Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

URGENT HELP! Win32Tr\.\erAgent

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

URGENT HELP! Win32Tr\.\erAgent

Unread postby fuzzyspoon » February 25th, 2009, 12:38 pm

please help!

Win32Tr\.\Agent has infected my computer. AdAware Anniversary edition detects it and "deletes" it, but it is coming back when the computer restarts. I've also tried Malwarebyte's Antimalware. After that, I ran combofix. combo fix claimed to work, but when computer rebooted, Adaware detects the same malicious process running.

What can I do now?

Any help is greatly appreciated! I am trying to get this taken care of by Friday when my husband is leaving for a 3 month military deployment and wanted to take the computer with him.
fuzzyspoon
Active Member
 
Posts: 14
Joined: February 25th, 2009, 12:30 pm
Advertisement
Register to Remove

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby dan12 » February 25th, 2009, 3:07 pm

Download and Run HijackThis
Download HJTInstall.exe to your Desktop.

* Doubleclick HJTInstall.exe to install it.
* By default it will install to C:\Program Files\Trend Micro\HijackThis .
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Copy/Paste the log to your next reply please.

Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

please post new HJT log
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby fuzzyspoon » February 25th, 2009, 4:03 pm

thanks for quick reply!

here's the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:53 PM, on 2/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1006\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1006\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1006\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-3972044637-3259444104-3589820275-1006 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User '?')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 10236 bytes
fuzzyspoon
Active Member
 
Posts: 14
Joined: February 25th, 2009, 12:30 pm

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby dan12 » February 25th, 2009, 4:09 pm

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby fuzzyspoon » February 25th, 2009, 4:24 pm

Here is the program list.

This computer does have 2 user accounts.

5 Card Slingo from Hewlett-Packard Laptops (remove only)
Ad-Aware
Ad-Aware
Adobe Flash Player ActiveX
Adobe Reader 7.0.5
Apple Mobile Device Support
Apple Software Update
ASA - Prepware! COMMERCIAL
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bonjour
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
CCScore
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Civilization III
Conexant HD Audio
Crystal Maze from Hewlett-Packard Laptops (remove only)
Customer Experience Enhancement
DivX
Empire Earth II
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
GemMaster Mystic
GIMP 2.6.3
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Rhapsody
HP Update
HP User Guides 0032
HP Wireless Assistant 2.00 G2
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
IRONCAD 7.0
iTunes
J2SE Runtime Environment 5.0 Update 6
Jewel Quest from Hewlett-Packard Laptops (remove only)
kgcbase
Kodak EasyShare software
LEGO Digital Designer
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
Live Search Maps Add-In for Microsoft Office Outlook
Macromedia Flash Player 8
Macromedia Shockwave Player
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes' Anti-Malware
MediaCoder 0.6.1
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft Streets & Trips 2008
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
netbrdg
NetWaiting
Norton Internet Security
NVIDIA Drivers
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
OfotoXMI
Otto
Photo Viewer
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
PureEdge Viewer 6.5
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quicken 2006
QuickTime
Revo Uninstaller 1.50
Safecracker
SAPI Wrapper
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SFR
SHASTA
SimCity 4 Deluxe
skin0001
SKINXSDK
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
Snowboard SuperJam
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
staticcr
Super Granny from Hewlett-Packard Laptops (remove only)
Synaptics Pointing Device Driver
TiVo Desktop 2.6.1
tooltips
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
TTS Wrapper
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
User Agent String Utility
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
WIRELESS
Wireless Home Network Setup
Yahoo! Toolbar for Internet Explorer
fuzzyspoon
Active Member
 
Posts: 14
Joined: February 25th, 2009, 12:30 pm

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby dan12 » February 25th, 2009, 4:54 pm

Your very luck you didn't nuke your system using combofix without supervision as it's a powerful tool.
Whilst were working together can you only use the tools I advice just for the duration of the fix.

My son and daughter have just had two tours out in the gulf, daughter just been deployed again in last couple of day's to Afghan. :(

-------------------------

Ok, we need to look a little deeper as your log is not showing anything up.


Image
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.



Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

  • When done, you may receive another notice. Click OK.
  • Click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

If you receive no notice, click on the Scan button.

  • It will start scanning again.
  • When done, click on Save ... to save a log.
  • Copy and paste in Gmer.txt and click Save.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  • DDS.txt
  • Attach.txt
  • Gmer.txt
Last edited by dan12 on February 25th, 2009, 4:59 pm, edited 1 time in total.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby fuzzyspoon » February 25th, 2009, 4:56 pm

before I do that...

