 - HKLM\..\Run: [Gam] C:\WINNT\Dkc.exe
O4 - HKLM\..\Run: [Mij] C:\WINNT\Dtj.exe
O4 - HKLM\..\Run: [Kif] C:\WINNT\System32\Kmv.exe
O4 - HKLM\..\Run: [Acb] C:\WINNT\System32\Daq.exe
O4 - HKLM\..\Run: [Kbl] C:\WINNT\Sut.exe
O4 - HKLM\..\Run: [Dan] C:\WINNT\Ulr.exe
O4 - HKLM\..\Run: [Ofg] C:\WINNT\System32\Imf.exe
O4 - HKLM\..\Run: [Map] C:\WINNT\Rir.exe
O4 - HKLM\..\Run: [Oim] C:\WINNT\System32\Fio.exe
O4 - HKLM\..\Run: [Pku] C:\WINNT\System32\Bvl.exe
O4 - HKLM\..\Run: [Dsp] C:\WINNT\Auf.exe
O4 - HKLM\..\Run: [Gtr] C:\WINNT\System32\Lfn.exe
O4 - HKLM\..\Run: [Mmh] C:\WINNT\System32\Mrj.exe
O4 - HKLM\..\Run: [Pbk] C:\WINNT\System32\Cih.exe
O4 - HKLM\..\Run: [Unu] C:\WINNT\Rra.exe
O4 - HKLM\..\Run: [Gbk] C:\WINNT\Tsb.exe
O4 - HKLM\..\Run: [Thb] C:\WINNT\System32\Mih.exe
O4 - HKLM\..\Run: [Mlg] C:\WINNT\System32\Ane.exe
O4 - HKLM\..\Run: [Eas] C:\WINNT\Pss.exe
O4 - HKLM\..\Run: [Ghj] C:\WINNT\System32\Ame.exe
O4 - HKLM\..\Run: [Mhk] C:\WINNT\System32\Iuq.exe
O4 - HKLM\..\Run: [Ele] C:\WINNT\System32\Ack.exe
O4 - HKLM\..\Run: [Vca] C:\WINNT\Brp.exe
O4 - HKLM\..\Run: [Thp] C:\WINNT\System32\Iup.exe
O4 - HKLM\..\Run: [Tgh] C:\WINNT\System32\Bmp.exe
O4 - HKLM\..\Run: [Skm] C:\WINNT\System32\Dmk.exe
O4 - HKLM\..\Run: [Dua] C:\WINNT\System32\Roe.exe
O4 - HKLM\..\Run: [Uth] C:\WINNT\System32\Ckv.exe
O4 - HKLM\..\Run: [Gnt] C:\WINNT\System32\Isj.exe
O4 - HKLM\..\Run: [Eek] C:\WINNT\Qja.exe
O4 - HKLM\..\Run: [Tul] C:\WINNT\System32\Ccs.exe
O4 - HKLM\..\Run: [Knp] C:\WINNT\Plm.exe
O4 - HKLM\..\Run: [Hvu] C:\WINNT\Snl.exe
O4 - HKLM\..\Run: [Njd] C:\WINNT\System32\Ier.exe
O4 - HKLM\..\Run: [Qsc] C:\WINNT\System32\Fmr.exe
O4 - HKLM\..\Run: [Kth] C:\WINNT\System32\Kdb.exe
O4 - HKLM\..\Run: [Ubg] C:\WINNT\Nds.exe
O4 - HKLM\..\Run: [Utn] C:\WINNT\Bmi.exe
O4 - HKLM\..\Run: [Uhi] C:\WINNT\Urj.exe
O4 - HKLM\..\Run: [Voq] C:\WINNT\System32\Spc.exe
O4 - HKLM\..\Run: [Loc] C:\WINNT\Fni.exe
O4 - HKLM\..\Run: [Qel] C:\WINNT\Qdv.exe
O4 - HKLM\..\Run: [Olh] C:\WINNT\Kjk.exe
O4 - HKLM\..\Run: [Hrp] C:\WINNT\System32\Clh.exe
O4 - HKLM\..\Run: [Tdr] C:\WINNT\Lpl.exe
O4 - HKLM\..\Run: [Kuo] C:\WINNT\System32\Ojv.exe
O4 - HKLM\..\Run: [Ddm] C:\WINNT\System32\Qbq.exe
O4 - HKLM\..\Run: [Pdg] C:\WINNT\System32\Qbq.exe
O4 - HKLM\..\Run: [Pml] C:\WINNT\System32\Rnm.exe
O4 - HKLM\..\Run: [Elt] C:\WINNT\Uqv.exe
O4 - HKLM\..\Run: [Lqk] C:\WINNT\Erc.exe
O4 - HKLM\..\Run: [Jbd] C:\WINNT\System32\Shg.exe
O4 - HKLM\..\Run: [Iba] C:\WINNT\System32\Egk.exe
O4 - HKLM\..\Run: [Ube] C:\WINNT\System32\Plg.exe
O4 - HKLM\..\Run: [Nrc] C:\WINNT\Ulq.exe
O4 - HKLM\..\Run: [Lrb] C:\WINNT\System32\Uam.exe
O4 - HKLM\..\Run: [Sdm] C:\WINNT\System32\Mjo.exe
O4 - HKLM\..\Run: [Kto] C:\WINNT\Tfr.exe
O4 - HKLM\..\Run: [Mft] C:\WINNT\Tdc.exe
O4 - HKLM\..\Run: [Nvg] C:\WINNT\System32\Fpl.exe
O4 - HKLM\..\Run: [Isr] C:\WINNT\Ofv.exe
O4 - HKLM\..\Run: [Ckf] C:\WINNT\System32\Fvj.exe
O4 - HKLM\..\Run: [Aih] C:\WINNT\Qun.exe
O4 - HKLM\..\Run: [Kpf] C:\WINNT\System32\Llg.exe
O4 - HKLM\..\Run: [Avl] C:\WINNT\System32\Lkr.exe
O4 - HKLM\..\Run: [Prg] C:\WINNT\Rki.exe
O4 - HKLM\..\Run: [Ivi] C:\WINNT\Jhv.exe
O4 - HKLM\..\Run: [Imb] C:\WINNT\Gkq.exe
O4 - HKLM\..\Run: [Cqg] C:\WINNT\Idn.exe
O4 - HKLM\..\Run: [Afk] C:\WINNT\System32\Qjd.exe
O4 - HKLM\..\Run: [Mbt] C:\WINNT\Cuh.exe
O4 - HKLM\..\Run: [Pps] C:\WINNT\System32\Tgc.exe
O4 - HKLM\..\Run: [Bjd] C:\WINNT\Rkb.exe
O4 - HKLM\..\Run: [Eil] C:\WINNT\Hnm.exe
O4 - HKLM\..\Run: [Nht] C:\WINNT\System32\Tio.exe
O4 - HKLM\..\Run: [Dsq] C:\WINNT\System32\Hlo.exe
O4 - HKLM\..\Run: [Ree] C:\WINNT\Obp.exe
O4 - HKLM\..\Run: [Kfb] C:\WINNT\System32\Iuv.exe
O4 - HKLM\..\Run: [Ahl] C:\WINNT\Ckb.exe
O4 - HKLM\..\Run: [Mip] C:\WINNT\Icq.exe
O4 - HKLM\..\Run: [Hnh] C:\WINNT\Jbv.exe
O4 - HKLM\..\Run: [Uup] C:\WINNT\Kal.exe
O4 - HKLM\..\Run: [Mrs] C:\WINNT\System32\Dpg.exe
O4 - HKLM\..\Run: [Efj] C:\WINNT\System32\Nvc.exe
O4 - HKLM\..\Run: [Bgp] C:\WINNT\System32\Mav.exe
O4 - HKLM\..\Run: [Luv] C:\WINNT\Kte.exe
O4 - HKLM\..\Run: [Btr] C:\WINNT\Ubb.exe
O4 - HKLM\..\Run: [Umh] C:\WINNT\System32\Vgb.exe
O4 - HKLM\..\Run: [Ufh] C:\WINNT\Iel.exe
O4 - HKLM\..\Run: [Oiq] C:\WINNT\Moh.exe
O4 - HKLM\..\Run: [Che] C:\WINNT\Nle.exe
O4 - HKLM\..\Run: [Nrd] C:\WINNT\System32\Quh.exe
O4 - HKLM\..\Run: [Uvg] C:\WINNT\System32\Psk.exe
O4 - HKLM\..\Run: [Nhr] C:\WINNT\Iqa.exe
O4 - HKLM\..\Run: [Eod] C:\WINNT\System32\Jqo.exe
O4 - HKLM\..\Run: [Cpf] C:\WINNT\System32\Fho.exe
O4 - HKLM\..\Run: [Aqh] C:\WINNT\Nbc.exe
O4 - HKLM\..\Run: [Clk] C:\WINNT\System32\Mpg.exe
O4 - HKLM\..\Run: [Osk] C:\WINNT\System32\Dbh.exe
O4 - HKLM\..\Run: [Qkb] C:\WINNT\System32\Msf.exe
O4 - HKLM\..\Run: [Kno] C:\WINNT\System32\Jel.exe
O4 - HKLM\..\Run: [Toh] C:\WINNT\System32\Ltb.exe
O4 - HKLM\..\Run: [Djh] C:\WINNT\Lkj.exe
O4 - HKLM\..\Run: [Tsj] C:\WINNT\System32\Rlk.exe
O4 - HKLM\..\Run: [Bov] C:\WINNT\Krc.exe
O4 - HKLM\..\Run: [Kpj] C:\WINNT\System32\Ivn.exe
O4 - HKLM\..\Run: [Mlq] C:\WINNT\Cla.exe
O4 - HKLM\..\Run: [Acd] C:\WINNT\System32\Roj.exe
O4 - HKLM\..\Run: [Hkk] C:\WINNT\Ldj.exe
O4 - HKLM\..\Run: [Nrl] C:\WINNT\System32\Ffu.exe
O4 - HKLM\..\Run: [Oqj] C:\WINNT\System32\Eue.exe
O4 - HKLM\..\Run: [Pql] C:\WINNT\Jtf.exe
O4 - HKLM\..\Run: [Ugv] C:\WINNT\System32\Rgh.exe
O4 - HKLM\..\Run: [Ncq] C:\WINNT\System32\Fnm.exe
O4 - HKLM\..\Run: [Qtc] C:\WINNT\System32\Rcr.exe
O4 - HKLM\..\Run: [Uav] C:\WINNT\Uof.exe
O4 - HKLM\..\Run: [Sud] C:\WINNT\Kps.exe
O4 - HKLM\..\Run: [Njk] C:\WINNT\System32\Rcv.exe
O4 - HKLM\..\Run: [Hdu] C:\WINNT\System32\Ags.exe
O4 - HKLM\..\Run: [Nat] C:\WINNT\System32\Jtr.exe
O4 - HKLM\..\Run: [Lue] C:\WINNT\System32\Ujv.exe
O4 - HKLM\..\Run: [Clc] C:\WINNT\System32\Psk.exe
O4 - HKLM\..\Run: [Drn] C:\WINNT\Brp.exe
O4 - HKLM\..\Run: [Btj] C:\WINNT\System32\Vcd.exe
O4 - HKLM\..\Run: [Vlt] C:\WINNT\System32\Cco.exe
O4 - HKLM\..\Run: [Ibi] C:\WINNT\System32\Eje.exe
O4 - HKLM\..\Run: [Nfm] C:\WINNT\System32\Bdd.exe
O4 - HKLM\..\Run: [Qfo] C:\WINNT\Mdm.exe
O4 - HKLM\..\Run: [Ujv] C:\WINNT\System32\Kse.exe
O4 - HKLM\..\Run: [Bah] C:\WINNT\System32\Vpo.exe
O4 - HKLM\..\Run: [Tbi] C:\WINNT\System32\Cfu.exe
O4 - HKLM\..\Run: [Rrc] C:\WINNT\Rin.exe
O4 - HKLM\..\Run: [Snl] C:\WINNT\System32\Hjf.exe
O4 - HKLM\..\Run: [Qqk] C:\WINNT\Ght.exe
O4 - HKLM\..\Run: [Jkt] C:\WINNT\Qhf.exe
O4 - HKLM\..\Run: [Iov] C:\WINNT\System32\Gfi.exe
O4 - HKLM\..\Run: [Ahc] C:\WINNT\Pji.exe
O4 - HKLM\..\Run: [Eoa] C:\WINNT\Tnn.exe
O4 - HKLM\..\Run: [Dsr] C:\WINNT\Lrp.exe
O4 - HKLM\..\Run: [Tko] C:\WINNT\System32\Bcm.exe
O4 - HKLM\..\Run: [Tol] C:\WINNT\Flg.exe
O4 - HKLM\..\Run: [Ckd] C:\WINNT\System32\Hkd.exe
O4 - HKLM\..\Run: [Vlc] C:\WINNT\Agk.exe
O4 - HKLM\..\Run: [Fsc] C:\WINNT\Nnt.exe
O4 - HKLM\..\Run: [Iui] C:\WINNT\Psj.exe
O4 - HKLM\..\Run: [Lmb] C:\WINNT\Jte.exe
O4 - HKLM\..\Run: [Rrm] C:\WINNT\Rti.exe
O4 - HKLM\..\Run: [Nsq] C:\WINNT\Omv.exe
O4 - HKLM\..\Run: [Rtt] C:\WINNT\System32\Jca.exe
O4 - HKLM\..\Run: [Qbn] C:\WINNT\System32\Uqq.exe
O4 - HKLM\..\Run: [Gus] C:\WINNT\System32\Ppb.exe
O4 - HKLM\..\Run: [Muh] C:\WINNT\System32\Sce.exe
O4 - HKLM\..\Run: [Tth] C:\WINNT\Aej.exe
O4 - HKLM\..\Run: [Bhq] C:\WINNT\Sha.exe
O4 - HKLM\..\Run: [Tjj] C:\WINNT\Iqt.exe
O4 - HKLM\..\Run: [Bpa] C:\WINNT\Tdf.exe
O4 - HKLM\..\Run: [Qgh] C:\WINNT\System32\Ueb.exe
O4 - HKLM\..\Run: [Jeg] C:\WINNT\System32\Bai.exe
O4 - HKLM\..\Run: [Brm] C:\WINNT\System32\Tuv.exe
O4 - HKLM\..\Run: [Ulf] C:\WINNT\Mre.exe
O4 - HKLM\..\Run: [Abh] C:\WINNT\Opg.exe
O4 - HKLM\..\Run: [Gjf] C:\WINNT\System32\Pea.exe
O4 - HKLM\..\Run: [Bpf] C:\WINNT\Vpc.exe
O4 - HKLM\..\Run: [Lgg] C:\WINNT\System32\Bfk.exe
O4 - HKLM\..\Run: [Spd] C:\WINNT\System32\Uug.exe
O4 - HKLM\..\Run: [Nns] C:\WINNT\Rqb.exe
O4 - HKLM\..\Run: [Ccs] C:\WINNT\System32\Osf.exe
O4 - HKLM\..\Run: [Nct] C:\WINNT\Keu.exe
O4 - HKLM\..\Run: [Bvl] C:\WINNT\Ncp.exe
O4 - HKLM\..\Run: [Njc] C:\WINNT\Mal.exe
O4 - HKLM\..\Run: [Jal] C:\WINNT\Nvm.exe
O4 - HKLM\..\Run: [Euk] C:\WINNT\Pea.exe
O4 - HKLM\..\Run: [Edc] C:\WINNT\System32\Pjc.exe
O4 - HKLM\..\Run: [Lre] C:\WINNT\Hpi.exe
O4 - HKLM\..\Run: [Rok] C:\WINNT\Rno.exe
O4 - HKLM\..\Run: [Nki] C:\WINNT\System32\Ncn.exe
O4 - HKLM\..\Run: [Rih] C:\WINNT\System32\Rnc.exe
O4 - HKLM\..\Run: [Bui] C:\WINNT\Hgu.exe
O4 - HKLM\..\Run: [Ndt] C:\WINNT\System32\Atb.exe
O4 - HKLM\..\Run: [Tct] C:\WINNT\Ddv.exe
O4 - HKLM\..\Run: [Nvq] C:\WINNT\Nst.exe
O4 - HKLM\..\Run: [Jbn] C:\WINNT\System32\Ani.exe
O4 - HKLM\..\Run: [Sgq] C:\WINNT\System32\Mtk.exe
O4 - HKLM\..\Run: [Blt] C:\WINNT\System32\Agd.exe
O4 - HKLM\..\Run: [Rll] C:\WINNT\System32\Mgs.exe
O4 - HKLM\..\Run: [Pfn] C:\WINNT\Ojl.exe
O4 - HKLM\..\Run: [Ben] C:\WINNT\Pfe.exe
O4 - HKLM\..\Run: [Dsd] C:\WINNT\Dpo.exe
O4 - HKLM\..\Run: [Ssu] C:\WINNT\System32\Jdc.exe
O4 - HKLM\..\Run: [Bjq] C:\WINNT\Evl.exe
O4 - HKLM\..\Run: [Uqr] C:\WINNT\System32\Bae.exe
O4 - HKLM\..\Run: [Cvd] C:\WINNT\Omf.exe
O4 - HKLM\..\Run: [Pgi] C:\WINNT\Fte.exe
O4 - HKLM\..\Run: [Uka] C:\WINNT\System32\Jlp.exe
O4 - HKLM\..\Run: [Olp] C:\WINNT\Vli.exe
O4 - HKLM\..\Run: [Vmu] C:\WINNT\System32\Rro.exe
O4 - HKLM\..\Run: [Mkf] C:\WINNT\System32\Pmn.exe
O4 - HKLM\..\Run: [Qeo] C:\WINNT\System32\Rru.exe
O4 - HKLM\..\Run: [Jcn] C:\WINNT\System32\Nct.exe
O4 - HKLM\..\Run: [Vjk] C:\WINNT\System32\Hcf.exe
O4 - HKLM\..\Run: [Tli] C:\WINNT\System32\Ftn.exe
O4 - HKLM\..\Run: [Gkm] C:\WINNT\Peu.exe
O4 - HKLM\..\Run: [Duf] C:\WINNT\Elp.exe
O4 - HKLM\..\Run: [Tkm] C:\WINNT\Mqq.exe
O4 - HKLM\..\Run: [Vdr] C:\WINNT\System32\Epn.exe
O4 - HKLM\..\Run: [Hpq] C:\WINNT\Vej.exe