I switched to the other user account. Here is the log file for it. Would you like the running programs for it as well?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:20 PM, on 2/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Lavasoft\Ad-Aware\ThreatWork.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [aiilkmuc3y] C:\DOCUME~1\TEST\LOCALS~1\Temp\wsywe19ly2ee.exe
O4 - HKCU\..\Run: [i9h29niu67kjogpc57ej5v7tg] C:\DOCUME~1\TEST\LOCALS~1\Temp\du9kgp1b54uq.exe
O4 - HKCU\..\Run: [skh34aa24ww2vzgyqmy] C:\DOCUME~1\TEST\LOCALS~1\Temp\wjcezs.exe
O4 - HKCU\..\Run: [o4upjgbb2a0u0k5scpjud820wpt30gktew0zfr883eg8qtjc5] C:\DOCUME~1\TEST\LOCALS~1\Temp\angiwk1p5q7h0.exe
O4 - HKCU\..\Run: [z0pi0vpsnurw3di5pvf8dwk5bhsafxq6rkl63] C:\DOCUME~1\TEST\LOCALS~1\Temp\ouchkuchwod.exe
O4 - HKCU\..\Run: [xxlcmw1s2cyqqe7fw8pkftybkpqgbgyo] C:\DOCUME~1\TEST\LOCALS~1\Temp\t1gmxjc.exe
O4 - HKCU\..\Run: [o0lsithb50] C:\DOCUME~1\TEST\LOCALS~1\Temp\bcyhjbntvf.exe
O4 - HKCU\..\Run: [selc00nmvzq5vsrhcgws] C:\DOCUME~1\TEST\LOCALS~1\Temp\er1lppun27i.exe
O4 - HKCU\..\Run: [lxw21vctobqsmcx8bkugh] C:\DOCUME~1\TEST\LOCALS~1\Temp\zgn6jyoz.exe
O4 - HKCU\..\Run: [xwgxqnsup] C:\DOCUME~1\TEST\LOCALS~1\Temp\ot1asl816x.exe
O4 - HKCU\..\Run: [o31xwpayfzoridi83f4d6yvef] C:\DOCUME~1\TEST\LOCALS~1\Temp\i8kgjb.exe
O4 - HKCU\..\Run: [jv8qvzhzud5lgmltdpcq5zeh92i9vtsiqhvnk6q] C:\DOCUME~1\TEST\LOCALS~1\Temp\v6escgz.exe
O4 - HKCU\..\Run: [y5sa5kjd0wxn3snew7k5bcmqaymdac3bxi1fd4t5vc5pr] C:\DOCUME~1\TEST\LOCALS~1\Temp\chjx9dwcsf.exe
O4 - HKCU\..\Run: [uqoyw03n33otf] C:\DOCUME~1\TEST\LOCALS~1\Temp\jgqzs8qo.exe
O4 - HKCU\..\Run: [p6uhe0lidnmyjwbb7l] C:\DOCUME~1\TEST\LOCALS~1\Temp\j9g1m4.exe
O4 - HKCU\..\Run: [btldyrtc4f1iim] C:\DOCUME~1\TEST\LOCALS~1\Temp\c7uuuxhuuv6k.exe
O4 - HKCU\..\Run: [knla9o6ubc2eari8ba3s98a98x8bl] C:\DOCUME~1\TEST\LOCALS~1\Temp\lpd253bc2sk.exe
O4 - HKCU\..\Run: [vtpw3qzyfirujw3] C:\DOCUME~1\TEST\LOCALS~1\Temp\m8mdomnby8arl.exe
O4 - HKCU\..\Run: [qbqf8vj34z991k0] C:\DOCUME~1\TEST\LOCALS~1\Temp\d1hx37mkb4.exe
O4 - HKCU\..\Run: [qeohi8hjv] C:\DOCUME~1\TEST\LOCALS~1\Temp\tzlp3d7xi.exe
O4 - HKCU\..\Run: [v36pc9buqyvusj7zi] C:\DOCUME~1\TEST\LOCALS~1\Temp\vat55m7n55wi.exe
O4 - HKCU\..\Run: [o0qeix79h27w87ze9dvtc4txryk4p6igd1gufu9m9tyby1] C:\DOCUME~1\TEST\LOCALS~1\Temp\u7bp4pk8r7gmy.exe
O4 - HKCU\..\Run: [szll7b9ewguqsds5v174oadlm] C:\DOCUME~1\TEST\LOCALS~1\Temp\jgy7uu2s8.exe
O4 - HKCU\..\Run: [umt41b1tq] C:\DOCUME~1\TEST\LOCALS~1\Temp\ejxzyhx9irxi.exe
O4 - HKCU\..\Run: [k28106k45djwxriuvyviws7vs42tl4a3cd] C:\DOCUME~1\TEST\LOCALS~1\Temp\dok7nyp1e8tv.exe
O4 - HKCU\..\Run: [yqj8t7w80417cgyg9pjj54t0wvyzbxlcpoarb30pjkptzylcp] C:\DOCUME~1\TEST\LOCALS~1\Temp\ukoxbk69w.exe
O4 - HKCU\..\Run: [bvt9txhzqdwrpqkz0at9yeqyr1] C:\DOCUME~1\TEST\LOCALS~1\Temp\etq2jc06e4he.exe
O4 - HKCU\..\Run: [khki4srwh3vq] C:\DOCUME~1\TEST\LOCALS~1\Temp\w24lhno.exe
O4 - HKCU\..\Run: [ba7vfz2yjd6oh0t5eyuvcwjs5tqj0vjgqqrcri0clk] C:\DOCUME~1\TEST\LOCALS~1\Temp\oq97k8tacchl.exe
O4 - HKCU\..\Run: [wu7781irzol3eonvywxganut] C:\DOCUME~1\TEST\LOCALS~1\Temp\vuzct1sjb.exe
O4 - HKCU\..\Run: [m73wu08l51moahhhrhx2vivd] C:\DOCUME~1\TEST\LOCALS~1\Temp\u30uh1nbr03.exe
O4 - HKCU\..\Run: [t49gc3j216ixh7hf4er5f7b] C:\DOCUME~1\TEST\LOCALS~1\Temp\n0ayh3x.exe
O4 - HKCU\..\Run: [vt7427vkmmke7rurbzawq536zffga7s2ncs3pa2t1p0j6] C:\DOCUME~1\TEST\LOCALS~1\Temp\i6c2mool1lu.exe
O4 - HKCU\..\Run: [ddgik3ywjut] C:\DOCUME~1\TEST\LOCALS~1\Temp\n3ek0fv8x.exe
O4 - HKCU\..\Run: [t6niysgapxiouef7jdod8mxw5o74t2b] C:\DOCUME~1\TEST\LOCALS~1\Temp\j6ld57hke1kw.exe
O4 - HKCU\..\Run: [p0r8aygcrcwd0qqn85mfh2ghbz7s3ql6lod2s902dmlgj9g] C:\DOCUME~1\TEST\LOCALS~1\Temp\v94e8ek5uj.exe
O4 - HKCU\..\Run: [zb5uld9h23yd1zrtn2ucgrn39j7jw4q15pzqclvt8lxgf4a5] C:\DOCUME~1\TEST\LOCALS~1\Temp\zn34gj91.exe
O4 - HKCU\..\Run: [ta7u3babit2wuihayyajxxolh4zpb1sl0z6c17pylt] C:\DOCUME~1\TEST\LOCALS~1\Temp\kfr3xdudnnlpo.exe
O4 - HKCU\..\Run: [gkif5jy72x0bo8ufwpfes8rhcgo5janfa17] C:\DOCUME~1\TEST\LOCALS~1\Temp\lzrluav5hn.exe
O4 - HKCU\..\Run: [vq34a1oumhbn6n] C:\DOCUME~1\TEST\LOCALS~1\Temp\le07xnh.exe
O4 - HKCU\..\Run: [uvdx1sknix4jkkd8qsexoxsw20l1dkrkachkp8] C:\DOCUME~1\TEST\LOCALS~1\Temp\k6z769641.exe
O4 - HKCU\..\Run: [w5u83737vd88m53w68h877nyhl94tqqhsigae2c] C:\DOCUME~1\TEST\LOCALS~1\Temp\gio0zs.exe
O4 - HKCU\..\Run: [mmzx0qrf4cq6l83n5l9kml5qr2] C:\DOCUME~1\TEST\LOCALS~1\Temp\sbchdje6.exe
O4 - HKCU\..\Run: [k1a4uww9l] C:\DOCUME~1\TEST\LOCALS~1\Temp\fzl67q1jn0n.exe
O4 - HKCU\..\Run: [muuksdmzoas8] C:\DOCUME~1\TEST\LOCALS~1\Temp\fu96rr.exe
O4 - HKCU\..\Run: [cgd8phufrtkiv0slxfz9amzyjzge8jum] C:\DOCUME~1\TEST\LOCALS~1\Temp\qzwbxdpn5.exe
O4 - HKCU\..\Run: [iib9zf38334njih] C:\DOCUME~1\TEST\LOCALS~1\Temp\g3zubc8n7.exe
O4 - HKCU\..\Run: [zzw66wcizpyd6k] C:\DOCUME~1\TEST\LOCALS~1\Temp\za8j6cay347d.exe
O4 - HKCU\..\Run: [jzxe2hc35jdv03w583me8hv] C:\DOCUME~1\TEST\LOCALS~1\Temp\f8f3sr31pg2e0.exe
O4 - HKCU\..\Run: [xiv6psriqihvha0fbmt] C:\DOCUME~1\TEST\LOCALS~1\Temp\dk7u1al.exe
O4 - HKCU\..\Run: [tgo3rmbczdfy] C:\DOCUME~1\TEST\LOCALS~1\Temp\k9jve6ype.exe
O4 - HKCU\..\Run: [t775x2lhude0imgnpo2avnhcbptnpr7mlcmb9cay0vxglg] C:\DOCUME~1\TEST\LOCALS~1\Temp\jzexnpet.exe
O4 - HKCU\..\Run: [m0t8229m1j9zopfzha6u] C:\DOCUME~1\TEST\LOCALS~1\Temp\jes123joz03.exe
O4 - HKCU\..\Run: [tmoa90f04hydv11qvrjrx9fa9dufg31c3d6xlpgkenjrn] C:\DOCUME~1\TEST\LOCALS~1\Temp\kogzt33zlkcn.exe
O4 - HKCU\..\Run: [g6cyg9cgvyb2yjgp] C:\DOCUME~1\TEST\LOCALS~1\Temp\mo64rj0.exe
O4 - HKCU\..\Run: [hlz9tl2eho99i5g] C:\DOCUME~1\TEST\LOCALS~1\Temp\kcnhxiwzfe2.exe
O4 - HKCU\..\Run: [opxjucw6dy7pe7dsvza2bibmxl8ndqah6od9oi657] C:\DOCUME~1\TEST\LOCALS~1\Temp\dkwubrnpw405j.exe
O4 - HKCU\..\Run: [m01yrbjfcv4u425if37a5of63x7r1cn3k4q3pn7u] C:\DOCUME~1\TEST\LOCALS~1\Temp\ygkvrwegffcy3.exe
O4 - HKCU\..\Run: [bomcll8rahht3ifi1tunsv718dx57l0dsm26bop] C:\DOCUME~1\TEST\LOCALS~1\Temp\nyhj90.exe