O4 - HKLM\..\Run: [Ulp] C:\WINNT\Gdr.exe
O4 - HKLM\..\Run: [Bfj] C:\WINNT\System32\Ehp.exe
O4 - HKLM\..\Run: [Iuv] C:\WINNT\System32\Cqe.exe
O4 - HKLM\..\Run: [Vpn] C:\WINNT\System32\Gcu.exe
O4 - HKLM\..\Run: [Tab] C:\WINNT\Pln.exe
O4 - HKLM\..\Run: [Avf] C:\WINNT\Iit.exe
O4 - HKLM\..\Run: [Hbn] C:\WINNT\System32\Dhq.exe
O4 - HKLM\..\Run: [Tkb] C:\WINNT\System32\Pdg.exe
O4 - HKLM\..\Run: [Fdj] C:\WINNT\Fsu.exe
O4 - HKLM\..\Run: [Eoj] C:\WINNT\Cnk.exe
O4 - HKLM\..\Run: [Mfo] C:\WINNT\Abo.exe
O4 - HKLM\..\Run: [Vom] C:\WINNT\System32\Nma.exe
O4 - HKLM\..\Run: [Vei] C:\WINNT\Hrg.exe
O4 - HKLM\..\Run: [Pcl] C:\WINNT\Haa.exe
O4 - HKLM\..\Run: [Afm] C:\WINNT\Lis.exe
O4 - HKLM\..\Run: [Vme] C:\WINNT\System32\Ffc.exe
O4 - HKLM\..\Run: [Cqo] C:\WINNT\Qmc.exe
O4 - HKLM\..\Run: [Dok] C:\WINNT\System32\Vgm.exe
O4 - HKLM\..\Run: [Omr] C:\WINNT\System32\Urp.exe
O4 - HKLM\..\Run: [Pdr] C:\WINNT\Auh.exe
O4 - HKLM\..\Run: [Fmr] C:\WINNT\Ish.exe
O4 - HKLM\..\Run: [Ebd] C:\WINNT\Mst.exe
O4 - HKLM\..\Run: [Spi] C:\WINNT\System32\Eca.exe
O4 - HKLM\..\Run: [Uuj] C:\WINNT\Ofn.exe
O4 - HKLM\..\Run: [Iob] C:\WINNT\System32\Kon.exe
O4 - HKLM\..\Run: [Qbf] C:\WINNT\Ebg.exe
O4 - HKLM\..\Run: [Ict] C:\WINNT\Lcu.exe
O4 - HKLM\..\Run: [Olt] C:\WINNT\Dab.exe
O4 - HKLM\..\Run: [Bhu] C:\WINNT\System32\Bfd.exe
O4 - HKLM\..\Run: [Nlh] C:\WINNT\System32\Jog.exe
O4 - HKLM\..\Run: [Ufa] C:\WINNT\System32\Crr.exe
O4 - HKLM\..\Run: [Vri] C:\WINNT\System32\Nlr.exe
O4 - HKLM\..\Run: [Cap] C:\WINNT\Svt.exe
O4 - HKLM\..\Run: [Lvs] C:\WINNT\System32\Ssj.exe
O4 - HKLM\..\Run: [Npl] C:\WINNT\System32\Fcj.exe
O4 - HKLM\..\Run: [Rlr] C:\WINNT\System32\Loa.exe
O4 - HKLM\..\Run: [Non] C:\WINNT\System32\Eiv.exe
O4 - HKLM\..\Run: [Nih] C:\WINNT\System32\Ojm.exe
O4 - HKLM\..\Run: [Lbl] C:\WINNT\Nqb.exe
O4 - HKLM\..\Run: [Dqs] C:\WINNT\Pcj.exe
O4 - HKLM\..\Run: [Tvs] C:\WINNT\System32\Gte.exe
O4 - HKLM\..\Run: [Mui] C:\WINNT\Efc.exe
O4 - HKLM\..\Run: [Lur] C:\WINNT\Lht.exe
O4 - HKLM\..\Run: [Rkr] C:\WINNT\Itf.exe
O4 - HKLM\..\Run: [Uen] C:\WINNT\Ocq.exe
O4 - HKLM\..\Run: [Bcs] C:\WINNT\System32\Qea.exe
O4 - HKLM\..\Run: [Agj] C:\WINNT\Lij.exe
O4 - HKLM\..\Run: [Pjq] C:\WINNT\Tft.exe
O4 - HKLM\..\Run: [Fvt] C:\WINNT\System32\Ina.exe
O4 - HKLM\..\Run: [Bcg] C:\WINNT\System32\Dao.exe
O4 - HKLM\..\Run: [Mns] C:\WINNT\System32\Prd.exe
O4 - HKLM\..\Run: [Jpr] C:\WINNT\Jhl.exe
O4 - HKLM\..\Run: [Fal] C:\WINNT\System32\Pjv.exe
O4 - HKLM\..\Run: [Psa] C:\WINNT\System32\Aiu.exe
O4 - HKLM\..\Run: [Gul] C:\WINNT\System32\Udi.exe
O4 - HKLM\..\Run: [Itr] C:\WINNT\Cvt.exe
O4 - HKLM\..\Run: [Bfb] C:\WINNT\Jar.exe
O4 - HKLM\..\Run: [Uoc] C:\WINNT\Pmq.exe
O4 - HKLM\..\Run: [Bqe] C:\WINNT\System32\Upm.exe
O4 - HKLM\..\Run: [Crv] C:\WINNT\Gpc.exe
O4 - HKLM\..\Run: [Uuo] C:\WINNT\Ktv.exe
O4 - HKLM\..\Run: [Gla] C:\WINNT\Lqc.exe
O4 - HKLM\..\Run: [Gjv] C:\WINNT\System32\Toq.exe
O4 - HKLM\..\Run: [Ltj] C:\WINNT\Bhh.exe
O4 - HKLM\..\Run: [Fmv] C:\WINNT\System32\Iod.exe
O4 - HKLM\..\Run: [Sfg] C:\WINNT\System32\Svu.exe
O4 - HKLM\..\Run: [Len] C:\WINNT\System32\Pdp.exe
O4 - HKLM\..\Run: [Cic] C:\WINNT\Jrd.exe
O4 - HKLM\..\Run: [Tih] C:\WINNT\System32\Voa.exe
O4 - HKLM\..\Run: [Bkr] C:\WINNT\System32\Gnb.exe
O4 - HKLM\..\Run: [Anf] C:\WINNT\Qpb.exe
O4 - HKLM\..\Run: [Cct] C:\WINNT\Opp.exe
O4 - HKLM\..\Run: [Rfh] C:\WINNT\Vsf.exe
O4 - HKLM\..\Run: [Mli] C:\WINNT\System32\Lpd.exe
O4 - HKLM\..\Run: [Fek] C:\WINNT\System32\Qjg.exe
O4 - HKLM\..\Run: [Qcp] C:\WINNT\Mhi.exe
O4 - HKLM\..\Run: [Ees] C:\WINNT\System32\Otd.exe
O4 - HKLM\..\Run: [Ngl] C:\WINNT\System32\Glm.exe
O4 - HKLM\..\Run: [Pkv] C:\WINNT\System32\Hjf.exe
O4 - HKLM\..\Run: [Qoh] C:\WINNT\System32\Vqm.exe
O4 - HKLM\..\Run: [Kpn] C:\WINNT\Vco.exe
O4 - HKLM\..\Run: [Srv] C:\WINNT\Bqf.exe
O4 - HKLM\..\Run: [Agu] C:\WINNT\Fng.exe
O4 - HKLM\..\Run: [Sjq] C:\WINNT\Apj.exe
O4 - HKLM\..\Run: [Sko] C:\WINNT\System32\Sld.exe
O4 - HKLM\..\Run: [Vjm] C:\WINNT\System32\Gms.exe
O4 - HKLM\..\Run: [Irp] C:\WINNT\System32\Gbs.exe
O4 - HKLM\..\Run: [Rul] C:\WINNT\System32\Ovc.exe
O4 - HKLM\..\Run: [Dhk] C:\WINNT\System32\Hrh.exe
O4 - HKLM\..\Run: [Hgr] C:\WINNT\Ugs.exe
O4 - HKLM\..\Run: [Ans] C:\WINNT\System32\Ino.exe
O4 - HKLM\..\Run: [Aea] C:\WINNT\Kpl.exe
O4 - HKLM\..\Run: [Rpc] C:\WINNT\System32\Oub.exe
O4 - HKLM\..\Run: [Bsd] C:\WINNT\Ito.exe
O4 - HKLM\..\Run: [Fli] C:\WINNT\System32\Qgg.exe
O4 - HKLM\..\Run: [Edn] C:\WINNT\System32\Pfl.exe
O4 - HKLM\..\Run: [Hlr] C:\WINNT\Hob.exe
O4 - HKLM\..\Run: [Kuq] C:\WINNT\Gfl.exe
O4 - HKLM\..\Run: [Van] C:\WINNT\System32\Ote.exe
O4 - HKLM\..\Run: [Ich] C:\WINNT\Ihq.exe
O4 - HKLM\..\Run: [Aht] C:\WINNT\Hqo.exe
O4 - HKLM\..\Run: [Uuf] C:\WINNT\System32\Hlv.exe
O4 - HKLM\..\Run: [Oek] C:\WINNT\System32\Nde.exe
O4 - HKLM\..\Run: [Ecs] C:\WINNT\System32\Pue.exe
O4 - HKLM\..\Run: [Pgh] C:\WINNT\Oal.exe
O4 - HKLM\..\Run: [Jiu] C:\WINNT\System32\Aau.exe
O4 - HKLM\..\Run: [Jij] C:\WINNT\Bst.exe
O4 - HKLM\..\Run: [Vmn] C:\WINNT\Nqq.exe
O4 - HKLM\..\Run: [Kms] C:\WINNT\Ndf.exe
O4 - HKLM\..\Run: [Fcq] C:\WINNT\System32\Jvo.exe
O4 - HKLM\..\Run: [Nrp] C:\WINNT\Hed.exe
O4 - HKLM\..\Run: [Hul] C:\WINNT\Rdq.exe
O4 - HKLM\..\Run: [Hhu] C:\WINNT\System32\Aug.exe
O4 - HKLM\..\Run: [Mqe] C:\WINNT\System32\Nhn.exe
O4 - HKLM\..\Run: [Ebn] C:\WINNT\System32\Vcs.exe
O4 - HKLM\..\Run: [Nkm] C:\WINNT\Tdq.exe
O4 - HKLM\..\Run: [Rha] C:\WINNT\Vim.exe
O4 - HKLM\..\Run: [Okv] C:\WINNT\Lnp.exe
O4 - HKLM\..\Run: [Qrc] C:\WINNT\System32\Aio.exe
O4 - HKLM\..\Run: [Vis] C:\WINNT\Bns.exe
O4 - HKLM\..\Run: [Tda] C:\WINNT\System32\Lfo.exe
O4 - HKLM\..\Run: [Gvc] C:\WINNT\System32\Ibd.exe
O4 - HKLM\..\Run: [Ckv] C:\WINNT\Htf.exe
O4 - HKLM\..\Run: [Tna] C:\WINNT\System32\Aqg.exe
O4 - HKLM\..\Run: [Bjj] C:\WINNT\Mne.exe
O4 - HKLM\..\Run: [Arb] C:\WINNT\System32\Mja.exe
O4 - HKLM\..\Run: [Ean] C:\WINNT\Krb.exe
O4 - HKLM\..\Run: [Pgu] C:\WINNT\System32\Sld.exe
O4 - HKLM\..\Run: [Bnr] C:\WINNT\System32\Pva.exe
O4 - HKLM\..\Run: [Bpt] C:\WINNT\System32\Foq.exe
O4 - HKLM\..\Run: [Kvp] C:\WINNT\System32\Nqg.exe
O4 - HKLM\..\Run: [Hts] C:\WINNT\Phm.exe
O4 - HKLM\..\Run: [Lvk] C:\WINNT\System32\Cjm.exe
O4 - HKLM\..\Run: [Lhs] C:\WINNT\Vau.exe
O4 - HKLM\..\Run: [Kbe] C:\WINNT\Qqc.exe
O4 - HKLM\..\Run: [Aku] C:\WINNT\Ggb.exe
O4 - HKLM\..\Run: [Fil] C:\WINNT\System32\Amm.exe
O4 - HKLM\..\Run: [Dqh] C:\WINNT\System32\Hpm.exe
O4 - HKLM\..\Run: [Dpm] C:\WINNT\Crl.exe
O4 - HKLM\..\Run: [Pic] C:\WINNT\Nft.exe
O4 - HKLM\..\Run: [Kkh] C:\WINNT\Vsk.exe
O4 - HKLM\..\Run: [Tnl] C:\WINNT\System32\Vms.exe
O4 - HKLM\..\Run: [Jrm] C:\WINNT\Fbk.exe
O4 - HKLM\..\Run: [Ebt] C:\WINNT\Jcc.exe
O4 - HKLM\..\Run: [Als] C:\WINNT\System32\Has.exe
O4 - HKLM\..\Run: [Phc] C:\WINNT\System32\Der.exe
O4 - HKLM\..\Run: [Nlk] C:\WINNT\System32\Ott.exe
O4 - HKLM\..\Run: [Hsp] C:\WINNT\System32\Pis.exe
O4 - HKLM\..\Run: [Umi] C:\WINNT\Ktm.exe
O4 - HKLM\..\Run: [Ntu] C:\WINNT\Ghq.exe
O4 - HKLM\..\Run: [Ppm] C:\WINNT\System32\Ber.exe
O4 - HKLM\..\Run: [Uhl] C:\WINNT\Ftg.exe
O4 - HKLM\..\Run: [Qum] C:\WINNT\System32\Rvn.exe
O4 - HKLM\..\Run: [Uqj] C:\WINNT\Mle.exe
O4 - HKLM\..\Run: [Vqj] C:\WINNT\Kfb.exe
O4 - HKLM\..\Run: [Lrv] C:\WINNT\Nmg.exe
O4 - HKLM\..\Run: [Inr] C:\WINNT\System32\Ppn.exe
O4 - HKLM\..\Run: [Rcs] C:\WINNT\System32\Vsf.exe
O4 - HKLM\..\Run: [Tnu] C:\WINNT\System32\Dsp.exe
O4 - HKLM\..\Run: [Bnu] C:\WINNT\System32\Ert.exe
O4 - HKLM\..\Run: [Mrm] C:\WINNT\Kai.exe
O4 - HKLM\..\Run: [Mus] C:\WINNT\System32\Smf.exe
O4 - HKLM\..\Run: [Vnk] C:\WINNT\Der.exe
O4 - HKLM\..\Run: [Mks] C:\WINNT\Abt.exe
O4 - HKLM\..\Run: [Oun] C:\WINNT\System32\Ukc.exe
O4 - HKLM\..\Run: [Omu] C:\WINNT\System32\Lou.exe
O4 - HKLM\..\Run: [Piq] C:\WINNT\System32\Pdf.exe
O4 - HKLM\..\Run: [Skh] C:\WINNT\Spj.exe
O4 - HKLM\..\Run: [Mhr] C:\WINNT\Lad.exe
O4 - HKLM\..\Run: [Tpr] C:\WINNT\Pqs.exe
O4 - HKLM\..\Run: [Nta] C:\WINNT\Gkj.exe
O4 - HKLM\..\Run: [Rrq] C:\WINNT\System32\Ujd.exe
O4 - HKLM\..\Run: [Dae] C:\WINNT\System32\Vos.exe
O4 - HKLM\..\Run: [Mka] C:\WINNT\System32\Plp.exe
O4 - HKLM\..\Run: [Qci] C:\WINNT\Uus.exe
O4 - HKLM\..\Run: [Kek] C:\WINNT\System32\Spq.exe
O4 - HKLM\..\Run: [Mvf] C:\WINNT\System32\Ntj.exe
O4 - HKLM\..\Run: [Saa] C:\WINNT\Slp.exe
O4 - HKLM\..\Run: [Ahq] C:\WINNT\Ldu.exe
O4 - HKLM\..\Run: [Qmt] C:\WINNT\System32\Lvo.exe
O4 - HKLM\..\Run: [Hgo] C:\WINNT\Ors.exe
O4 - HKLM\..\Run: [Lob] C:\WINNT\System32\Rud.exe
O4 - HKLM\..\Run: [Uod] C:\WINNT\System32\Eml.exe
O4 - HKLM\..\Run: [Siv] C:\WINNT\Qii.exe
O4 - HKLM\..\Run: [Fag] C:\WINNT\Oke.exe
O4 - HKLM\..\Run: [Mop] C:\WINNT\System32\Koq.exe
O4 - HKLM\..\Run: [Mer] C:\WINNT\Ikq.exe
O4 - HKLM\..\Run: [Tuc] C:\WINNT\System32\Nvu.exe
O4 - HKLM\..\Run: [Lme] C:\WINNT\System32\Vis.exe
O4 - HKLM\..\Run: [Piv] C:\WINNT\System32\Jbk.exe
O4 - HKLM\..\Run: [Rrv] C:\WINNT\System32\Pkt.exe
O4 - HKLM\..\Run: [Obc] C:\WINNT\Qfg.exe
O4 - HKLM\..\Run: [Ssp] C:\WINNT\System32\Ttu.exe
O4 - HKLM\..\Run: [Kbv] C:\WINNT\Gfb.exe
O4 - HKLM\..\Run: [Vrg] C:\WINNT\Pej.exe
O4 - HKLM\..\Run: [Vft] C:\WINNT\System32\Iaj.exe
O4 - HKLM\..\Run: [Sbj] C:\WINNT\System32\Evc.exe
O4 - HKLM\..\Run: [Dfn] C:\WINNT\Alg.exe
O4 - HKLM\..\Run: [Aqq] C:\WINNT\System32\Pta.exe
O4 - HKLM\..\Run: [Rmb] C:\WINNT\Pvj.exe
O4 - HKLM\..\Run: [Fmq] C:\WINNT\System32\Fgj.exe
O4 - HKLM\..\Run: [Thl] C:\WINNT\Bvu.exe
O4 - HKLM\..\Run: [Ibl] C:\WINNT\Lob.exe
O4 - HKLM\..\Run: [Teo] C:\WINNT\System32\Rtg.exe
O4 - HKLM\..\Run: [Snd] C:\WINNT\System32\Eli.exe
O4 - HKLM\..\Run: [Kot] C:\WINNT\Gkm.exe