O4 - HKCU\..\Run: [h8eylpzhxn4e] C:\DOCUME~1\TEST\LOCALS~1\Temp\b5c2c90bkay6.exe
O4 - HKCU\..\Run: [qor45cl5wxckk] C:\DOCUME~1\TEST\LOCALS~1\Temp\glt1gmx.exe
O4 - HKCU\..\Run: [ro2f2enagqwp5r] C:\DOCUME~1\TEST\LOCALS~1\Temp\tf2w0zrk40.exe
O4 - HKCU\..\Run: [ym6dnbf5am] C:\DOCUME~1\TEST\LOCALS~1\Temp\bsi8cw9hx9.exe
O4 - HKCU\..\Run: [msbvj7jf8tzf3zru9mma22ivszz1o2] C:\DOCUME~1\TEST\LOCALS~1\Temp\o2a626.exe
O4 - HKCU\..\Run: [z0up7h7nldhjnqty] C:\DOCUME~1\TEST\LOCALS~1\Temp\qciy2p74bz.exe
O4 - HKCU\..\Run: [q2sicp3hjnghymkvq3f6h] C:\DOCUME~1\TEST\LOCALS~1\Temp\a4wjhzpmdn.exe
O4 - HKCU\..\Run: [rptpf411k3pxq55l09s8hoj] C:\DOCUME~1\TEST\LOCALS~1\Temp\der3nf.exe
O4 - HKCU\..\Run: [n28yxmygtg66i53hfdi77jk18cg37l55fegb8pvxhypw] C:\DOCUME~1\TEST\LOCALS~1\Temp\srm7f295.exe
O4 - HKCU\..\Run: [f6yv1xn3gcxv3bbp4derqvuemu9t0yrpe5pqcxoopk] C:\DOCUME~1\TEST\LOCALS~1\Temp\ybvbry77.exe
O4 - HKCU\..\Run: [lj8rcw17zlwdoexkom2b4wlf2f2szsr2zcrwx1o1gonj7t] C:\DOCUME~1\TEST\LOCALS~1\Temp\dacavu498cm.exe
O4 - HKCU\..\Run: [i050iejvvu0cscabmswl556z8r2x1mdklxzh] C:\DOCUME~1\TEST\LOCALS~1\Temp\ca2wta.exe
O4 - HKCU\..\Run: [x4i83cbtt3elfeteuokoz2nogyizdm4kt] C:\DOCUME~1\TEST\LOCALS~1\Temp\q8z2vh8m02.exe
O4 - HKCU\..\Run: [w1eio9434cfjgzsmrp75twu1ayx7dnjnn6r483] C:\DOCUME~1\TEST\LOCALS~1\Temp\ayj9z9xsnw.exe
O4 - HKCU\..\Run: [v47p86zt1f4v0c842rzu5nr0prcc265hoymcwnsbuxydh] C:\DOCUME~1\TEST\LOCALS~1\Temp\uw0dg4y1trj.exe
O4 - HKCU\..\Run: [o1szivcknqwcf3e3w5vtcy5] C:\DOCUME~1\TEST\LOCALS~1\Temp\au7g2jalf3v0.exe
O4 - HKCU\..\Run: [ymf3ff0f4mupexuc7iz7oiktj7clkyhxcbq33jkm] C:\DOCUME~1\TEST\LOCALS~1\Temp\mxqh5qd6vl.exe
O4 - HKCU\..\Run: [yffrjvn4v2xdd9h6jeng1uo5] C:\DOCUME~1\TEST\LOCALS~1\Temp\idxj1s5.exe
O4 - HKCU\..\Run: [spas6ckun93r81vh7tfb6o9anim6j1x6yy4z0jet5ep] C:\DOCUME~1\TEST\LOCALS~1\Temp\l9bnxpvtfc.exe
O4 - HKCU\..\Run: [k2h34uolifjw70tdjl5947bkuqv8qn] C:\DOCUME~1\TEST\LOCALS~1\Temp\pynoalny7ri0.exe
O4 - HKCU\..\Run: [kots4y3no9h5yh8k653rz46g5bjxlf226] C:\DOCUME~1\TEST\LOCALS~1\Temp\ealledxrl9vw.exe
O4 - HKCU\..\Run: [wkda8zp6gtem19r1shkimkmyircb5a56oxov1z] C:\DOCUME~1\TEST\LOCALS~1\Temp\aqs4afpay.exe
O4 - HKCU\..\Run: [iwcu9f9afabrcjtvfjaj6ul53hjr2opbw8nlaqifat1821ix] C:\DOCUME~1\TEST\LOCALS~1\Temp\bivv55lo690cs.exe
O4 - HKCU\..\Run: [a4lg0y4k48xii2y8n5wsab8eci8d7eh3nsylbcrvyhsma] C:\DOCUME~1\TEST\LOCALS~1\Temp\h2ewuzi.exe
O4 - HKCU\..\Run: [obhd307j2tm92bx0l9t] C:\DOCUME~1\TEST\LOCALS~1\Temp\q3ui9b3fgm.exe
O4 - HKCU\..\Run: [rhud8tvzz592u7rk6yw4jrvc55fzx7putb] C:\DOCUME~1\TEST\LOCALS~1\Temp\lqajf942p741x.exe
O4 - HKCU\..\Run: [undhqf70al5pj2cqq5evnl9qjq2i92ewdbl7s5r4rxsmt57ae] C:\DOCUME~1\TEST\LOCALS~1\Temp\p92uysg.exe
O4 - HKCU\..\Run: [y704e67nz7bunqwm4cu3cr9j7cpjwjwe4x] C:\DOCUME~1\TEST\LOCALS~1\Temp\n88k23q.exe
O4 - HKCU\..\Run: [dlnmh96rl5n6nn82e4ugig87vcwv] C:\DOCUME~1\TEST\LOCALS~1\Temp\un7fq1voe.exe
O4 - HKCU\..\Run: [yo738aohaeyal6p] C:\DOCUME~1\TEST\LOCALS~1\Temp\h4nawsf5erc.exe