O4 - HKLM\..\Run: [Iuf] C:\WINNT\Koq.exe
O4 - HKLM\..\Run: [Jnu] C:\WINNT\Eei.exe
O4 - HKLM\..\Run: [Jqe] C:\WINNT\Sim.exe
O4 - HKLM\..\Run: [Rie] C:\WINNT\Qnr.exe
O4 - HKLM\..\Run: [Efi] C:\WINNT\Gvj.exe
O4 - HKLM\..\Run: [Cfa] C:\WINNT\Fqb.exe
O4 - HKLM\..\Run: [Vbv] C:\WINNT\Kcr.exe
O4 - HKLM\..\Run: [Anm] C:\WINNT\Ljv.exe
O4 - HKLM\..\Run: [Jcr] C:\WINNT\Iar.exe
O4 - HKLM\..\Run: [Dpe] C:\WINNT\Dko.exe
O4 - HKLM\..\Run: [Cfs] C:\WINNT\Mjq.exe
O4 - HKLM\..\Run: [Dfh] C:\WINNT\Gsq.exe
O4 - HKLM\..\Run: [Foq] C:\WINNT\System32\Aic.exe
O4 - HKLM\..\Run: [Qeb] C:\WINNT\System32\Esc.exe
O4 - HKLM\..\Run: [Ujj] C:\WINNT\System32\Aaf.exe
O4 - HKLM\..\Run: [Bmd] C:\WINNT\Ebf.exe
O4 - HKLM\..\Run: [Ssj] C:\WINNT\Blf.exe
O4 - HKLM\..\Run: [Qpl] C:\WINNT\Qqu.exe
O4 - HKLM\..\Run: [Oge] C:\WINNT\System32\Ctu.exe
O4 - HKLM\..\Run: [Isq] C:\WINNT\System32\Cvi.exe
O4 - HKLM\..\Run: [Ogq] C:\WINNT\System32\Hqn.exe
O4 - HKLM\..\Run: [Ohh] C:\WINNT\System32\Jek.exe
O4 - HKLM\..\Run: [swcroot] c:\winnt\system32\swcroot.exe
O4 - HKLM\..\Run: [Acs] C:\WINNT\Jhh.exe
O4 - HKLM\..\Run: [Ola] C:\WINNT\Hja.exe
O4 - HKLM\..\Run: [Lup] C:\WINNT\System32\Tbp.exe
O4 - HKLM\..\Run: [Cbe] C:\WINNT\Atc.exe
O4 - HKLM\..\Run: [Nah] C:\WINNT\Jtq.exe
O4 - HKLM\..\Run: [Ecg] C:\WINNT\System32\Vqd.exe
O4 - HKLM\..\Run: [Rkb] C:\WINNT\Jof.exe
O4 - HKLM\..\Run: [Bor] C:\WINNT\System32\Ktn.exe
O4 - HKLM\..\Run: [Mqr] C:\WINNT\System32\Iic.exe
O4 - HKLM\..\Run: [Fqs] C:\WINNT\Dne.exe
O4 - HKLM\..\Run: [Cjv] C:\WINNT\System32\Vjo.exe
O4 - HKLM\..\Run: [Bvp] C:\WINNT\System32\Sft.exe
O4 - HKLM\..\Run: [Qgf] C:\WINNT\System32\Ocb.exe
O4 - HKLM\..\Run: [Pan] C:\WINNT\Vuu.exe
O4 - HKLM\..\Run: [Ift] C:\WINNT\System32\Aoq.exe
O4 - HKLM\..\Run: [Oel] C:\WINNT\System32\Utq.exe
O4 - HKLM\..\Run: [Ljd] C:\WINNT\Dsc.exe
O4 - HKLM\..\Run: [Jft] C:\WINNT\System32\Gcp.exe
O4 - HKLM\..\Run: [Kba] C:\WINNT\Fhl.exe
O4 - HKLM\..\Run: [Gle] C:\WINNT\Cim.exe
O4 - HKLM\..\Run: [Bbl] C:\WINNT\Mhl.exe
O4 - HKLM\..\Run: [Otf] C:\WINNT\System32\Gej.exe
O4 - HKLM\..\Run: [Ihu] C:\WINNT\Rtd.exe
O4 - HKLM\..\Run: [Jmb] C:\WINNT\System32\Hvm.exe
O4 - HKLM\..\Run: [Aje] C:\WINNT\System32\Rad.exe
O4 - HKLM\..\Run: [Ffi] C:\WINNT\Tir.exe
O4 - HKLM\..\Run: [Dis] C:\WINNT\System32\Vgl.exe
O4 - HKLM\..\Run: [Tei] C:\WINNT\System32\Hbf.exe
O4 - HKLM\..\Run: [Ovn] C:\WINNT\Ols.exe
O4 - HKLM\..\Run: [Phr] C:\WINNT\Neu.exe
O4 - HKLM\..\Run: [Euh] C:\WINNT\Iol.exe
O4 - HKLM\..\Run: [Fea] C:\WINNT\Tqr.exe
O4 - HKLM\..\Run: [Pdi] C:\WINNT\Arl.exe
O4 - HKLM\..\Run: [Cvr] C:\WINNT\System32\Cpu.exe
O4 - HKLM\..\Run: [Uao] C:\WINNT\System32\Lfp.exe
O4 - HKLM\..\Run: [Mqi] C:\WINNT\System32\Mso.exe
O4 - HKLM\..\Run: [Ega] C:\WINNT\System32\Ent.exe
O4 - HKLM\..\Run: [Cov] C:\WINNT\System32\Tau.exe
O4 - HKLM\..\Run: [Min] C:\WINNT\System32\Mgq.exe
O4 - HKLM\..\Run: [Kbt] C:\WINNT\Mdc.exe
O4 - HKLM\..\Run: [Upq] C:\WINNT\System32\Mci.exe
O4 - HKLM\..\Run: [Lsd] C:\WINNT\Moa.exe
O4 - HKLM\..\Run: [Ijc] C:\WINNT\System32\Npv.exe
O4 - HKLM\..\Run: [Ute] C:\WINNT\System32\Ttv.exe
O4 - HKLM\..\Run: [Kgi] C:\WINNT\System32\Krd.exe
O4 - HKLM\..\Run: [Qam] C:\WINNT\System32\Ajv.exe
O4 - HKLM\..\Run: [Spl] C:\WINNT\System32\Tql.exe
O4 - HKLM\..\Run: [Mhm] C:\WINNT\Oqv.exe
O4 - HKLM\..\Run: [Pei] C:\WINNT\Dfs.exe
O4 - HKLM\..\Run: [Nnb] C:\WINNT\System32\Oid.exe
O4 - HKLM\..\Run: [Skg] C:\WINNT\Voi.exe
O4 - HKLM\..\Run: [Ail] C:\WINNT\Bos.exe
O4 - HKLM\..\Run: [Gar] C:\WINNT\System32\Sgk.exe
O4 - HKLM\..\Run: [Ase] C:\WINNT\System32\Lfr.exe
O4 - HKLM\..\Run: [Tgv] C:\WINNT\System32\Cbn.exe
O4 - HKLM\..\Run: [Oav] C:\WINNT\System32\Mde.exe
O4 - HKLM\..\Run: [Plo] C:\WINNT\System32\Ufr.exe
O4 - HKLM\..\Run: [Gjt] C:\WINNT\System32\Vgv.exe
O4 - HKLM\..\Run: [Uvn] C:\WINNT\System32\Cbd.exe
O4 - HKLM\..\Run: [Snk] C:\WINNT\System32\Jkj.exe
O4 - HKLM\..\Run: [Cbt] C:\WINNT\System32\Kha.exe
O4 - HKLM\..\Run: [Tud] C:\WINNT\System32\Mfb.exe
O4 - HKLM\..\Run: [Jhr] C:\WINNT\System32\Svv.exe
O4 - HKLM\..\Run: [Sso] C:\WINNT\Qqu.exe
O4 - HKLM\..\Run: [Fpm] C:\WINNT\System32\Ipp.exe
O4 - HKLM\..\Run: [Gsv] C:\WINNT\Kca.exe
O4 - HKLM\..\Run: [Fjc] C:\WINNT\System32\Qer.exe
O4 - HKLM\..\Run: [Cbr] C:\WINNT\Gvd.exe
O4 - HKLM\..\Run: [Trh] C:\WINNT\Ijt.exe
O4 - HKLM\..\Run: [Mfm] C:\WINNT\System32\Fdu.exe
O4 - HKLM\..\Run: [Clf] C:\WINNT\System32\Ogu.exe
O4 - HKLM\..\Run: [Ovi] C:\WINNT\Rlk.exe
O4 - HKLM\..\Run: [Rdu] C:\WINNT\System32\Smk.exe
O4 - HKLM\..\Run: [Mrf] C:\WINNT\Iju.exe
O4 - HKLM\..\Run: [Enu] C:\WINNT\Nca.exe
O4 - HKLM\..\Run: [Ese] C:\WINNT\System32\Mvb.exe
O4 - HKLM\..\Run: [Ist] C:\WINNT\System32\Hmd.exe
O4 - HKLM\..\Run: [Qls] C:\WINNT\System32\Rcf.exe
O4 - HKLM\..\Run: [Ndq] C:\WINNT\Atr.exe
O4 - HKLM\..\Run: [Ino] C:\WINNT\System32\Ibf.exe
O4 - HKLM\..\Run: [Rgu] C:\WINNT\System32\Jmh.exe
O4 - HKLM\..\Run: [Ojl] C:\WINNT\Tak.exe
O4 - HKLM\..\Run: [Otl] C:\WINNT\Ums.exe
O4 - HKLM\..\Run: [Fru] C:\WINNT\Cvs.exe
O4 - HKLM\..\Run: [Lrg] C:\WINNT\Vsg.exe
O4 - HKLM\..\Run: [Tru] C:\WINNT\System32\Les.exe
O4 - HKLM\..\Run: [Vdi] C:\WINNT\System32\Gek.exe
O4 - HKLM\..\Run: [Tle] C:\WINNT\Fsd.exe
O4 - HKLM\..\Run: [Msb] C:\WINNT\System32\Rkl.exe
O4 - HKLM\..\Run: [Pqn] C:\WINNT\System32\Ffs.exe
O4 - HKLM\..\Run: [Hqn] C:\WINNT\Cnk.exe
O4 - HKLM\..\Run: [Mul] C:\WINNT\System32\Eqo.exe
O4 - HKLM\..\Run: [Qmr] C:\WINNT\System32\Fua.exe
O4 - HKLM\..\Run: [Kgj] C:\WINNT\Osf.exe
O4 - HKLM\..\Run: [Bjv] C:\WINNT\System32\Cre.exe
O4 - HKLM\..\Run: [Tap] C:\WINNT\System32\Ekc.exe
O4 - HKLM\..\Run: [Aic] C:\WINNT\Gkm.exe
O4 - HKLM\..\Run: [Utk] C:\WINNT\System32\Dkc.exe
O4 - HKLM\..\Run: [Ntk] C:\WINNT\System32\Rfd.exe
O4 - HKLM\..\Run: [Pdj] C:\WINNT\Eeu.exe
O4 - HKLM\..\Run: [Hte] C:\WINNT\Gbr.exe
O4 - HKLM\..\Run: [Vsg] C:\WINNT\System32\Hru.exe
O4 - HKLM\..\Run: [Amt] C:\WINNT\Rdn.exe
O4 - HKLM\..\Run: [Rrt] C:\WINNT\System32\Pbm.exe
O4 - HKLM\..\Run: [Vlh] C:\WINNT\System32\Etb.exe
O4 - HKLM\..\Run: [Rdb] C:\WINNT\Ojl.exe
O4 - HKLM\..\Run: [Tdm] C:\WINNT\Drr.exe
O4 - HKLM\..\Run: [Cpn] C:\WINNT\System32\Sro.exe
O4 - HKLM\..\Run: [Sgj] C:\WINNT\Man.exe
O4 - HKLM\..\Run: [Bhf] C:\WINNT\Jhr.exe
O4 - HKLM\..\Run: [Nol] C:\WINNT\Upc.exe
O4 - HKLM\..\Run: [Ujo] C:\WINNT\System32\Ugp.exe
O4 - HKLM\..\Run: [Qev] C:\WINNT\Lup.exe
O4 - HKLM\..\Run: [Gtm] C:\WINNT\Lqq.exe
O4 - HKLM\..\Run: [Qol] C:\WINNT\Qru.exe
O4 - HKLM\..\Run: [Ouf] C:\WINNT\Gdh.exe
O4 - HKLM\..\Run: [Njr] C:\WINNT\System32\Qvj.exe
O4 - HKLM\..\Run: [Lbn] C:\WINNT\System32\Flu.exe
O4 - HKLM\..\Run: [Beq] C:\WINNT\Hil.exe
O4 - HKLM\..\Run: [Ncc] C:\WINNT\System32\Ieg.exe
O4 - HKLM\..\Run: [Uos] C:\WINNT\Ivl.exe
O4 - HKLM\..\Run: [Kum] C:\WINNT\System32\Uni.exe
O4 - HKLM\..\Run: [Foi] C:\WINNT\System32\Bpr.exe
O4 - HKLM\..\Run: [Knv] C:\WINNT\Bcq.exe
O4 - HKLM\..\Run: [Ebq] C:\WINNT\Kob.exe
O4 - HKLM\..\Run: [Gbh] C:\WINNT\System32\Qjj.exe
O4 - HKLM\..\Run: [Ubt] C:\WINNT\System32\Jri.exe
O4 - HKLM\..\Run: [Vfd] C:\WINNT\Mks.exe
O4 - HKLM\..\Run: [Lqo] C:\WINNT\Pdp.exe
O4 - HKLM\..\Run: [Qtp] C:\WINNT\Kcu.exe
O4 - HKLM\..\Run: [Tfn] C:\WINNT\Sfu.exe
O4 - HKLM\..\Run: [Pgq] C:\WINNT\System32\Phi.exe
O4 - HKLM\..\Run: [Hjb] C:\WINNT\System32\Hvf.exe
O4 - HKLM\..\Run: [Goi] C:\WINNT\Cot.exe
O4 - HKLM\..\Run: [Vqs] C:\WINNT\Jmi.exe
O4 - HKLM\..\Run: [Cdv] C:\WINNT\Btt.exe
O4 - HKLM\..\Run: [Ehb] C:\WINNT\Tlj.exe
O4 - HKLM\..\Run: [Jpg] C:\WINNT\System32\Gau.exe
O4 - HKLM\..\Run: [Tlk] C:\WINNT\Ies.exe
O4 - HKLM\..\Run: [Huu] C:\WINNT\System32\Dfi.exe
O4 - HKLM\..\Run: [Dee] C:\WINNT\System32\Feb.exe
O4 - HKLM\..\Run: [Dvm] C:\WINNT\Bvj.exe
O4 - HKCU\..\Run: [Vtc] C:\WINNT\Vjp.exe
O4 - HKCU\..\Run: [Rib] C:\WINNT\System32\Rei.exe
O4 - HKCU\..\Run: [Qhb] C:\WINNT\System32\Kcn.exe
O4 - HKCU\..\Run: [Klv] C:\WINNT\System32\Hpv.exe
O4 - HKCU\..\Run: [Eoq] C:\WINNT\System32\Jjd.exe
O4 - HKCU\..\Run: [Mge] C:\WINNT\Dnt.exe
O4 - HKCU\..\Run: [Scj] C:\WINNT\Btb.exe
O4 - HKCU\..\Run: [Lqu] C:\WINNT\System32\Lus.exe
O4 - HKCU\..\Run: [Nas] C:\WINNT\Jlo.exe
O4 - HKCU\..\Run: [Tph] C:\WINNT\Ebs.exe
O4 - HKCU\..\Run: [Dru] C:\WINNT\System32\Kmd.exe
O4 - HKCU\..\Run: [Vnm] C:\WINNT\System32\Amv.exe
O4 - HKCU\..\Run: [Ono] C:\WINNT\System32\Vhs.exe
O4 - HKCU\..\Run: [Qqm] C:\WINNT\Qls.exe
O4 - HKCU\..\Run: [Onl] C:\WINNT\System32\Lro.exe
O4 - HKCU\..\Run: [Bco] C:\WINNT\Dan.exe
O4 - HKCU\..\Run: [Cqa] C:\WINNT\System32\Crj.exe
O4 - HKCU\..\Run: [Mie] C:\WINNT\Utv.exe
O4 - HKCU\..\Run: [San] C:\WINNT\System32\Ggm.exe
O4 - HKCU\..\Run: [Odl] C:\WINNT\System32\Vke.exe
O4 - HKCU\..\Run: [Igg] C:\WINNT\Fot.exe
O4 - HKCU\..\Run: [Eoc] C:\WINNT\System32\Fik.exe
O4 - HKCU\..\Run: [Hfg] C:\WINNT\System32\Ctk.exe
O4 - HKCU\..\Run: [Rfq] C:\WINNT\System32\Jpu.exe
O4 - HKCU\..\Run: [Lkj] C:\WINNT\Qfo.exe
O4 - HKCU\..\Run: [Use] C:\WINNT\System32\Rvb.exe
O4 - HKCU\..\Run: [Gkq] C:\WINNT\System32\Qnj.exe
O4 - HKCU\..\Run: [Mkb] C:\WINNT\Qpa.exe
O4 - HKCU\..\Run: [Fsj] C:\WINNT\Cet.exe
O4 - HKCU\..\Run: [Rue] C:\WINNT\Fqp.exe
O4 - HKCU\..\Run: [Out] C:\WINNT\Ovk.exe
O4 - HKCU\..\Run: [Vkf] C:\WINNT\Etu.exe
O4 - HKCU\..\Run: [Qvk] C:\WINNT\System32\Iej.exe
O4 - HKCU\..\Run: [Ose] C:\WINNT\System32\Dhh.exe
O4 - HKCU\..\Run: [Iqf] C:\WINNT\Kpn.exe
O4 - HKCU\..\Run: [Bmn] C:\WINNT\System32\Vkj.exe
O4 - HKCU\..\Run: [Jtq] C:\WINNT\Pfs.exe
O4 - HKCU\..\Run: [Pcg] C:\WINNT\Bmt.exe
O4 - HKCU\..\Run: [Kjr] C:\WINNT\Sbg.exe
O4 - HKCU\..\Run: [Vrp] C:\WINNT\System32\Bhs.exe
O4 - HKCU\..\Run: [Oir] C:\WINNT\System32\Flp.exe
O4 - HKCU\..\Run: [Jes] C:\WINNT\System32\Ecg.exe