O4 - HKCU\..\Run: [qhm6o19dj1gw] C:\DOCUME~1\TEST\LOCALS~1\Temp\smf3o59o.exe
O4 - HKCU\..\Run: [vdm352kd5p9lpcqa69ek1pferw1jwkh282f46248fr3f] C:\DOCUME~1\TEST\LOCALS~1\Temp\wcg9014i2kg.exe
O4 - HKCU\..\Run: [duzugpn2cjumvbdjtoiap168wmqg4iq46c40iz080] C:\DOCUME~1\TEST\LOCALS~1\Temp\h0oc69doj.exe
O4 - HKCU\..\Run: [e379z92hqmh1esmiayl1hcymvdvqju864iu741ciogz] C:\DOCUME~1\TEST\LOCALS~1\Temp\v0i6cxriqb.exe
O4 - HKCU\..\Run: [rg2zj38raeu886ij1mf] C:\DOCUME~1\TEST\LOCALS~1\Temp\d8xc5p.exe
O4 - HKCU\..\Run: [hkiazb7oanic93a51hne0q6e7] C:\DOCUME~1\TEST\LOCALS~1\Temp\oaxvbzz.exe
O4 - HKCU\..\Run: [ctfxnsw3w8] C:\DOCUME~1\TEST\LOCALS~1\Temp\at79jalpuqnin.exe
O4 - HKCU\..\Run: [tecr1w93m60c41pt455] C:\DOCUME~1\TEST\LOCALS~1\Temp\wf6i0pzkc.exe
O4 - HKCU\..\Run: [suq1io9ulh3vcf8n] C:\DOCUME~1\TEST\LOCALS~1\Temp\v51k98f9.exe
O4 - HKCU\..\Run: [vow8ax8s4uke0umwqtwehuiin] C:\DOCUME~1\TEST\LOCALS~1\Temp\rbujguqbv.exe
O4 - HKCU\..\Run: [wix010yqnk483gb] C:\DOCUME~1\TEST\LOCALS~1\Temp\dsuja3oi.exe
O4 - HKCU\..\Run: [ocklm9z7gamhow72h68lq44qrvne7] C:\DOCUME~1\TEST\LOCALS~1\Temp\p65u6skec6fa.exe
O4 - HKCU\..\Run: [h5r8lhwkd2ulio] C:\DOCUME~1\TEST\LOCALS~1\Temp\trezyl24b.exe
O4 - HKCU\..\Run: [fsilfnth3qfumczchru] C:\DOCUME~1\TEST\LOCALS~1\Temp\i8vgsb0b.exe
O4 - HKCU\..\Run: [xf0ixnamiwnl377x6dmwv8thfn09d196roc0umldpaf4c032s] C:\DOCUME~1\TEST\LOCALS~1\Temp\p1ratg.exe
O4 - HKCU\..\Run: [ci1ojysrj] C:\DOCUME~1\TEST\LOCALS~1\Temp\a3rtz7n.exe
O4 - HKCU\..\Run: [zvhtrl6iekwfx4jjl8m0mkrzv1r9w46rwogkdi4urjv] C:\DOCUME~1\TEST\LOCALS~1\Temp\wefsmbrrvcbzs.exe
O4 - HKCU\..\Run: [k9oj4iseaziw9t0a7p7t7huh2w1v0qdpzo64i1u23xaebv9w2b] C:\DOCUME~1\TEST\LOCALS~1\Temp\rh2az1m3up1i4.exe
O4 - HKCU\..\Run: [c1fxuitoqf8mtdmwx35vu9udcb53r936au717kc1bl5o35xr] C:\DOCUME~1\TEST\LOCALS~1\Temp\da7rws8.exe
O4 - HKCU\..\Run: [zvjw6fbnw319lxezs1mhg4b8xlub4gt6pghojxai2wewlek] C:\DOCUME~1\TEST\LOCALS~1\Temp\sr78qi.exe
O4 - HKCU\..\Run: [mxetmv5j0pvqbee9hvvi7t2y29sw40gou] C:\DOCUME~1\TEST\LOCALS~1\Temp\c5ldvstag7omo.exe
O4 - HKCU\..\Run: [phk6n0np9f] C:\DOCUME~1\TEST\LOCALS~1\Temp\s12swynvop.exe
O4 - HKCU\..\Run: [jjp7d3aupi7lw581kcwdm1mms19hag9w36k6] C:\DOCUME~1\TEST\LOCALS~1\Temp\n74w12.exe
O4 - HKCU\..\Run: [lmavpwia1bf4lj32xryrdnyvwec9ge32z] C:\DOCUME~1\TEST\LOCALS~1\Temp\k9etfn2jxwvtn.exe
O4 - HKCU\..\Run: [fdebyhvn1nnytrujqjeujyo4x8i43asv038bcqa7pmlaz7] C:\DOCUME~1\TEST\LOCALS~1\Temp\guxv8o6.exe
O4 - HKCU\..\Run: [u9z9q8ag5s1yrjv99mh6z6vu9mrpmd7f46qoqn5] C:\DOCUME~1\TEST\LOCALS~1\Temp\h42tz5qg.exe
O4 - HKCU\..\Run: [dl28mbv4lwybhha] C:\DOCUME~1\TEST\LOCALS~1\Temp\ylsfru4ttk.exe
O4 - HKCU\..\Run: [ybzi0vdo0b656vugphb62pxkf] C:\DOCUME~1\TEST\LOCALS~1\Temp\snlc5fs97.exe
O4 - HKCU\..\Run: [px2uo1wo1mi8qhnm0jq9wako8t3e98vuvifeffq9w] C:\DOCUME~1\TEST\LOCALS~1\Temp\rwgeey8y.exe
O4 - HKCU\..\Run: [y22ie07cxpqz6] C:\DOCUME~1\TEST\LOCALS~1\Temp\oy9usjf.exe
O4 - HKCU\..\Run: [ade9qcialfxjgd4yjecni6s1oxfr2cwqqb] C:\DOCUME~1\TEST\LOCALS~1\Temp\lmuzqlcgnku.exe