O4 - HKCU\..\Run: [Gam] C:\WINNT\Dkc.exe
O4 - HKCU\..\Run: [Mij] C:\WINNT\Dtj.exe
O4 - HKCU\..\Run: [Kif] C:\WINNT\System32\Kmv.exe
O4 - HKCU\..\Run: [Acb] C:\WINNT\System32\Daq.exe
O4 - HKCU\..\Run: [Kbl] C:\WINNT\Sut.exe
O4 - HKCU\..\Run: [Dan] C:\WINNT\Ulr.exe
O4 - HKCU\..\Run: [Ofg] C:\WINNT\System32\Imf.exe
O4 - HKCU\..\Run: [Map] C:\WINNT\Rir.exe
O4 - HKCU\..\Run: [Oim] C:\WINNT\System32\Fio.exe
O4 - HKCU\..\Run: [Pku] C:\WINNT\System32\Bvl.exe
O4 - HKCU\..\Run: [Dsp] C:\WINNT\Auf.exe
O4 - HKCU\..\Run: [Gtr] C:\WINNT\System32\Lfn.exe
O4 - HKCU\..\Run: [Mmh] C:\WINNT\System32\Mrj.exe
O4 - HKCU\..\Run: [Pbk] C:\WINNT\System32\Cih.exe
O4 - HKCU\..\Run: [Unu] C:\WINNT\Rra.exe
O4 - HKCU\..\Run: [Gbk] C:\WINNT\Tsb.exe
O4 - HKCU\..\Run: [Thb] C:\WINNT\System32\Mih.exe
O4 - HKCU\..\Run: [Mlg] C:\WINNT\System32\Ane.exe
O4 - HKCU\..\Run: [Eas] C:\WINNT\Pss.exe
O4 - HKCU\..\Run: [Ghj] C:\WINNT\System32\Ame.exe
O4 - HKCU\..\Run: [Mhk] C:\WINNT\System32\Iuq.exe
O4 - HKCU\..\Run: [Ele] C:\WINNT\System32\Ack.exe
O4 - HKCU\..\Run: [Vca] C:\WINNT\Brp.exe
O4 - HKCU\..\Run: [Thp] C:\WINNT\System32\Iup.exe
O4 - HKCU\..\Run: [Tgh] C:\WINNT\System32\Bmp.exe
O4 - HKCU\..\Run: [Skm] C:\WINNT\System32\Dmk.exe
O4 - HKCU\..\Run: [Dua] C:\WINNT\System32\Roe.exe
O4 - HKCU\..\Run: [Uth] C:\WINNT\System32\Ckv.exe
O4 - HKCU\..\Run: [Gnt] C:\WINNT\System32\Isj.exe
O4 - HKCU\..\Run: [Eek] C:\WINNT\Qja.exe
O4 - HKCU\..\Run: [Tul] C:\WINNT\System32\Ccs.exe
O4 - HKCU\..\Run: [Knp] C:\WINNT\Plm.exe
O4 - HKCU\..\Run: [Hvu] C:\WINNT\Snl.exe
O4 - HKCU\..\Run: [Njd] C:\WINNT\System32\Ier.exe
O4 - HKCU\..\Run: [Qsc] C:\WINNT\System32\Fmr.exe
O4 - HKCU\..\Run: [Kth] C:\WINNT\System32\Kdb.exe
O4 - HKCU\..\Run: [Ubg] C:\WINNT\Nds.exe
O4 - HKCU\..\Run: [Utn] C:\WINNT\Bmi.exe
O4 - HKCU\..\Run: [Uhi] C:\WINNT\Urj.exe
O4 - HKCU\..\Run: [Voq] C:\WINNT\System32\Spc.exe
O4 - HKCU\..\Run: [Loc] C:\WINNT\Fni.exe
O4 - HKCU\..\Run: [Qel] C:\WINNT\Qdv.exe
O4 - HKCU\..\Run: [Olh] C:\WINNT\Kjk.exe
O4 - HKCU\..\Run: [Hrp] C:\WINNT\System32\Clh.exe
O4 - HKCU\..\Run: [Tdr] C:\WINNT\Lpl.exe
O4 - HKCU\..\Run: [Kuo] C:\WINNT\System32\Ojv.exe
O4 - HKCU\..\Run: [Ddm] C:\WINNT\System32\Qbq.exe
O4 - HKCU\..\Run: [Pdg] C:\WINNT\System32\Qbq.exe
O4 - HKCU\..\Run: [Pml] C:\WINNT\System32\Rnm.exe
O4 - HKCU\..\Run: [Elt] C:\WINNT\Uqv.exe
O4 - HKCU\..\Run: [Lqk] C:\WINNT\Erc.exe
O4 - HKCU\..\Run: [Jbd] C:\WINNT\System32\Shg.exe
O4 - HKCU\..\Run: [Iba] C:\WINNT\System32\Egk.exe
O4 - HKCU\..\Run: [Ube] C:\WINNT\System32\Plg.exe
O4 - HKCU\..\Run: [Nrc] C:\WINNT\Ulq.exe
O4 - HKCU\..\Run: [Lrb] C:\WINNT\System32\Uam.exe
O4 - HKCU\..\Run: [Sdm] C:\WINNT\System32\Mjo.exe
O4 - HKCU\..\Run: [Kto] C:\WINNT\Tfr.exe
O4 - HKCU\..\Run: [Mft] C:\WINNT\Tdc.exe
O4 - HKCU\..\Run: [Nvg] C:\WINNT\System32\Fpl.exe
O4 - HKCU\..\Run: [Isr] C:\WINNT\Ofv.exe
O4 - HKCU\..\Run: [Ckf] C:\WINNT\System32\Fvj.exe
O4 - HKCU\..\Run: [Aih] C:\WINNT\Qun.exe
O4 - HKCU\..\Run: [Kpf] C:\WINNT\System32\Llg.exe
O4 - HKCU\..\Run: [Avl] C:\WINNT\System32\Lkr.exe
O4 - HKCU\..\Run: [Prg] C:\WINNT\Rki.exe
O4 - HKCU\..\Run: [Ivi] C:\WINNT\Jhv.exe
O4 - HKCU\..\Run: [Imb] C:\WINNT\Gkq.exe
O4 - HKCU\..\Run: [Cqg] C:\WINNT\Idn.exe
O4 - HKCU\..\Run: [Afk] C:\WINNT\System32\Qjd.exe
O4 - HKCU\..\Run: [Mbt] C:\WINNT\Cuh.exe
O4 - HKCU\..\Run: [Pps] C:\WINNT\System32\Tgc.exe
O4 - HKCU\..\Run: [Bjd] C:\WINNT\Rkb.exe
O4 - HKCU\..\Run: [Eil] C:\WINNT\Hnm.exe
O4 - HKCU\..\Run: [Nht] C:\WINNT\System32\Tio.exe
O4 - HKCU\..\Run: [Dsq] C:\WINNT\System32\Hlo.exe
O4 - HKCU\..\Run: [Ree] C:\WINNT\Obp.exe
O4 - HKCU\..\Run: [Kfb] C:\WINNT\System32\Iuv.exe
O4 - HKCU\..\Run: [Ahl] C:\WINNT\Ckb.exe
O4 - HKCU\..\Run: [Mip] C:\WINNT\Icq.exe
O4 - HKCU\..\Run: [Hnh] C:\WINNT\Jbv.exe
O4 - HKCU\..\Run: [Uup] C:\WINNT\Kal.exe
O4 - HKCU\..\Run: [Mrs] C:\WINNT\System32\Dpg.exe
O4 - HKCU\..\Run: [Efj] C:\WINNT\System32\Nvc.exe
O4 - HKCU\..\Run: [Bgp] C:\WINNT\System32\Mav.exe
O4 - HKCU\..\Run: [Luv] C:\WINNT\Kte.exe
O4 - HKCU\..\Run: [Btr] C:\WINNT\Ubb.exe
O4 - HKCU\..\Run: [Umh] C:\WINNT\System32\Vgb.exe
O4 - HKCU\..\Run: [Ufh] C:\WINNT\Iel.exe
O4 - HKCU\..\Run: [Oiq] C:\WINNT\Moh.exe
O4 - HKCU\..\Run: [Che] C:\WINNT\Nle.exe
O4 - HKCU\..\Run: [Nrd] C:\WINNT\System32\Quh.exe
O4 - HKCU\..\Run: [Uvg] C:\WINNT\System32\Psk.exe
O4 - HKCU\..\Run: [Nhr] C:\WINNT\Iqa.exe
O4 - HKCU\..\Run: [Eod] C:\WINNT\System32\Jqo.exe
O4 - HKCU\..\Run: [Cpf] C:\WINNT\System32\Fho.exe
O4 - HKCU\..\Run: [Aqh] C:\WINNT\Nbc.exe
O4 - HKCU\..\Run: [Clk] C:\WINNT\System32\Mpg.exe
O4 - HKCU\..\Run: [Osk] C:\WINNT\System32\Dbh.exe
O4 - HKCU\..\Run: [Qkb] C:\WINNT\System32\Msf.exe
O4 - HKCU\..\Run: [Kno] C:\WINNT\System32\Jel.exe
O4 - HKCU\..\Run: [Toh] C:\WINNT\System32\Ltb.exe
O4 - HKCU\..\Run: [Djh] C:\WINNT\Lkj.exe
O4 - HKCU\..\Run: [Tsj] C:\WINNT\System32\Rlk.exe
O4 - HKCU\..\Run: [Bov] C:\WINNT\Krc.exe
O4 - HKCU\..\Run: [Kpj] C:\WINNT\System32\Ivn.exe
O4 - HKCU\..\Run: [Mlq] C:\WINNT\Cla.exe
O4 - HKCU\..\Run: [Acd] C:\WINNT\System32\Roj.exe
O4 - HKCU\..\Run: [Hkk] C:\WINNT\Ldj.exe
O4 - HKCU\..\Run: [Nrl] C:\WINNT\System32\Ffu.exe
O4 - HKCU\..\Run: [Oqj] C:\WINNT\System32\Eue.exe
O4 - HKCU\..\Run: [Pql] C:\WINNT\Jtf.exe
O4 - HKCU\..\Run: [Ugv] C:\WINNT\System32\Rgh.exe
O4 - HKCU\..\Run: [Ncq] C:\WINNT\System32\Fnm.exe
O4 - HKCU\..\Run: [Qtc] C:\WINNT\System32\Rcr.exe
O4 - HKCU\..\Run: [Uav] C:\WINNT\Uof.exe
O4 - HKCU\..\Run: [Sud] C:\WINNT\Kps.exe
O4 - HKCU\..\Run: [Njk] C:\WINNT\System32\Rcv.exe
O4 - HKCU\..\Run: [Hdu] C:\WINNT\System32\Ags.exe
O4 - HKCU\..\Run: [Nat] C:\WINNT\System32\Jtr.exe
O4 - HKCU\..\Run: [Lue] C:\WINNT\System32\Ujv.exe
O4 - HKCU\..\Run: [Clc] C:\WINNT\System32\Psk.exe
O4 - HKCU\..\Run: [Drn] C:\WINNT\Brp.exe
O4 - HKCU\..\Run: [Btj] C:\WINNT\System32\Vcd.exe
O4 - HKCU\..\Run: [Vlt] C:\WINNT\System32\Cco.exe
O4 - HKCU\..\Run: [Ibi] C:\WINNT\System32\Eje.exe
O4 - HKCU\..\Run: [Nfm] C:\WINNT\System32\Bdd.exe
O4 - HKCU\..\Run: [Qfo] C:\WINNT\Mdm.exe
O4 - HKCU\..\Run: [Ujv] C:\WINNT\System32\Kse.exe
O4 - HKCU\..\Run: [Bah] C:\WINNT\System32\Vpo.exe
O4 - HKCU\..\Run: [Tbi] C:\WINNT\System32\Cfu.exe
O4 - HKCU\..\Run: [Rrc] C:\WINNT\Rin.exe
O4 - HKCU\..\Run: [Snl] C:\WINNT\System32\Hjf.exe
O4 - HKCU\..\Run: [Qqk] C:\WINNT\Ght.exe
O4 - HKCU\..\Run: [Jkt] C:\WINNT\Qhf.exe
O4 - HKCU\..\Run: [Iov] C:\WINNT\System32\Gfi.exe
O4 - HKCU\..\Run: [Ahc] C:\WINNT\Pji.exe
O4 - HKCU\..\Run: [Eoa] C:\WINNT\Tnn.exe
O4 - HKCU\..\Run: [Dsr] C:\WINNT\Lrp.exe
O4 - HKCU\..\Run: [Tko] C:\WINNT\System32\Bcm.exe
O4 - HKCU\..\Run: [Tol] C:\WINNT\Flg.exe
O4 - HKCU\..\Run: [Ckd] C:\WINNT\System32\Hkd.exe
O4 - HKCU\..\Run: [Vlc] C:\WINNT\Agk.exe
O4 - HKCU\..\Run: [Fsc] C:\WINNT\Nnt.exe
O4 - HKCU\..\Run: [Iui] C:\WINNT\Psj.exe
O4 - HKCU\..\Run: [Lmb] C:\WINNT\Jte.exe
O4 - HKCU\..\Run: [Rrm] C:\WINNT\Rti.exe
O4 - HKCU\..\Run: [Nsq] C:\WINNT\Omv.exe
O4 - HKCU\..\Run: [Rtt] C:\WINNT\System32\Jca.exe
O4 - HKCU\..\Run: [Qbn] C:\WINNT\System32\Uqq.exe
O4 - HKCU\..\Run: [Gus] C:\WINNT\System32\Ppb.exe
O4 - HKCU\..\Run: [Muh] C:\WINNT\System32\Sce.exe
O4 - HKCU\..\Run: [Tth] C:\WINNT\Aej.exe
O4 - HKCU\..\Run: [Bhq] C:\WINNT\Sha.exe
O4 - HKCU\..\Run: [Tjj] C:\WINNT\Iqt.exe
O4 - HKCU\..\Run: [Bpa] C:\WINNT\Tdf.exe
O4 - HKCU\..\Run: [Qgh] C:\WINNT\System32\Ueb.exe
O4 - HKCU\..\Run: [Jeg] C:\WINNT\System32\Bai.exe
O4 - HKCU\..\Run: [Brm] C:\WINNT\System32\Tuv.exe
O4 - HKCU\..\Run: [Ulf] C:\WINNT\Mre.exe
O4 - HKCU\..\Run: [Abh] C:\WINNT\Opg.exe
O4 - HKCU\..\Run: [Gjf] C:\WINNT\System32\Pea.exe
O4 - HKCU\..\Run: [Bpf] C:\WINNT\Vpc.exe
O4 - HKCU\..\Run: [Lgg] C:\WINNT\System32\Bfk.exe
O4 - HKCU\..\Run: [Spd] C:\WINNT\System32\Uug.exe
O4 - HKCU\..\Run: [Nns] C:\WINNT\Rqb.exe
O4 - HKCU\..\Run: [Ccs] C:\WINNT\System32\Osf.exe
O4 - HKCU\..\Run: [Nct] C:\WINNT\Keu.exe
O4 - HKCU\..\Run: [Bvl] C:\WINNT\Ncp.exe
O4 - HKCU\..\Run: [Njc] C:\WINNT\Mal.exe
O4 - HKCU\..\Run: [Jal] C:\WINNT\Nvm.exe
O4 - HKCU\..\Run: [Euk] C:\WINNT\Pea.exe
O4 - HKCU\..\Run: [Edc] C:\WINNT\System32\Pjc.exe
O4 - HKCU\..\Run: [Lre] C:\WINNT\Hpi.exe
O4 - HKCU\..\Run: [Rok] C:\WINNT\Rno.exe
O4 - HKCU\..\Run: [Nki] C:\WINNT\System32\Ncn.exe
O4 - HKCU\..\Run: [Rih] C:\WINNT\System32\Rnc.exe
O4 - HKCU\..\Run: [Bui] C:\WINNT\Hgu.exe
O4 - HKCU\..\Run: [Ndt] C:\WINNT\System32\Atb.exe
O4 - HKCU\..\Run: [Tct] C:\WINNT\Ddv.exe
O4 - HKCU\..\Run: [Nvq] C:\WINNT\Nst.exe
O4 - HKCU\..\Run: [Jbn] C:\WINNT\System32\Ani.exe
O4 - HKCU\..\Run: [Sgq] C:\WINNT\System32\Mtk.exe
O4 - HKCU\..\Run: [Blt] C:\WINNT\System32\Agd.exe
O4 - HKCU\..\Run: [Rll] C:\WINNT\System32\Mgs.exe
O4 - HKCU\..\Run: [Pfn] C:\WINNT\Ojl.exe
O4 - HKCU\..\Run: [Ben] C:\WINNT\Pfe.exe
O4 - HKCU\..\Run: [Dsd] C:\WINNT\Dpo.exe
O4 - HKCU\..\Run: [Ssu] C:\WINNT\System32\Jdc.exe
O4 - HKCU\..\Run: [Bjq] C:\WINNT\Evl.exe
O4 - HKCU\..\Run: [Uqr] C:\WINNT\System32\Bae.exe
O4 - HKCU\..\Run: [Cvd] C:\WINNT\Omf.exe
O4 - HKCU\..\Run: [Pgi] C:\WINNT\Fte.exe
O4 - HKCU\..\Run: [Uka] C:\WINNT\System32\Jlp.exe
O4 - HKCU\..\Run: [Olp] C:\WINNT\Vli.exe
O4 - HKCU\..\Run: [Vmu] C:\WINNT\System32\Rro.exe
O4 - HKCU\..\Run: [Mkf] C:\WINNT\System32\Pmn.exe
O4 - HKCU\..\Run: [Qeo] C:\WINNT\System32\Rru.exe
O4 - HKCU\..\Run: [Jcn] C:\WINNT\System32\Nct.exe
O4 - HKCU\..\Run: [Vjk] C:\WINNT\System32\Hcf.exe
O4 - HKCU\..\Run: [Tli] C:\WINNT\System32\Ftn.exe
O4 - HKCU\..\Run: [Gkm] C:\WINNT\Peu.exe
O4 - HKCU\..\Run: [Duf] C:\WINNT\Elp.exe
O4 - HKCU\..\Run: [Tkm] C:\WINNT\Mqq.exe
O4 - HKCU\..\Run: [Vdr] C:\WINNT\System32\Epn.exe
O4 - HKCU\..\Run: [Hpq] C:\WINNT\Vej.exe
O4 - HKCU\..\Run: [Ulp] C:\WINNT\Gdr.exe
O4 - HKCU\..\Run: [Bfj] C:\WINNT\System32\Ehp.exe
O4 - HKCU\..\Run: [Iuv] C:\WINNT\System32\Cqe.exe
O4 - HKCU\..\Run: [Vpn] C:\WINNT\System32\Gcu.exe
O4 - HKCU\..\Run: [Tab] C:\WINNT\Pln.exe
O4 - HKCU\..\Run: [Avf] C:\WINNT\Iit.exe
O4 - HKCU\..\Run: [Hbn] C:\WINNT\System32\Dhq.exe
O4 - HKCU\..\Run: [Tkb] C:\WINNT\System32\Pdg.exe
O4 - HKCU\..\Run: [Fdj] C:\WINNT\Fsu.exe
O4 - HKCU\..\Run: [Eoj] C:\WINNT\Cnk.exe
O4 - HKCU\..\Run: [Mfo] C:\WINNT\Abo.exe
O4 - HKCU\..\Run: [Vom] C:\WINNT\System32\Nma.exe
O4 - HKCU\..\Run: [Vei] C:\WINNT\Hrg.exe
O4 - HKCU\..\Run: [Pcl] C:\WINNT\Haa.exe
O4 - HKCU\..\Run: [Afm] C:\WINNT\Lis.exe
O4 - HKCU\..\Run: [Vme] C:\WINNT\System32\Ffc.exe
O4 - HKCU\..\Run: [Cqo] C:\WINNT\Qmc.exe
O4 - HKCU\..\Run: [Dok] C:\WINNT\System32\Vgm.exe
O4 - HKCU\..\Run: [Omr] C:\WINNT\System32\Urp.exe
O4 - HKCU\..\Run: [Pdr] C:\WINNT\Auh.exe
O4 - HKCU\..\Run: [Fmr] C:\WINNT\Ish.exe
O4 - HKCU\..\Run: [Ebd] C:\WINNT\Mst.exe
O4 - HKCU\..\Run: [Spi] C:\WINNT\System32\Eca.exe
O4 - HKCU\..\Run: [Uuj] C:\WINNT\Ofn.exe
O4 - HKCU\..\Run: [Iob] C:\WINNT\System32\Kon.exe
O4 - HKCU\..\Run: [Qbf] C:\WINNT\Ebg.exe
O4 - HKCU\..\Run: [Ict] C:\WINNT\Lcu.exe
O4 - HKCU\..\Run: [Olt] C:\WINNT\Dab.exe
O4 - HKCU\..\Run: [Bhu] C:\WINNT\System32\Bfd.exe
O4 - HKCU\..\Run: [Nlh] C:\WINNT\System32\Jog.exe
O4 - HKCU\..\Run: [Ufa] C:\WINNT\System32\Crr.exe
O4 - HKCU\..\Run: [Vri] C:\WINNT\System32\Nlr.exe
O4 - HKCU\..\Run: [Cap] C:\WINNT\Svt.exe
O4 - HKCU\..\Run: [Lvs] C:\WINNT\System32\Ssj.exe
O4 - HKCU\..\Run: [Npl] C:\WINNT\System32\Fcj.exe
O4 - HKCU\..\Run: [Rlr] C:\WINNT\System32\Loa.exe
O4 - HKCU\..\Run: [Non] C:\WINNT\System32\Eiv.exe
O4 - HKCU\..\Run: [Nih] C:\WINNT\System32\Ojm.exe
O4 - HKCU\..\Run: [Lbl] C:\WINNT\Nqb.exe
O4 - HKCU\..\Run: [Dqs] C:\WINNT\Pcj.exe
O4 - HKCU\..\Run: [Tvs] C:\WINNT\System32\Gte.exe
O4 - HKCU\..\Run: [Mui] C:\WINNT\Efc.exe
O4 - HKCU\..\Run: [Lur] C:\WINNT\Lht.exe
O4 - HKCU\..\Run: [Rkr] C:\WINNT\Itf.exe
O4 - HKCU\..\Run: [Uen] C:\WINNT\Ocq.exe
O4 - HKCU\..\Run: [Bcs] C:\WINNT\System32\Qea.exe
O4 - HKCU\..\Run: [Agj] C:\WINNT\Lij.exe
O4 - HKCU\..\Run: [Pjq] C:\WINNT\Tft.exe
O4 - HKCU\..\Run: [Fvt] C:\WINNT\System32\Ina.exe
O4 - HKCU\..\Run: [Bcg] C:\WINNT\System32\Dao.exe
O4 - HKCU\..\Run: [Mns] C:\WINNT\System32\Prd.exe
O4 - HKCU\..\Run: [Jpr] C:\WINNT\Jhl.exe
O4 - HKCU\..\Run: [Fal] C:\WINNT\System32\Pjv.exe
O4 - HKCU\..\Run: [Psa] C:\WINNT\System32\Aiu.exe
O4 - HKCU\..\Run: [Gul] C:\WINNT\System32\Udi.exe
O4 - HKCU\..\Run: [Itr] C:\WINNT\Cvt.exe
O4 - HKCU\..\Run: [Bfb] C:\WINNT\Jar.exe
O4 - HKCU\..\Run: [Uoc] C:\WINNT\Pmq.exe
O4 - HKCU\..\Run: [Bqe] C:\WINNT\System32\Upm.exe
O4 - HKCU\..\Run: [Crv] C:\WINNT\Gpc.exe
O4 - HKCU\..\Run: [Uuo] C:\WINNT\Ktv.exe
O4 - HKCU\..\Run: [Gla] C:\WINNT\Lqc.exe
O4 - HKCU\..\Run: [Gjv] C:\WINNT\System32\Toq.exe
O4 - HKCU\..\Run: [Ltj] C:\WINNT\Bhh.exe
O4 - HKCU\..\Run: [Fmv] C:\WINNT\System32\Iod.exe
O4 - HKCU\..\Run: [Sfg] C:\WINNT\System32\Svu.exe
O4 - HKCU\..\Run: [Len] C:\WINNT\System32\Pdp.exe
O4 - HKCU\..\Run: [Cic] C:\WINNT\Jrd.exe
O4 - HKCU\..\Run: [Tih] C:\WINNT\System32\Voa.exe
O4 - HKCU\..\Run: [Bkr] C:\WINNT\System32\Gnb.exe
O4 - HKCU\..\Run: [Anf] C:\WINNT\Qpb.exe
O4 - HKCU\..\Run: [Cct] C:\WINNT\Opp.exe
O4 - HKCU\..\Run: [Rfh] C:\WINNT\Vsf.exe
O4 - HKCU\..\Run: [Mli] C:\WINNT\System32\Lpd.exe
O4 - HKCU\..\Run: [Fek] C:\WINNT\System32\Qjg.exe
O4 - HKCU\..\Run: [Qcp] C:\WINNT\Mhi.exe
O4 - HKCU\..\Run: [Ees] C:\WINNT\System32\Otd.exe
O4 - HKCU\..\Run: [Ngl] C:\WINNT\System32\Glm.exe
O4 - HKCU\..\Run: [Pkv] C:\WINNT\System32\Hjf.exe
O4 - HKCU\..\Run: [Qoh] C:\WINNT\System32\Vqm.exe
O4 - HKCU\..\Run: [Kpn] C:\WINNT\Vco.exe
O4 - HKCU\..\Run: [Srv] C:\WINNT\Bqf.exe
O4 - HKCU\..\Run: [Agu] C:\WINNT\Fng.exe
O4 - HKCU\..\Run: [Sjq] C:\WINNT\Apj.exe
O4 - HKCU\..\Run: [Sko] C:\WINNT\System32\Sld.exe
O4 - HKCU\..\Run: [Vjm] C:\WINNT\System32\Gms.exe
O4 - HKCU\..\Run: [Irp] C:\WINNT\System32\Gbs.exe
O4 - HKCU\..\Run: [Rul] C:\WINNT\System32\Ovc.exe
O4 - HKCU\..\Run: [Dhk] C:\WINNT\System32\Hrh.exe
O4 - HKCU\..\Run: [Hgr] C:\WINNT\Ugs.exe
O4 - HKCU\..\Run: [Ans] C:\WINNT\System32\Ino.exe
O4 - HKCU\..\Run: [Aea] C:\WINNT\Kpl.exe
O4 - HKCU\..\Run: [Rpc] C:\WINNT\System32\Oub.exe
O4 - HKCU\..\Run: [Bsd] C:\WINNT\Ito.exe
O4 - HKCU\..\Run: [Fli] C:\WINNT\System32\Qgg.exe
O4 - HKCU\..\Run: [Edn] C:\WINNT\System32\Pfl.exe
O4 - HKCU\..\Run: [Hlr] C:\WINNT\Hob.exe
O4 - HKCU\..\Run: [Kuq] C:\WINNT\Gfl.exe
O4 - HKCU\..\Run: [Van] C:\WINNT\System32\Ote.exe
O4 - HKCU\..\Run: [Ich] C:\WINNT\Ihq.exe
O4 - HKCU\..\Run: [Aht] C:\WINNT\Hqo.exe
O4 - HKCU\..\Run: [Uuf] C:\WINNT\System32\Hlv.exe
O4 - HKCU\..\Run: [Oek] C:\WINNT\System32\Nde.exe
O4 - HKCU\..\Run: [Ecs] C:\WINNT\System32\Pue.exe
O4 - HKCU\..\Run: [Pgh] C:\WINNT\Oal.exe
O4 - HKCU\..\Run: [Jiu] C:\WINNT\System32\Aau.exe
O4 - HKCU\..\Run: [Jij] C:\WINNT\Bst.exe
O4 - HKCU\..\Run: [Vmn] C:\WINNT\Nqq.exe
O4 - HKCU\..\Run: [Kms] C:\WINNT\Ndf.exe
O4 - HKCU\..\Run: [Fcq] C:\WINNT\System32\Jvo.exe
O4 - HKCU\..\Run: [Nrp] C:\WINNT\Hed.exe
O4 - HKCU\..\Run: [Hul] C:\WINNT\Rdq.exe
O4 - HKCU\..\Run: [Hhu] C:\WINNT\System32\Aug.exe
O4 - HKCU\..\Run: [Mqe] C:\WINNT\System32\Nhn.exe
O4 - HKCU\..\Run: [Ebn] C:\WINNT\System32\Vcs.exe
O4 - HKCU\..\Run: [Nkm] C:\WINNT\Tdq.exe
O4 - HKCU\..\Run: [Rha] C:\WINNT\Vim.exe
O4 - HKCU\..\Run: [Okv] C:\WINNT\Lnp.exe
O4 - HKCU\..\Run: [Qrc] C:\WINNT\System32\Aio.exe
O4 - HKCU\..\Run: [Vis] C:\WINNT\Bns.exe
O4 - HKCU\..\Run: [Tda] C:\WINNT\System32\Lfo.exe
O4 - HKCU\..\Run: [Gvc] C:\WINNT\System32\Ibd.exe
O4 - HKCU\..\Run: [Ckv] C:\WINNT\Htf.exe
O4 - HKCU\..\Run: [Tna] C:\WINNT\System32\Aqg.exe
O4 - HKCU\..\Run: [Bjj] C:\WINNT\Mne.exe
O4 - HKCU\..\Run: [Arb] C:\WINNT\System32\Mja.exe
O4 - HKCU\..\Run: [Ean] C:\WINNT\Krb.exe
O4 - HKCU\..\Run: [Pgu] C:\WINNT\System32\Sld.exe
O4 - HKCU\..\Run: [Bnr] C:\WINNT\System32\Pva.exe
O4 - HKCU\..\Run: [Bpt] C:\WINNT\System32\Foq.exe
O4 - HKCU\..\Run: [Kvp] C:\WINNT\System32\Nqg.exe
O4 - HKCU\..\Run: [Hts] C:\WINNT\Phm.exe
O4 - HKCU\..\Run: [Lvk] C:\WINNT\System32\Cjm.exe
O4 - HKCU\..\Run: [Lhs] C:\WINNT\Vau.exe
O4 - HKCU\..\Run: [Kbe] C:\WINNT\Qqc.exe
O4 - HKCU\..\Run: [Aku] C:\WINNT\Ggb.exe
O4 - HKCU\..\Run: [Fil] C:\WINNT\System32\Amm.exe
O4 - HKCU\..\Run: [Dqh] C:\WINNT\System32\Hpm.exe
O4 - HKCU\..\Run: [Dpm] C:\WINNT\Crl.exe
O4 - HKCU\..\Run: [Pic] C:\WINNT\Nft.exe
O4 - HKCU\..\Run: [Kkh] C:\WINNT\Vsk.exe
O4 - HKCU\..\Run: [Tnl] C:\WINNT\System32\Vms.exe
O4 - HKCU\..\Run: [Jrm] C:\WINNT\Fbk.exe
O4 - HKCU\..\Run: [Ebt] C:\WINNT\Jcc.exe
O4 - HKCU\..\Run: [Als] C:\WINNT\System32\Has.exe
O4 - HKCU\..\Run: [Phc] C:\WINNT\System32\Der.exe
O4 - HKCU\..\Run: [Nlk] C:\WINNT\System32\Ott.exe
O4 - HKCU\..\Run: [Hsp] C:\WINNT\System32\Pis.exe
O4 - HKCU\..\Run: [Umi] C:\WINNT\Ktm.exe
O4 - HKCU\..\Run: [Ntu] C:\WINNT\Ghq.exe
O4 - HKCU\..\Run: [Ppm] C:\WINNT\System32\Ber.exe
O4 - HKCU\..\Run: [Uhl] C:\WINNT\Ftg.exe
O4 - HKCU\..\Run: [Qum] C:\WINNT\System32\Rvn.exe
O4 - HKCU\..\Run: [Uqj] C:\WINNT\Mle.exe
O4 - HKCU\..\Run: [Vqj] C:\WINNT\Kfb.exe
O4 - HKCU\..\Run: [Lrv] C:\WINNT\Nmg.exe
O4 - HKCU\..\Run: [Inr] C:\WINNT\System32\Ppn.exe
O4 - HKCU\..\Run: [Rcs] C:\WINNT\System32\Vsf.exe
O4 - HKCU\..\Run: [Tnu] C:\WINNT\System32\Dsp.exe
O4 - HKCU\..\Run: [Bnu] C:\WINNT\System32\Ert.exe
O4 - HKCU\..\Run: [Mrm] C:\WINNT\Kai.exe
O4 - HKCU\..\Run: [Mus] C:\WINNT\System32\Smf.exe
O4 - HKCU\..\Run: [Vnk] C:\WINNT\Der.exe
O4 - HKCU\..\Run: [Mks] C:\WINNT\Abt.exe
O4 - HKCU\..\Run: [Oun] C:\WINNT\System32\Ukc.exe
O4 - HKCU\..\Run: [Omu] C:\WINNT\System32\Lou.exe
O4 - HKCU\..\Run: [Piq] C:\WINNT\System32\Pdf.exe
O4 - HKCU\..\Run: [Skh] C:\WINNT\Spj.exe
O4 - HKCU\..\Run: [Mhr] C:\WINNT\Lad.exe
O4 - HKCU\..\Run: [Tpr] C:\WINNT\Pqs.exe
O4 - HKCU\..\Run: [Nta] C:\WINNT\Gkj.exe
O4 - HKCU\..\Run: [Rrq] C:\WINNT\System32\Ujd.exe
O4 - HKCU\..\Run: [Dae] C:\WINNT\System32\Vos.exe
O4 - HKCU\..\Run: [Mka] C:\WINNT\System32\Plp.exe
O4 - HKCU\..\Run: [Qci] C:\WINNT\Uus.exe
O4 - HKCU\..\Run: [Kek] C:\WINNT\System32\Spq.exe
O4 - HKCU\..\Run: [Mvf] C:\WINNT\System32\Ntj.exe
O4 - HKCU\..\Run: [Saa] C:\WINNT\Slp.exe
O4 - HKCU\..\Run: [Ahq] C:\WINNT\Ldu.exe
O4 - HKCU\..\Run: [Qmt] C:\WINNT\System32\Lvo.exe
O4 - HKCU\..\Run: [Hgo] C:\WINNT\Ors.exe
O4 - HKCU\..\Run: [Lob] C:\WINNT\System32\Rud.exe
O4 - HKCU\..\Run: [Uod] C:\WINNT\System32\Eml.exe
O4 - HKCU\..\Run: [Siv] C:\WINNT\Qii.exe
O4 - HKCU\..\Run: [Fag] C:\WINNT\Oke.exe
O4 - HKCU\..\Run: [Mop] C:\WINNT\System32\Koq.exe
O4 - HKCU\..\Run: [Mer] C:\WINNT\Ikq.exe
O4 - HKCU\..\Run: [Tuc] C:\WINNT\System32\Nvu.exe
O4 - HKCU\..\Run: [Lme] C:\WINNT\System32\Vis.exe
O4 - HKCU\..\Run: [Piv] C:\WINNT\System32\Jbk.exe
O4 - HKCU\..\Run: [Rrv] C:\WINNT\System32\Pkt.exe
O4 - HKCU\..\Run: [Obc] C:\WINNT\Qfg.exe
O4 - HKCU\..\Run: [Ssp] C:\WINNT\System32\Ttu.exe
O4 - HKCU\..\Run: [Kbv] C:\WINNT\Gfb.exe
O4 - HKCU\..\Run: [Vrg] C:\WINNT\Pej.exe
O4 - HKCU\..\Run: [Vft] C:\WINNT\System32\Iaj.exe
O4 - HKCU\..\Run: [Sbj] C:\WINNT\System32\Evc.exe
O4 - HKCU\..\Run: [Dfn] C:\WINNT\Alg.exe
O4 - HKCU\..\Run: [Aqq] C:\WINNT\System32\Pta.exe
O4 - HKCU\..\Run: [Rmb] C:\WINNT\Pvj.exe
O4 - HKCU\..\Run: [Fmq] C:\WINNT\System32\Fgj.exe
O4 - HKCU\..\Run: [Thl] C:\WINNT\Bvu.exe
O4 - HKCU\..\Run: [Ibl] C:\WINNT\Lob.exe
O4 - HKCU\..\Run: [Teo] C:\WINNT\System32\Rtg.exe
O4 - HKCU\..\Run: [Snd] C:\WINNT\System32\Eli.exe
O4 - HKCU\..\Run: [Kot] C:\WINNT\Gkm.exe