O4 - HKCU\..\Run: [hpr588yprjt35impdsnxzxemofca0x170cw252bjdvx7] C:\DOCUME~1\TEST\LOCALS~1\Temp\mxcgr4gafh.exe
O4 - HKCU\..\Run: [vri2ej3vu91o7ja8k7y1i412a] C:\DOCUME~1\TEST\LOCALS~1\Temp\vt2hw3910fig.exe
O4 - HKCU\..\Run: [s6c33vgt2evnw1ml6wqpcutd] C:\DOCUME~1\TEST\LOCALS~1\Temp\m3k8ngm0lc.exe
O4 - HKCU\..\Run: [lgiaifolczp28nciszx9qazkt11ut10x82a] C:\DOCUME~1\TEST\LOCALS~1\Temp\rdlxdh4jx644.exe
O4 - HKCU\..\Run: [cm74a8u3nd26wznha13wmx8e3tfmy60iwati2z] C:\DOCUME~1\TEST\LOCALS~1\Temp\ca9g3syz.exe
O4 - HKCU\..\Run: [s408zi0tokphbk] C:\DOCUME~1\TEST\LOCALS~1\Temp\v7gizu5s3chnl.exe
O4 - HKCU\..\Run: [e7mrzp3aggm3j51g8jwa5npryvuz3llqjy32lqlt3x5cze] C:\DOCUME~1\TEST\LOCALS~1\Temp\nyb2z0kg.exe
O4 - HKCU\..\Run: [auw5b6e3w] C:\DOCUME~1\TEST\LOCALS~1\Temp\br65bq3qpogkt.exe
O4 - HKCU\..\Run: [o3bpf56bp1qe6osj2irfp6ndh82nebd5pga937pkb2y] C:\DOCUME~1\TEST\LOCALS~1\Temp\bfi5rpftiu.exe
O4 - HKCU\..\Run: [xkd8spzp71b7yqxrik9zqlode34ggf35ay] C:\DOCUME~1\TEST\LOCALS~1\Temp\i0rajix.exe
O4 - HKCU\..\Run: [goh83cif87g9977yx6a3rog6vd9k1apr69vu646ci7bue6j] C:\DOCUME~1\TEST\LOCALS~1\Temp\egycf3plu02s.exe
O4 - HKCU\..\Run: [bk7flu49c27vhglajhdc8hlnpc6zmfo38j5swz] C:\DOCUME~1\TEST\LOCALS~1\Temp\tttgoq.exe
O4 - HKCU\..\Run: [zpycqbf4pluivkxnduh47j953nal9n08dibx9wpxgyi1p] C:\DOCUME~1\TEST\LOCALS~1\Temp\evczbhb.exe
O4 - HKCU\..\Run: [g1ycm7a6d918j2uvsnoa4dqufembqu] C:\DOCUME~1\TEST\LOCALS~1\Temp\h57j0xbxzv7.exe
O4 - HKCU\..\Run: [w6pl6x5n0shdut709u7vtvkxv0czyn53lt6fpjlsn065km] C:\DOCUME~1\TEST\LOCALS~1\Temp\ehvjky.exe
O4 - HKCU\..\Run: [y0vu2a1qhy538xky] C:\DOCUME~1\TEST\LOCALS~1\Temp\znxnpj72ip.exe
O4 - HKCU\..\Run: [wco7n3olj34gw5x8qxq88tduoh4pj9w] C:\DOCUME~1\TEST\LOCALS~1\Temp\jag8odd0r7pf7.exe
O4 - HKCU\..\Run: [xassiwp92t9ht2qig78pyfiwdvcphscnx2xxkadmuddxlv22cz] C:\DOCUME~1\TEST\LOCALS~1\Temp\oqxo9qan.exe
O4 - HKCU\..\Run: [mk9ojaawk0079qfkkl8mz891g20svlw] C:\DOCUME~1\TEST\LOCALS~1\Temp\dhspsfpbov0.exe
O4 - HKCU\..\Run: [cjop2ydgstws] C:\DOCUME~1\TEST\LOCALS~1\Temp\zsg7f0cgi.exe
O4 - HKCU\..\Run: [w0vp2p45m4qpvnlpstgfvnxclwgy7r94svxkrxmh82wysy7hi1] C:\DOCUME~1\TEST\LOCALS~1\Temp\ysdwny.exe
O4 - HKCU\..\Run: [zyfhwoszdeyyncfz8otumx1ic8qbeau9qgvvnbr] C:\DOCUME~1\TEST\LOCALS~1\Temp\u31va28ldpid.exe
O4 - HKCU\..\Run: [wjw0ku6kn6rgfudzssymgfi] C:\DOCUME~1\TEST\LOCALS~1\Temp\rfpvd3w.exe
O4 - HKCU\..\Run: [zrk0zhnving] C:\DOCUME~1\TEST\LOCALS~1\Temp\udwyzip2.exe
O4 - HKCU\..\Run: [anfi2ovq9pnkqtee4060] C:\DOCUME~1\TEST\LOCALS~1\Temp\i6r1b88clj0ih.exe
O4 - HKCU\..\Run: [zvko665ci4obhvjdqyzisgdqt83lfx4tpukb] C:\DOCUME~1\TEST\LOCALS~1\Temp\frkyptfsg7oy.exe
O4 - HKCU\..\Run: [mpe1rvngy1ap4dv7rjl0kfe] C:\DOCUME~1\TEST\LOCALS~1\Temp\u4y2yg.exe
O4 - HKCU\..\Run: [kdjgu36wvzyktilbbnf7sbeoxv7lm662xp] C:\DOCUME~1\TEST\LOCALS~1\Temp\h8b50sqb7l7gw.exe
O4 - HKCU\..\Run: [i4mza6tq8yj4c015godn1] C:\DOCUME~1\TEST\LOCALS~1\Temp\zv1tyvau9ft.exe