O4 - HKCU\..\Run: [Iuf] C:\WINNT\Koq.exe
O4 - HKCU\..\Run: [Jnu] C:\WINNT\Eei.exe
O4 - HKCU\..\Run: [Jqe] C:\WINNT\Sim.exe
O4 - HKCU\..\Run: [Rie] C:\WINNT\Qnr.exe
O4 - HKCU\..\Run: [Efi] C:\WINNT\Gvj.exe
O4 - HKCU\..\Run: [Cfa] C:\WINNT\Fqb.exe
O4 - HKCU\..\Run: [Vbv] C:\WINNT\Kcr.exe
O4 - HKCU\..\Run: [Anm] C:\WINNT\Ljv.exe
O4 - HKCU\..\Run: [Jcr] C:\WINNT\Iar.exe
O4 - HKCU\..\Run: [Dpe] C:\WINNT\Dko.exe
O4 - HKCU\..\Run: [Cfs] C:\WINNT\Mjq.exe
O4 - HKCU\..\Run: [Dfh] C:\WINNT\Gsq.exe
O4 - HKCU\..\Run: [Foq] C:\WINNT\System32\Aic.exe
O4 - HKCU\..\Run: [Qeb] C:\WINNT\System32\Esc.exe
O4 - HKCU\..\Run: [Ujj] C:\WINNT\System32\Aaf.exe
O4 - HKCU\..\Run: [Bmd] C:\WINNT\Ebf.exe
O4 - HKCU\..\Run: [Ssj] C:\WINNT\Blf.exe
O4 - HKCU\..\Run: [Qpl] C:\WINNT\Qqu.exe
O4 - HKCU\..\Run: [Oge] C:\WINNT\System32\Ctu.exe
O4 - HKCU\..\Run: [Isq] C:\WINNT\System32\Cvi.exe
O4 - HKCU\..\Run: [Ogq] C:\WINNT\System32\Hqn.exe
O4 - HKCU\..\Run: [Ohh] C:\WINNT\System32\Jek.exe
O4 - HKCU\..\Run: [Acs] C:\WINNT\Jhh.exe
O4 - HKCU\..\Run: [Ola] C:\WINNT\Hja.exe
O4 - HKCU\..\Run: [Lup] C:\WINNT\System32\Tbp.exe
O4 - HKCU\..\Run: [Cbe] C:\WINNT\Atc.exe
O4 - HKCU\..\Run: [Nah] C:\WINNT\Jtq.exe
O4 - HKCU\..\Run: [Ecg] C:\WINNT\System32\Vqd.exe
O4 - HKCU\..\Run: [Rkb] C:\WINNT\Jof.exe
O4 - HKCU\..\Run: [Bor] C:\WINNT\System32\Ktn.exe
O4 - HKCU\..\Run: [Mqr] C:\WINNT\System32\Iic.exe
O4 - HKCU\..\Run: [Fqs] C:\WINNT\Dne.exe
O4 - HKCU\..\Run: [Cjv] C:\WINNT\System32\Vjo.exe
O4 - HKCU\..\Run: [Bvp] C:\WINNT\System32\Sft.exe
O4 - HKCU\..\Run: [Qgf] C:\WINNT\System32\Ocb.exe
O4 - HKCU\..\Run: [Pan] C:\WINNT\Vuu.exe
O4 - HKCU\..\Run: [Ift] C:\WINNT\System32\Aoq.exe
O4 - HKCU\..\Run: [Oel] C:\WINNT\System32\Utq.exe
O4 - HKCU\..\Run: [Ljd] C:\WINNT\Dsc.exe
O4 - HKCU\..\Run: [Jft] C:\WINNT\System32\Gcp.exe
O4 - HKCU\..\Run: [Kba] C:\WINNT\Fhl.exe
O4 - HKCU\..\Run: [Gle] C:\WINNT\Cim.exe
O4 - HKCU\..\Run: [Bbl] C:\WINNT\Mhl.exe
O4 - HKCU\..\Run: [Otf] C:\WINNT\System32\Gej.exe
O4 - HKCU\..\Run: [Ihu] C:\WINNT\Rtd.exe
O4 - HKCU\..\Run: [Jmb] C:\WINNT\System32\Hvm.exe
O4 - HKCU\..\Run: [Aje] C:\WINNT\System32\Rad.exe
O4 - HKCU\..\Run: [Ffi] C:\WINNT\Tir.exe
O4 - HKCU\..\Run: [Dis] C:\WINNT\System32\Vgl.exe
O4 - HKCU\..\Run: [Tei] C:\WINNT\System32\Hbf.exe
O4 - HKCU\..\Run: [Ovn] C:\WINNT\Ols.exe
O4 - HKCU\..\Run: [Phr] C:\WINNT\Neu.exe
O4 - HKCU\..\Run: [Euh] C:\WINNT\Iol.exe
O4 - HKCU\..\Run: [Fea] C:\WINNT\Tqr.exe
O4 - HKCU\..\Run: [Pdi] C:\WINNT\Arl.exe
O4 - HKCU\..\Run: [Cvr] C:\WINNT\System32\Cpu.exe
O4 - HKCU\..\Run: [Uao] C:\WINNT\System32\Lfp.exe
O4 - HKCU\..\Run: [Mqi] C:\WINNT\System32\Mso.exe
O4 - HKCU\..\Run: [Ega] C:\WINNT\System32\Ent.exe
O4 - HKCU\..\Run: [Cov] C:\WINNT\System32\Tau.exe
O4 - HKCU\..\Run: [Min] C:\WINNT\System32\Mgq.exe
O4 - HKCU\..\Run: [Kbt] C:\WINNT\Mdc.exe
O4 - HKCU\..\Run: [Upq] C:\WINNT\System32\Mci.exe
O4 - HKCU\..\Run: [Lsd] C:\WINNT\Moa.exe
O4 - HKCU\..\Run: [Ijc] C:\WINNT\System32\Npv.exe
O4 - HKCU\..\Run: [Ute] C:\WINNT\System32\Ttv.exe
O4 - HKCU\..\Run: [Kgi] C:\WINNT\System32\Krd.exe
O4 - HKCU\..\Run: [Qam] C:\WINNT\System32\Ajv.exe
O4 - HKCU\..\Run: [Spl] C:\WINNT\System32\Tql.exe
O4 - HKCU\..\Run: [Mhm] C:\WINNT\Oqv.exe
O4 - HKCU\..\Run: [Pei] C:\WINNT\Dfs.exe
O4 - HKCU\..\Run: [Nnb] C:\WINNT\System32\Oid.exe
O4 - HKCU\..\Run: [Skg] C:\WINNT\Voi.exe
O4 - HKCU\..\Run: [Ail] C:\WINNT\Bos.exe
O4 - HKCU\..\Run: [Gar] C:\WINNT\System32\Sgk.exe
O4 - HKCU\..\Run: [Ase] C:\WINNT\System32\Lfr.exe
O4 - HKCU\..\Run: [Tgv] C:\WINNT\System32\Cbn.exe
O4 - HKCU\..\Run: [Oav] C:\WINNT\System32\Mde.exe
O4 - HKCU\..\Run: [Plo] C:\WINNT\System32\Ufr.exe
O4 - HKCU\..\Run: [Gjt] C:\WINNT\System32\Vgv.exe
O4 - HKCU\..\Run: [Uvn] C:\WINNT\System32\Cbd.exe
O4 - HKCU\..\Run: [Snk] C:\WINNT\System32\Jkj.exe
O4 - HKCU\..\Run: [Cbt] C:\WINNT\System32\Kha.exe
O4 - HKCU\..\Run: [Tud] C:\WINNT\System32\Mfb.exe
O4 - HKCU\..\Run: [Jhr] C:\WINNT\System32\Svv.exe
O4 - HKCU\..\Run: [Sso] C:\WINNT\Qqu.exe
O4 - HKCU\..\Run: [Fpm] C:\WINNT\System32\Ipp.exe
O4 - HKCU\..\Run: [Gsv] C:\WINNT\Kca.exe
O4 - HKCU\..\Run: [Fjc] C:\WINNT\System32\Qer.exe
O4 - HKCU\..\Run: [Cbr] C:\WINNT\Gvd.exe
O4 - HKCU\..\Run: [Trh] C:\WINNT\Ijt.exe
O4 - HKCU\..\Run: [Mfm] C:\WINNT\System32\Fdu.exe
O4 - HKCU\..\Run: [Clf] C:\WINNT\System32\Ogu.exe
O4 - HKCU\..\Run: [Ovi] C:\WINNT\Rlk.exe
O4 - HKCU\..\Run: [Rdu] C:\WINNT\System32\Smk.exe
O4 - HKCU\..\Run: [Mrf] C:\WINNT\Iju.exe
O4 - HKCU\..\Run: [Enu] C:\WINNT\Nca.exe
O4 - HKCU\..\Run: [Ese] C:\WINNT\System32\Mvb.exe
O4 - HKCU\..\Run: [Ist] C:\WINNT\System32\Hmd.exe
O4 - HKCU\..\Run: [Qls] C:\WINNT\System32\Rcf.exe
O4 - HKCU\..\Run: [Ndq] C:\WINNT\Atr.exe
O4 - HKCU\..\Run: [Ino] C:\WINNT\System32\Ibf.exe
O4 - HKCU\..\Run: [Rgu] C:\WINNT\System32\Jmh.exe
O4 - HKCU\..\Run: [Ojl] C:\WINNT\Tak.exe
O4 - HKCU\..\Run: [Otl] C:\WINNT\Ums.exe
O4 - HKCU\..\Run: [Fru] C:\WINNT\Cvs.exe
O4 - HKCU\..\Run: [Lrg] C:\WINNT\Vsg.exe
O4 - HKCU\..\Run: [Tru] C:\WINNT\System32\Les.exe
O4 - HKCU\..\Run: [Vdi] C:\WINNT\System32\Gek.exe
O4 - HKCU\..\Run: [Tle] C:\WINNT\Fsd.exe
O4 - HKCU\..\Run: [Msb] C:\WINNT\System32\Rkl.exe
O4 - HKCU\..\Run: [Pqn] C:\WINNT\System32\Ffs.exe
O4 - HKCU\..\Run: [Hqn] C:\WINNT\Cnk.exe
O4 - HKCU\..\Run: [Mul] C:\WINNT\System32\Eqo.exe
O4 - HKCU\..\Run: [Qmr] C:\WINNT\System32\Fua.exe
O4 - HKCU\..\Run: [Kgj] C:\WINNT\Osf.exe
O4 - HKCU\..\Run: [Bjv] C:\WINNT\System32\Cre.exe
O4 - HKCU\..\Run: [Tap] C:\WINNT\System32\Ekc.exe
O4 - HKCU\..\Run: [Aic] C:\WINNT\Gkm.exe
O4 - HKCU\..\Run: [Utk] C:\WINNT\System32\Dkc.exe
O4 - HKCU\..\Run: [Ntk] C:\WINNT\System32\Rfd.exe
O4 - HKCU\..\Run: [Pdj] C:\WINNT\Eeu.exe
O4 - HKCU\..\Run: [Hte] C:\WINNT\Gbr.exe
O4 - HKCU\..\Run: [Vsg] C:\WINNT\System32\Hru.exe
O4 - HKCU\..\Run: [Amt] C:\WINNT\Rdn.exe
O4 - HKCU\..\Run: [Rrt] C:\WINNT\System32\Pbm.exe
O4 - HKCU\..\Run: [Vlh] C:\WINNT\System32\Etb.exe
O4 - HKCU\..\Run: [Rdb] C:\WINNT\Ojl.exe
O4 - HKCU\..\Run: [Tdm] C:\WINNT\Drr.exe
O4 - HKCU\..\Run: [Cpn] C:\WINNT\System32\Sro.exe
O4 - HKCU\..\Run: [Sgj] C:\WINNT\Man.exe
O4 - HKCU\..\Run: [Bhf] C:\WINNT\Jhr.exe
O4 - HKCU\..\Run: [Nol] C:\WINNT\Upc.exe
O4 - HKCU\..\Run: [Ujo] C:\WINNT\System32\Ugp.exe
O4 - HKCU\..\Run: [Qev] C:\WINNT\Lup.exe
O4 - HKCU\..\Run: [Gtm] C:\WINNT\Lqq.exe
O4 - HKCU\..\Run: [Qol] C:\WINNT\Qru.exe
O4 - HKCU\..\Run: [Ouf] C:\WINNT\Gdh.exe
O4 - HKCU\..\Run: [Njr] C:\WINNT\System32\Qvj.exe
O4 - HKCU\..\Run: [Lbn] C:\WINNT\System32\Flu.exe
O4 - HKCU\..\Run: [Beq] C:\WINNT\Hil.exe
O4 - HKCU\..\Run: [Ncc] C:\WINNT\System32\Ieg.exe
O4 - HKCU\..\Run: [Uos] C:\WINNT\Ivl.exe
O4 - HKCU\..\Run: [Kum] C:\WINNT\System32\Uni.exe
O4 - HKCU\..\Run: [Foi] C:\WINNT\System32\Bpr.exe
O4 - HKCU\..\Run: [Knv] C:\WINNT\Bcq.exe
O4 - HKCU\..\Run: [Ebq] C:\WINNT\Kob.exe
O4 - HKCU\..\Run: [Gbh] C:\WINNT\System32\Qjj.exe
O4 - HKCU\..\Run: [Ubt] C:\WINNT\System32\Jri.exe
O4 - HKCU\..\Run: [Vfd] C:\WINNT\Mks.exe
O4 - HKCU\..\Run: [Lqo] C:\WINNT\Pdp.exe
O4 - HKCU\..\Run: [Qtp] C:\WINNT\Kcu.exe
O4 - HKCU\..\Run: [Tfn] C:\WINNT\Sfu.exe
O4 - HKCU\..\Run: [Pgq] C:\WINNT\System32\Phi.exe
O4 - HKCU\..\Run: [Hjb] C:\WINNT\System32\Hvf.exe
O4 - HKCU\..\Run: [Goi] C:\WINNT\Cot.exe
O4 - HKCU\..\Run: [Vqs] C:\WINNT\Jmi.exe
O4 - HKCU\..\Run: [Cdv] C:\WINNT\Btt.exe
O4 - HKCU\..\Run: [Ehb] C:\WINNT\Tlj.exe
O4 - HKCU\..\Run: [Jpg] C:\WINNT\System32\Gau.exe
O4 - HKCU\..\Run: [Tlk] C:\WINNT\Ies.exe
O4 - HKCU\..\Run: [Huu] C:\WINNT\System32\Dfi.exe
O4 - HKCU\..\Run: [Dee] C:\WINNT\System32\Feb.exe
O4 - HKCU\..\Run: [Dvm] C:\WINNT\Bvj.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Word\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {20ECD97A-1DC7-415B-A993-5B41E122321A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {20ECD97A-1DC7-415B-A993-5B41E122321A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {31604436-7F01-41FB-BFFF-70E2A1970CC9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {31604436-7F01-41FB-BFFF-70E2A1970CC9} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {44072139-2461-46F2-90F5-4B0C0134ADEC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44072139-2461-46F2-90F5-4B0C0134ADEC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4B4648C3-E3CB-4060-B0B3-6026EF38A3CB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4B4648C3-E3CB-4060-B0B3-6026EF38A3CB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5D192439-85C5-4FE6-86D4-F3C6D8733A48} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D192439-85C5-4FE6-86D4-F3C6D8733A48} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6449EFA9-1716-4E15-AC28-B19B00CAFBDE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6449EFA9-1716-4E15-AC28-B19B00CAFBDE} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {933734F8-F946-4304-8718-62D6ABD8036E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {933734F8-F946-4304-8718-62D6ABD8036E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D2470562-CBC0-436A-B409-AE9EBD1D0DDA} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D2470562-CBC0-436A-B409-AE9EBD1D0DDA} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {DB12F53E-3827-43B6-B265-4AE4BC24BAD0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DB12F53E-3827-43B6-B265-4AE4BC24BAD0} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ED24AF35-4664-49B1-A79E-976EE93C3FB0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ED24AF35-4664-49B1-A79E-976EE93C3FB0} - (no file) (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service
jbhlaw
Regular Member
 