O4 - HKCU\..\Run: [mod7fjsqno] C:\DOCUME~1\TEST\LOCALS~1\Temp\wgu9c17ov7.exe
O4 - HKCU\..\Run: [fgs73epbngzweof1on1c8sjxblb9u1i7q] C:\DOCUME~1\TEST\LOCALS~1\Temp\wqptid.exe
O4 - HKCU\..\Run: [poccw1e4futgs] C:\DOCUME~1\TEST\LOCALS~1\Temp\snwvvyqatmn.exe
O4 - HKCU\..\Run: [a2ad7hqpb69erikaejvet6i7hdqnxuo4fatvf6xg] C:\DOCUME~1\TEST\LOCALS~1\Temp\kerwe4.exe
O4 - HKCU\..\Run: [s3gh321c33brsmpw8ib92nbmwj9070oeeomcv3] C:\DOCUME~1\TEST\LOCALS~1\Temp\ckt0jpwpea.exe
O4 - HKCU\..\Run: [rgkii1kgzqq971m3] C:\DOCUME~1\TEST\LOCALS~1\Temp\yvhi6tjf.exe
O4 - HKCU\..\Run: [uoszxjbtsuax5s65kzumnd0o8m8mpisq4g50wynr31a] C:\DOCUME~1\TEST\LOCALS~1\Temp\jvolm2ey1g9.exe
O4 - HKCU\..\Run: [szzjo936s7j] C:\DOCUME~1\TEST\LOCALS~1\Temp\i0xaaizicsamx.exe
O4 - HKCU\..\Run: [e0qgv3g9wlf1qcwpzee6m4m5hvoyb1eyp0rvzk7clswk09jc] C:\DOCUME~1\TEST\LOCALS~1\Temp\xhxrn8xp9arv.exe
O4 - HKCU\..\Run: [muh025a2h60tr0fxp620b3vgsnnjgfyhx0qmd6luefhqau] C:\DOCUME~1\TEST\LOCALS~1\Temp\m3q8xx7z.exe
O4 - HKCU\..\Run: [ry9xmax7clbq6ph6hlfqf1taf22r] C:\DOCUME~1\TEST\LOCALS~1\Temp\ku57crg8.exe
O4 - HKCU\..\Run: [ns1gn0atswkono9jtqwebhn1lyu8t5y2eelaqcinibsi458t] C:\DOCUME~1\TEST\LOCALS~1\Temp\dm09sdfo.exe
O4 - HKCU\..\Run: [vx8c00nuz686m2kh2v2mta83n6zv979m6e7vyfqwt8k2ktsw] C:\DOCUME~1\TEST\LOCALS~1\Temp\yn0tohiivhq7v.exe
O4 - HKCU\..\Run: [q6ut4satezjfst46x6epffgz5y3rf] C:\DOCUME~1\TEST\LOCALS~1\Temp\zoavsrrr7.exe
O4 - HKCU\..\Run: [nfw7dzchq4igfh3yxrni1ohffg3g7eyvczl5wa] C:\DOCUME~1\TEST\LOCALS~1\Temp\ddmd5n4muov.exe
O4 - HKCU\..\Run: [lojhfpuj2ofh5nd5t1qgrkvh6ejv4h26xgmw6q] C:\DOCUME~1\TEST\LOCALS~1\Temp\ayftj8bj8c.exe
O4 - HKCU\..\Run: [bozt1lckdw2] C:\DOCUME~1\TEST\LOCALS~1\Temp\v9txlbvddi3.exe
O4 - HKCU\..\Run: [gti7p4llrj4dm8v06z1lhdpb6] C:\DOCUME~1\TEST\LOCALS~1\Temp\vvchu90rdi.exe
O4 - HKCU\..\Run: [zs1je02yeoefn7x38jt6xftw2j7kaoabe2bcnrjmuvnz] C:\DOCUME~1\TEST\LOCALS~1\Temp\di5gv490uo.exe
O4 - HKCU\..\Run: [hpdhrvux7ibasf928kxhmmargnb827oi] C:\DOCUME~1\TEST\LOCALS~1\Temp\gxc00j2kg09.exe
O4 - HKCU\..\Run: [j8kcji0gxjdzfoct5] C:\DOCUME~1\TEST\LOCALS~1\Temp\w5hfl9k2ecl.exe
O4 - HKCU\..\Run: [eggfkh5wzdz7yscb] C:\DOCUME~1\TEST\LOCALS~1\Temp\o1zzax9u2kshu.exe
O4 - HKCU\..\Run: [zasqn8jt4tn7vbtz2kr73pj8q] C:\DOCUME~1\TEST\LOCALS~1\Temp\lr4flhsdq.exe
O4 - HKCU\..\Run: [vqz6ldu639l3t4a7u018lqkuquevox3bug3ki939xzr4sqed] C:\DOCUME~1\TEST\LOCALS~1\Temp\sqb0ntm.exe
O4 - HKCU\..\Run: [l9px6luuy5ssbceq4hjnp3o826s] C:\DOCUME~1\TEST\LOCALS~1\Temp\uq1m2sn4vt.exe
O4 - HKCU\..\Run: [c8kyctoqwa31ee0vq8imsg8egil02s3tjbyyg26nn] C:\DOCUME~1\TEST\LOCALS~1\Temp\kr1lcf.exe
O4 - HKCU\..\Run: [w558hryk7z1lgxa2ht93upr0lxlx60k3ysvngz9nvqsk] C:\DOCUME~1\TEST\LOCALS~1\Temp\yqffxcvx8.exe
O4 - HKCU\..\Run: [ddfxqxri9cw56qsidido7n0klg2o3koojvk6obc7] C:\DOCUME~1\TEST\LOCALS~1\Temp\qbr8ob.exe
O4 - HKCU\..\Run: [gyfnseiif9b] C:\DOCUME~1\TEST\LOCALS~1\Temp\ypyre3p1nr.exe
O4 - HKCU\..\Run: [usk0p9aajkya9z] C:\DOCUME~1\TEST\LOCALS~1\Temp\jy3qzno.exe