Posts: 33
Joined: March 22nd, 2005, 6:06 pm

Unread postby jbhlaw » March 28th, 2005, 11:05 am

It appears the last post did not include all of the HJT log. Here is the rest.

(navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINNT\system32\ZoneLabs\vsmon.exe


I look forward to hearing from you.
jbhlaw
Regular Member
 
Posts: 33
Joined: March 22nd, 2005, 6:06 pm

Unread postby njustice » March 28th, 2005, 8:14 pm

Hi jbhlaw,

Download PocketKillbox from http://www.bleepingcomputer.com/files/s ... illBox.zip

Use Ctrl-Alt-Del and try to end these tasks
C:\WINNT\System32\Nvc.exe
C:\winnt\system32\swcroot.exe


Unzip and run the killbox you downloaded
choose Tools > Delete Temp Files and click OK


Run HijackThis again and check then fix all the 3 letter O4 specials - here's a partial list for reference:

O4 - HKLM\..\Run: [Vtc] C:\WINNT\Vjp.exe
O4 - HKLM\..\Run: [Rib] C:\WINNT\System32\Rei.exe
O4 - HKLM\..\Run: [Qhb] C:\WINNT\System32\Kcn.exe
O4 - HKLM\..\Run: [Klv] C:\WINNT\System32\Hpv.exe
O4 - HKLM\..\Run: [Eoq] C:\WINNT\System32\Jjd.exe
O4 - HKLM\..\Run: [Mge] C:\WINNT\Dnt.exe
O4 - HKLM\..\Run: [Scj] C:\WINNT\Btb.exe
O4 - HKLM\..\Run: [Lqu] C:\WINNT\System32\Lus.exe
O4 - HKLM\..\Run: [Nas] C:\WINNT\Jlo.exe
O4 - HKLM\..\Run: [Tph] C:\WINNT\Ebs.exe
O4 - HKLM\..\Run: [Dru] C:\WINNT\System32\Kmd.exe
O4 - HKLM\..\Run: [Vnm] C:\WINNT\System32\Amv.exe
O4 - HKLM\..\Run: [Ono] C:\WINNT\System32\Vhs.exe
O4 - HKLM\..\Run: [Qqm] C:\WINNT\Qls.exe
O4 - HKLM\..\Run: [Onl] C:\WINNT\System32\Lro.exe


Run killbox again and put a mark next to "Delete on Reboot". Copy and paste the following filenames into the box, then click the red button with the X after each.

C:\WINNT\System32\Nvc.exe

Click No when asked to reboot.

Now paste this line:
C:\winnt\system32\swcroot.exe

Click Yes to reboot.

Does your anti-virus scanner have up-to-date definition files?

At any rate, when the list is cut down to a reasonable length using HJT - reboot and post another log.
njustice
Regular Member
 
Posts: 108
Joined: February 24th, 2005, 2:55 pm

Unread postby jbhlaw » March 29th, 2005, 10:51 am

Check. Here is the new (and remarkably shortened) HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:40:21 AM, on 3/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\Hip.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bodog.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Ktj] C:\WINNT\System32\Spl.exe
O4 - HKCU\..\Run: [Lfc] C:\WINNT\Hip.exe
O4 - HKCU\..\Run: [Ktj] C:\WINNT\System32\Spl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Word\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Microsoft AntiSpyware helper - {20ECD97A-1DC7-415B-A993-5B41E122321A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {20ECD97A-1DC7-415B-A993-5B41E122321A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {31604436-7F01-41FB-BFFF-70E2A1970CC9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {31604436-7F01-41FB-BFFF-70E2A1970CC9} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {44072139-2461-46F2-90F5-4B0C0134ADEC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44072139-2461-46F2-90F5-4B0C0134ADEC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4B4648C3-E3CB-4060-B0B3-6026EF38A3CB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4B4648C3-E3CB-4060-B0B3-6026EF38A3CB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5D192439-85C5-4FE6-86D4-F3C6D8733A48} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D192439-85C5-4FE6-86D4-F3C6D8733A48} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6449EFA9-1716-4E15-AC28-B19B00CAFBDE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6449EFA9-1716-4E15-AC28-B19B00CAFBDE} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {933734F8-F946-4304-8718-62D6ABD8036E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {933734F8-F946-4304-8718-62D6ABD8036E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D2470562-CBC0-436A-B409-AE9EBD1D0DDA} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D2470562-CBC0-436A-B409-AE9EBD1D0DDA} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {DB12F53E-3827-43B6-B265-4AE4BC24BAD0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DB12F53E-3827-43B6-B265-4AE4BC24BAD0} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ED24AF35-4664-49B1-A79E-976EE93C3FB0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ED24AF35-4664-49B1-A79E-976EE93C3FB0} - (no file) (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINNT\system32\ZoneLabs\vsmon.exe


And to keep you posted on the performance of my computer, here is some information:

1. All antivirus software is up to date.
2. After running Adaware, I had only two objects identified.
3. After running Spybot, I had only two objects identified.
4. Prior to completing the latest instructions, IExplorer continues to open to an ad page on its own. When I leave my computer and come back, there are several pages open to various ads.
5. I continued to have a Spyware ad (which looks like a web-page) popping up. It comes from the following: C:\WINNT\Mef.html. However, the three letters before .html changes every time it pops up.
6. I still cannot access my scheduler from another computer, which I could do before all of this.
7. Just for kicks again, after removing the 04 exe files in HJT, I attempted to check and fix 023 - Service: Websearch Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA ~1\Toolbar\TBPSSvc.exe (file missing) It would not remove it.

I feel like we are making headway. I await further instructions.
jbhlaw
Regular Member
 
Posts: 33
Joined: March 22nd, 2005, 6:06 pm

Unread postby njustice » March 29th, 2005, 11:04 am

jbhlaw,

Let's continue on with the fix...

===============

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINNT\Hip.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [Ktj] C:\WINNT\System32\Spl.exe
O4 - HKCU\..\Run: [Lfc] C:\WINNT\Hip.exe
O4 - HKCU\..\Run: [Ktj] C:\WINNT\System32\Spl.exe

O9 - Extra button: Microsoft AntiSpyware helper - {20ECD97A-1DC7-415B-A993-5B41E122321A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {20ECD97A-1DC7-415B-A993-5B41E122321A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {31604436-7F01-41FB-BFFF-70E2A1970CC9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {31604436-7F01-41FB-BFFF-70E2A1970CC9} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {44072139-2461-46F2-90F5-4B0C0134ADEC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {44072139-2461-46F2-90F5-4B0C0134ADEC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4B4648C3-E3CB-4060-B0B3-6026EF38A3CB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4B4648C3-E3CB-4060-B0B3-6026EF38A3CB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5D192439-85C5-4FE6-86D4-F3C6D8733A48} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D192439-85C5-4FE6-86D4-F3C6D8733A48} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6449EFA9-1716-4E15-AC28-B19B00CAFBDE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6449EFA9-1716-4E15-AC28-B19B00CAFBDE} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {933734F8-F946-4304-8718-62D6ABD8036E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {933734F8-F946-4304-8718-62D6ABD8036E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D2470562-CBC0-436A-B409-AE9EBD1D0DDA} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D2470562-CBC0-436A-B409-AE9EBD1D0DDA} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {DB12F53E-3827-43B6-B265-4AE4BC24BAD0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DB12F53E-3827-43B6-B265-4AE4BC24BAD0} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ED24AF35-4664-49B1-A79E-976EE93C3FB0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ED24AF35-4664-49B1-A79E-976EE93C3FB0} - (no file) (HKCU)

O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Run killbox again and put a mark next to "Delete on Reboot". Copy and paste the following filenames into the box, then click the red button with the X after each.

C:\WINNT\Hip.exe

Click No when asked to reboot.

Now paste this line:

C:\WINNT\System32\Spl.exe

Click Yes to reboot.

===============

Locate and delete the following item(s), if present. Make sure your able to"view system and hidden files/folders":

files...

C:\WINNT\Hip.exe
C:\WINNT\System32\Spl.exe

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Post back a new log, report any problems and let me know how everything goes.

IMPORTANT! PLEASE do not restart your computer unless asked, restarting can reinfect your computer resulting in us starting the cleaning up process all over!

-

~Njustice~
njustice
Regular Member
 
Posts: 108
Joined: February 24th, 2005, 2:55 pm

Unread postby jbhlaw » March 29th, 2005, 11:53 am

Check. Neither of those files were found. However, as you will see, some of the 04 .exe files are coming back. I would prefer to get them before it becomes over 1000 again. Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 9:50:54 AM, on 3/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\Fgk.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bodog.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Tvb] C:\WINNT\Fgk.exe
O4 - HKLM\..\Run: [Brf] C:\WINNT\Lgv.exe
O4 - HKLM\..\Run: [Uoc] C:\WINNT\System32\Mdr.exe
O4 - HKLM\..\Run: [Sni] C:\WINNT\System32\Rkd.exe
O4 - HKLM\..\Run: [Beh] C:\WINNT\System32\Pkt.exe
O4 - HKCU\..\Run: [Tvb] C:\WINNT\Fgk.exe
O4 - HKCU\..\Run: [Brf] C:\WINNT\Lgv.exe
O4 - HKCU\..\Run: [Uoc] C:\WINNT\System32\Mdr.exe
O4 - HKCU\..\Run: [Sni] C:\WINNT\System32\Rkd.exe
O4 - HKCU\..\Run: [Beh] C:\WINNT\System32\Pkt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Word\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINNT\system32\ZoneLabs\vsmon.exe


I'll wait for the next move, and will not reboot until told.
jbhlaw
Regular Member
 
Posts: 33
Joined: March 22nd, 2005, 6:06 pm

Unread postby njustice » March 29th, 2005, 6:11 pm

Hello jbhlaw, you may want to print this out:

Download this tool from Symantec to your desktop.

http://securityresponse.symantec.com/avcenter/FxHuntbr.exe

Disconnect from the internet.

Double click the FxHuntbr.exe you just downloaded to the desktop.

Click "Start".

When scan is done click OK.

===============

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINNT\Fgk.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


O4 - HKLM\..\Run: [Tvb] C:\WINNT\Fgk.exe
O4 - HKLM\..\Run: [Brf] C:\WINNT\Lgv.exe
O4 - HKLM\..\Run: [Uoc] C:\WINNT\System32\Mdr.exe
O4 - HKLM\..\Run: [Sni] C:\WINNT\System32\Rkd.exe
O4 - HKLM\..\Run: [Beh] C:\WINNT\System32\Pkt.exe
O4 - HKCU\..\Run: [Tvb] C:\WINNT\Fgk.exe
O4 - HKCU\..\Run: [Brf] C:\WINNT\Lgv.exe
O4 - HKCU\..\Run: [Uoc] C:\WINNT\System32\Mdr.exe
O4 - HKCU\..\Run: [Sni] C:\WINNT\System32\Rkd.exe
O4 - HKCU\..\Run: [Beh] C:\WINNT\System32\Pkt.exe

O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Run killbox again and put a mark next to "Delete on Reboot". Copy and paste the following filenames into the box, then click the red button with the X after each.

C:\WINNT\Fgk.exe
Click No when asked to reboot.

Now paste this line:
C:\WINNT\Lgv.exe
Click No when asked to reboot.

Now paste this line:
C:\WINNT\System32\Mdr.exe
Click No when asked to reboot.

Now paste this line:
C:\WINNT\System32\Rkd.exe
Click No when asked to reboot.

Now paste this line:
C:\WINNT\System32\Pkt.exe
Click No when asked to reboot.

Now paste this line:
C:\PROGRAM FILES\Toolbar\TBPSSvc.exe

Click Yes to reboot.

===============


Locate and delete the following item(s), if present. Make sure your able to"view system and hidden files/folders":

files...

C:\WINNT\Fgk.exe
C:\WINNT\Lgv.exe
C:\WINNT\System32\Mdr.exe
C:\WINNT\System32\Rkd.exe
C:\WINNT\System32\Pkt.exe

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Run this free online scan http://www.bitdefender.com/scan/licence.php

===============

Go to your system32 folder and look for any 3 letter .exe files. They should be 8kb in filesize. Check the properties of these file, they should have the same date and filesize, delete any found.


===============

Download this regfix to your desktop http://forums.net-integration.net/index.php?act=Attach&type=post&id=139544

Now Double click the fixregXP.reg file on your desktop.

Click Yes to merge.

===============

Post back a new log, report any problems and let me know how everything goes.

IMPORTANT! PLEASE do not restart your computer unless asked, restarting can reinfect your computer resulting in us starting the cleaning up process all over!