O4 - HKCU\..\Run: [dbmnkbrnqkuydfag] C:\DOCUME~1\TEST\LOCALS~1\Temp\c4fpl2lf.exe
O4 - HKCU\..\Run: [nwhvkydxxriwtwjsplaw4lz07stdj5zf8gbsu1z9] C:\DOCUME~1\TEST\LOCALS~1\Temp\iy0wmejuw9j7.exe
O4 - HKCU\..\Run: [d0v0reca8jh50syyx4usjsziv3klhctjo32wxflwu0bwqm75pg] C:\DOCUME~1\TEST\LOCALS~1\Temp\ms7x0z3jxas.exe
O4 - HKCU\..\Run: [m2fix4j6wl1fm4a4rjzzf5a48jryyktgjom] C:\DOCUME~1\TEST\LOCALS~1\Temp\pc44k4zkorvnv.exe
O4 - HKCU\..\Run: [lc4w2v2ax8v23o3vd] C:\DOCUME~1\TEST\LOCALS~1\Temp\w6smdioi43op.exe
O4 - HKCU\..\Run: [cgt9buiwygkhs0e7qw6jcey9iw4u5xe5144fnt3sqdhp] C:\DOCUME~1\TEST\LOCALS~1\Temp\m291v7ikv.exe
O4 - HKCU\..\Run: [g5k0zyee8o1va] C:\DOCUME~1\TEST\LOCALS~1\Temp\wbb63zcwn3b.exe
O4 - HKCU\..\Run: [fewbtgklcqa3pu3yqgudq] C:\DOCUME~1\TEST\LOCALS~1\Temp\sm36d2ac50we.exe
O4 - HKCU\..\Run: [ty8gpefgs5g33jg59285ts8h8eqbjxy1qlgakdo] C:\DOCUME~1\TEST\LOCALS~1\Temp\epiptr2.exe
O4 - HKCU\..\Run: [neclxu9xekr37t2lbvuuyc72r9s0pnxesjkn9eojyf] C:\DOCUME~1\TEST\LOCALS~1\Temp\lopacmwydaoci.exe
O4 - HKCU\..\Run: [pjkaomq7dirmimxbkkn6q0e1v4dtuc5cm] C:\DOCUME~1\TEST\LOCALS~1\Temp\oyku12df6.exe
O4 - HKCU\..\Run: [otdb7jt187xt8q05aq0l] C:\DOCUME~1\TEST\LOCALS~1\Temp\us5knlplpnlgn.exe
O4 - HKCU\..\Run: [ff9qpvi7ypt1wuhfbtveg0qglhbycnbn54g6zx20bexo0] C:\DOCUME~1\TEST\LOCALS~1\Temp\rdyhxgiaimt3.exe
O4 - HKCU\..\Run: [j8w9b26vmk8qnjt6uhq98b7sh5dwvfba0] C:\DOCUME~1\TEST\LOCALS~1\Temp\am9r379s2.exe
O4 - HKCU\..\Run: [krgc0pbom0zu9d8nqq67zfxyf] C:\DOCUME~1\TEST\LOCALS~1\Temp\tslqackum4.exe
O4 - HKCU\..\Run: [khpyzlswg5gcnd40g5o47s6koy] C:\DOCUME~1\TEST\LOCALS~1\Temp\fout7f.exe
O4 - HKCU\..\Run: [gxuu4rjljgu0zjhjm20e7o3qvm2lwt236ub962l7gx] C:\DOCUME~1\TEST\LOCALS~1\Temp\v5qqcvh.exe
O4 - HKCU\..\Run: [hvhcf47wep9prsdui] C:\DOCUME~1\TEST\LOCALS~1\Temp\v0v1kq55d.exe
O4 - HKCU\..\Run: [r80zk0xoajuvly4wpuxp19gss15m65azhz96akoaguui7e] C:\DOCUME~1\TEST\LOCALS~1\Temp\kd95td87mpq.exe
O4 - HKCU\..\Run: [wbwt5utpy9vbgkyksveu3iv9ok6dbu1tyv0t] C:\DOCUME~1\TEST\LOCALS~1\Temp\qlbs48ir.exe
O4 - HKCU\..\Run: [v1nv7g4geygg9r3z3ky4j3npocznyu8k2cdhwy1tq9hsfgjx] C:\DOCUME~1\TEST\LOCALS~1\Temp\rcgqvp2j2.exe
O4 - HKCU\..\Run: [t0jrs59kr9e9m0dzu] C:\DOCUME~1\TEST\LOCALS~1\Temp\xkidnk.exe
O4 - HKCU\..\Run: [fbjfa20os897kjeqib7t9] C:\DOCUME~1\TEST\LOCALS~1\Temp\miiu0aaair5sb.exe
O4 - HKCU\..\Run: [zgv05agqg6kog1bq2nhermb1rxjxtj3a4tpag0] C:\DOCUME~1\TEST\LOCALS~1\Temp\ht3ivc6w.exe
O4 - HKCU\..\Run: [kdlmsykb43n8mhck0vt5rh4b63d581p] C:\DOCUME~1\TEST\LOCALS~1\Temp\kicpgps.exe
O4 - HKCU\..\Run: [uig4emohmfdda3j9du34ieudl4mynpks4ievk3u6l2izddpx] C:\DOCUME~1\TEST\LOCALS~1\Temp\kig7373jjg.exe
O4 - HKCU\..\Run: [zwrs3f6x59ovj8] C:\DOCUME~1\TEST\LOCALS~1\Temp\o7o7tl57r.exe
O4 - HKCU\..\Run: [hqjtmhba2] C:\DOCUME~1\TEST\LOCALS~1\Temp\u2plzsu.exe
O4 - HKCU\..\Run: [rme87z2ps0138t9ir9hbwpm] C:\DOCUME~1\TEST\LOCALS~1\Temp\rs1lmu64peu3d.exe
O4 - HKCU\..\Run: [me8crdcxuculvyjnrq0m7o57] C:\DOCUME~1\TEST\LOCALS~1\Temp\ivar40.exe
O4 