-

~Njustice~
njustice
Regular Member
 
Posts: 108
Joined: February 24th, 2005, 2:55 pm

Unread postby jbhlaw » March 30th, 2005, 11:26 am

nJustice,

Check, check and check. My new HJT log follows:

Logfile of HijackThis v1.99.1
Scan saved at 9:29:08 AM, on 3/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\Ced.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bodog.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Icr] C:\WINNT\Ced.exe
O4 - HKLM\..\Run: [Olt] C:\WINNT\Cbn.exe
O4 - HKLM\..\Run: [Gmg] C:\WINNT\System32\Sls.exe
O4 - HKLM\..\Run: [Bdt] C:\WINNT\Mpf.exe
O4 - HKLM\..\Run: [Ush] C:\WINNT\Odb.exe
O4 - HKLM\..\Run: [Vbl] C:\WINNT\Qrb.exe
O4 - HKLM\..\Run: [Ulb] C:\WINNT\Igf.exe
O4 - HKLM\..\Run: [Pjs] C:\WINNT\Qik.exe
O4 - HKLM\..\Run: [Rop] C:\WINNT\System32\Haf.exe
O4 - HKLM\..\Run: [Vfo] C:\WINNT\Mck.exe
O4 - HKLM\..\Run: [Liq] C:\WINNT\Dtk.exe
O4 - HKLM\..\Run: [Lbr] C:\WINNT\System32\Tng.exe
O4 - HKLM\..\Run: [Cvh] C:\WINNT\Jdb.exe
O4 - HKLM\..\Run: [Ugk] C:\WINNT\Rub.exe
O4 - HKLM\..\Run: [Klo] C:\WINNT\Aji.exe
O4 - HKLM\..\Run: [Ktc] C:\WINNT\Krr.exe
O4 - HKLM\..\Run: [Okr] C:\WINNT\Avc.exe
O4 - HKLM\..\Run: [Jhd] C:\WINNT\Lns.exe
O4 - HKLM\..\Run: [Ehv] C:\WINNT\Hmg.exe
O4 - HKLM\..\Run: [Mhb] C:\WINNT\System32\Ova.exe
O4 - HKLM\..\Run: [Ufm] C:\WINNT\System32\Lqc.exe
O4 - HKLM\..\Run: [Bpg] C:\WINNT\System32\Bbo.exe
O4 - HKLM\..\Run: [Jkl] C:\WINNT\Rkn.exe
O4 - HKLM\..\Run: [Aur] C:\WINNT\Reo.exe
O4 - HKLM\..\Run: [Pdm] C:\WINNT\Ppb.exe
O4 - HKLM\..\Run: [Cge] C:\WINNT\System32\Sid.exe
O4 - HKLM\..\Run: [Vum] C:\WINNT\System32\Bft.exe
O4 - HKLM\..\Run: [Mvr] C:\WINNT\System32\Eqo.exe
O4 - HKLM\..\Run: [Uvq] C:\WINNT\Icb.exe
O4 - HKLM\..\Run: [Bhu] C:\WINNT\Aio.exe
O4 - HKLM\..\Run: [Dbb] C:\WINNT\System32\Cfh.exe
O4 - HKLM\..\Run: [Dus] C:\WINNT\Jdq.exe
O4 - HKLM\..\Run: [Kok] C:\WINNT\System32\Ctj.exe
O4 - HKLM\..\Run: [Raa] C:\WINNT\Plo.exe
O4 - HKLM\..\Run: [Tvr] C:\WINNT\Rus.exe
O4 - HKLM\..\Run: [Isi] C:\WINNT\System32\Vbi.exe
O4 - HKLM\..\Run: [Qvh] C:\WINNT\System32\Puq.exe
O4 - HKLM\..\Run: [Rke] C:\WINNT\Ihm.exe
O4 - HKLM\..\Run: [Atu] C:\WINNT\Rtn.exe
O4 - HKLM\..\Run: [Vvq] C:\WINNT\System32\Ljj.exe
O4 - HKLM\..\Run: [Euo] C:\WINNT\Djs.exe
O4 - HKLM\..\Run: [Sbg] C:\WINNT\Kbd.exe
O4 - HKLM\..\Run: [Fvj] C:\WINNT\System32\Isi.exe
O4 - HKLM\..\Run: [Cae] C:\WINNT\System32\Qqa.exe
O4 - HKLM\..\Run: [Jin] C:\WINNT\System32\Uud.exe
O4 - HKLM\..\Run: [Fpf] C:\WINNT\Ulr.exe
O4 - HKLM\..\Run: [Ekk] C:\WINNT\Gea.exe
O4 - HKLM\..\Run: [Nkq] C:\WINNT\System32\Uva.exe
O4 - HKLM\..\Run: [Rtj] C:\WINNT\Ndt.exe
O4 - HKLM\..\Run: [Gtu] C:\WINNT\System32\Sbs.exe
O4 - HKLM\..\Run: [Tdr] C:\WINNT\Vgc.exe
O4 - HKLM\..\Run: [Knf] C:\WINNT\System32\Unq.exe
O4 - HKLM\..\Run: [Qgo] C:\WINNT\System32\Don.exe
O4 - HKLM\..\Run: [Lip] C:\WINNT\Mou.exe
O4 - HKLM\..\Run: [Kjf] C:\WINNT\Vej.exe
O4 - HKLM\..\Run: [Rfi] C:\WINNT\System32\Mmk.exe
O4 - HKLM\..\Run: [Mlc] C:\WINNT\System32\Aep.exe
O4 - HKLM\..\Run: [Klr] C:\WINNT\System32\Fnd.exe
O4 - HKLM\..\Run: [Kbm] C:\WINNT\Enc.exe
O4 - HKLM\..\Run: [Ruo] C:\WINNT\System32\Tbg.exe
O4 - HKLM\..\Run: [Jik] C:\WINNT\Mck.exe
O4 - HKLM\..\Run: [Gut] C:\WINNT\System32\Bgp.exe
O4 - HKLM\..\Run: [Gia] C:\WINNT\Vdq.exe
O4 - HKLM\..\Run: [Hbi] C:\WINNT\System32\Bpr.exe
O4 - HKLM\..\Run: [Frp] C:\WINNT\System32\Qpc.exe
O4 - HKLM\..\Run: [Ape] C:\WINNT\Qig.exe
O4 - HKLM\..\Run: [Rrm] C:\WINNT\Upq.exe
O4 - HKLM\..\Run: [Gnd] C:\WINNT\Jio.exe
O4 - HKLM\..\Run: [Frc] C:\WINNT\Nsc.exe
O4 - HKLM\..\Run: [Hsg] C:\WINNT\System32\Qoe.exe
O4 - HKLM\..\Run: [Oog] C:\WINNT\System32\Jgv.exe
O4 - HKLM\..\Run: [Pct] C:\WINNT\Cbe.exe
O4 - HKLM\..\Run: [Pcs] C:\WINNT\Rib.exe
O4 - HKLM\..\Run: [Fgs] C:\WINNT\System32\Epf.exe
O4 - HKLM\..\Run: [Ksv] C:\WINNT\System32\Rar.exe
O4 - HKLM\..\Run: [Maj] C:\WINNT\System32\Rkh.exe
O4 - HKLM\..\Run: [Sgs] C:\WINNT\Hdq.exe
O4 - HKLM\..\Run: [Lch] C:\WINNT\Pnq.exe
O4 - HKLM\..\Run: [Ikr] C:\WINNT\System32\Rpb.exe
O4 - HKLM\..\Run: [Mor] C:\WINNT\System32\Dfk.exe
O4 - HKLM\..\Run: [Ndc] C:\WINNT\System32\Irp.exe
O4 - HKLM\..\Run: [Kru] C:\WINNT\Fdm.exe
O4 - HKLM\..\Run: [Tdg] C:\WINNT\Spo.exe
O4 - HKLM\..\Run: [Ecf] C:\WINNT\Tfk.exe
O4 - HKLM\..\Run: [Oin] C:\WINNT\Sqa.exe
O4 - HKLM\..\Run: [Gjj] C:\WINNT\System32\Itp.exe
O4 - HKCU\..\Run: [Icr] C:\WINNT\Ced.exe
O4 - HKCU\..\Run: [Olt] C:\WINNT\Cbn.exe
O4 - HKCU\..\Run: [Gmg] C:\WINNT\System32\Sls.exe
O4 - HKCU\..\Run: [Bdt] C:\WINNT\Mpf.exe
O4 - HKCU\..\Run: [Ush] C:\WINNT\Odb.exe
O4 - HKCU\..\Run: [Vbl] C:\WINNT\Qrb.exe
O4 - HKCU\..\Run: [Ulb] C:\WINNT\Igf.exe
O4 - HKCU\..\Run: [Pjs] C:\WINNT\Qik.exe
O4 - HKCU\..\Run: [Rop] C:\WINNT\System32\Haf.exe
O4 - HKCU\..\Run: [Vfo] C:\WINNT\Mck.exe
O4 - HKCU\..\Run: [Liq] C:\WINNT\Dtk.exe
O4 - HKCU\..\Run: [Lbr] C:\WINNT\System32\Tng.exe
O4 - HKCU\..\Run: [Cvh] C:\WINNT\Jdb.exe
O4 - HKCU\..\Run: [Ugk] C:\WINNT\Rub.exe
O4 - HKCU\..\Run: [Klo] C:\WINNT\Aji.exe
O4 - HKCU\..\Run: [Ktc] C:\WINNT\Krr.exe
O4 - HKCU\..\Run: [Okr] C:\WINNT\Avc.exe
O4 - HKCU\..\Run: [Jhd] C:\WINNT\Lns.exe
O4 - HKCU\..\Run: [Ehv] C:\WINNT\Hmg.exe
O4 - HKCU\..\Run: [Mhb] C:\WINNT\System32\Ova.exe
O4 - HKCU\..\Run: [Ufm] C:\WINNT\System32\Lqc.exe
O4 - HKCU\..\Run: [Bpg] C:\WINNT\System32\Bbo.exe
O4 - HKCU\..\Run: [Jkl] C:\WINNT\Rkn.exe
O4 - HKCU\..\Run: [Aur] C:\WINNT\Reo.exe
O4 - HKCU\..\Run: [Pdm] C:\WINNT\Ppb.exe
O4 - HKCU\..\Run: [Cge] C:\WINNT\System32\Sid.exe
O4 - HKCU\..\Run: [Vum] C:\WINNT\System32\Bft.exe
O4 - HKCU\..\Run: [Mvr] C:\WINNT\System32\Eqo.exe
O4 - HKCU\..\Run: [Uvq] C:\WINNT\Icb.exe
O4 - HKCU\..\Run: [Bhu] C:\WINNT\Aio.exe
O4 - HKCU\..\Run: [Dbb] C:\WINNT\System32\Cfh.exe
O4 - HKCU\..\Run: [Dus] C:\WINNT\Jdq.exe
O4 - HKCU\..\Run: [Kok] C:\WINNT\System32\Ctj.exe
O4 - HKCU\..\Run: [Raa] C:\WINNT\Plo.exe
O4 - HKCU\..\Run: [Tvr] C:\WINNT\Rus.exe
O4 - HKCU\..\Run: [Isi] C:\WINNT\System32\Vbi.exe
O4 - HKCU\..\Run: [Qvh] C:\WINNT\System32\Puq.exe
O4 - HKCU\..\Run: [Rke] C:\WINNT\Ihm.exe
O4 - HKCU\..\Run: [Atu] C:\WINNT\Rtn.exe
O4 - HKCU\..\Run: [Vvq] C:\WINNT\System32\Ljj.exe
O4 - HKCU\..\Run: [Euo] C:\WINNT\Djs.exe
O4 - HKCU\..\Run: [Sbg] C:\WINNT\Kbd.exe
O4 - HKCU\..\Run: [Fvj] C:\WINNT\System32\Isi.exe
O4 - HKCU\..\Run: [Cae] C:\WINNT\System32\Qqa.exe
O4 - HKCU\..\Run: [Jin] C:\WINNT\System32\Uud.exe
O4 - HKCU\..\Run: [Fpf] C:\WINNT\Ulr.exe
O4 - HKCU\..\Run: [Ekk] C:\WINNT\Gea.exe
O4 - HKCU\..\Run: [Nkq] C:\WINNT\System32\Uva.exe
O4 - HKCU\..\Run: [Rtj] C:\WINNT\Ndt.exe
O4 - HKCU\..\Run: [Gtu] C:\WINNT\System32\Sbs.exe
O4 - HKCU\..\Run: [Tdr] C:\WINNT\Vgc.exe
O4 - HKCU\..\Run: [Knf] C:\WINNT\System32\Unq.exe
O4 - HKCU\..\Run: [Qgo] C:\WINNT\System32\Don.exe
O4 - HKCU\..\Run: [Lip] C:\WINNT\Mou.exe
O4 - HKCU\..\Run: [Kjf] C:\WINNT\Vej.exe
O4 - HKCU\..\Run: [Rfi] C:\WINNT\System32\Mmk.exe
O4 - HKCU\..\Run: [Mlc] C:\WINNT\System32\Aep.exe
O4 - HKCU\..\Run: [Klr] C:\WINNT\System32\Fnd.exe
O4 - HKCU\..\Run: [Kbm] C:\WINNT\Enc.exe
O4 - HKCU\..\Run: [Ruo] C:\WINNT\System32\Tbg.exe
O4 - HKCU\..\Run: [Jik] C:\WINNT\Mck.exe
O4 - HKCU\..\Run: [Gut] C:\WINNT\System32\Bgp.exe
O4 - HKCU\..\Run: [Gia] C:\WINNT\Vdq.exe
O4 - HKCU\..\Run: [Hbi] C:\WINNT\System32\Bpr.exe
O4 - HKCU\..\Run: [Frp] C:\WINNT\System32\Qpc.exe
O4 - HKCU\..\Run: [Ape] C:\WINNT\Qig.exe
O4 - HKCU\..\Run: [Rrm] C:\WINNT\Upq.exe
O4 - HKCU\..\Run: [Gnd] C:\WINNT\Jio.exe
O4 - HKCU\..\Run: [Frc] C:\WINNT\Nsc.exe
O4 - HKCU\..\Run: [Hsg] C:\WINNT\System32\Qoe.exe
O4 - HKCU\..\Run: [Oog] C:\WINNT\System32\Jgv.exe
O4 - HKCU\..\Run: [Pct] C:\WINNT\Cbe.exe
O4 - HKCU\..\Run: [Pcs] C:\WINNT\Rib.exe
O4 - HKCU\..\Run: [Fgs] C:\WINNT\System32\Epf.exe
O4 - HKCU\..\Run: [Ksv] C:\WINNT\System32\Rar.exe
O4 - HKCU\..\Run: [Maj] C:\WINNT\System32\Rkh.exe
O4 - HKCU\..\Run: [Sgs] C:\WINNT\Hdq.exe
O4 - HKCU\..\Run: [Lch] C:\WINNT\Pnq.exe
O4 - HKCU\..\Run: [Ikr] C:\WINNT\System32\Rpb.exe
O4 - HKCU\..\Run: [Mor] C:\WINNT\System32\Dfk.exe
O4 - HKCU\..\Run: [Ndc] C:\WINNT\System32\Irp.exe
O4 - HKCU\..\Run: [Kru] C:\WINNT\Fdm.exe
O4 - HKCU\..\Run: [Tdg] C:\WINNT\Spo.exe
O4 - HKCU\..\Run: [Ecf] C:\WINNT\Tfk.exe
O4 - HKCU\..\Run: [Oin] C:\WINNT\Sqa.exe
O4 - HKCU\..\Run: [Gjj] C:\WINNT\System32\Itp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Word\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINNT\system32\ZoneLabs\vsmon.exe


As you can see, I was able to delete everything except 023 websearch. I continue to have the same issues at this point. Also, should I go ahead and check and fix the 04 .exe entries before they become huge again?

I will wait to hear from you.
jbhlaw
Regular Member
 
Posts: 33
Joined: March 22nd, 2005, 6:06 pm

Unread postby njustice » March 30th, 2005, 7:11 pm

jbhlaw,

By all means go ahead and delete those 04 entries. I'm gonna be calling in an expert to help as this has gotten me....don't despair.

One question....Did you download KAV anti-virus like we discussed?

If not you really need to get it....one way or another it is essential.
njustice
Regular Member
 
Posts: 108
Joined: February 24th, 2005, 2:55 pm

Unread postby jbhlaw » March 31st, 2005, 10:18 am

YOU need to call an expert? I am despairing. As for your question regarding the KAV antivirus, I believe that I have done every step that you have given me. If you will provide me the link, I will do it again just to be sure.

Just so you know, I really appreciate your help. I will say again: we will win!
jbhlaw
Regular Member
 
Posts: 33
Joined: March 22nd, 2005, 6:06 pm

Unread postby ChrisRLG » March 31st, 2005, 10:47 am

jbhlaw

YOU need to call an expert? I am despairing.


Just so you know this is quite normal.

http://www.a-sap.org - also from the asap link at the top of thgis forum.

All of the 'experts' from those various forums work together, and at times new infections are 'tested' by various experts from our 'community' of forums.

njustice will be contacting those within that community who have handled this particular infection, it is a very new one, unfortunatly for yourself. It does not seem to be responding in the way that the 'test' systems did, so those experts will, we expect, have seen this variant, or have any idea on what to do next.

One thing you could do is send me one or two of those files - so I can infect myself (test machine).

You have a number of files that we would like copies of - to check out and play with.

1. Using Windows Explorer, go to . Locate the first file you want to zip.

any one of these bad files

2. Right click on the file and select "Send To" and "Compressed (zipped) Folder".

3. Then locate and right click on


C:\PROGRA~1\Toolbar\TBPSSvc.exe
(If you can)

4. Select "Copy".

5. Right click on the compressed folder and select "Paste". The copied files will be compressed and pasted in.

6. Repeat steps 3. to 5. for the following files

any three of those 3 charactor exe files

Note that the folder should have 4 files in it if you found them all.

7. Right click on the zipped folder and select "Explore".

8. In "File" menu select "Add a Password". Enter the password infected and confirm the password.

9. Please email to cjwd-subAThostingatessex.com (Please replace the 'AT' with an '@' )

Please copy the following to the email and attach the zipped file(s) :

The password is "infected".
The thread is found here. http://forum.malwareremoval.com/viewtopic.php?p=3301

Paste it in the text field.

and send please.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby jbhlaw » March 31st, 2005, 1:10 pm

I tried to go to http://www.a-sap.org/, but it said the "Page cannot be displayed," even with hitting refresh. The ASAP link at the top of the page does not tell me exactly where to download KAV antivirus. Any further information? If so, I will download and run immediately.
jbhlaw
Regular Member
 
Posts: 33
Joined: March 22nd, 2005, 6:06 pm

Unread postby jbhlaw » March 31st, 2005, 1:11 pm

Also, your email is on its way - hopefully, and if I followed your instructions correctly.
jbhlaw
Regular Member
 
Posts: 33
Joined: March 22nd, 2005, 6:06 pm

Unread postby wng_z3r0 » March 31st, 2005, 2:37 pm

Hey, Chris made a slight mistake with the URL for asap

He added a comma at the very end. Take the comma out and it should work fine.

wng
(or click on the site below)

http://www.a-sap.org/


EDIT: It appears that the site is temporarily down. You can still view it via google's cache here:
http://www.google.com/search?q=cache:0c ... rg/+&hl=en
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 283 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware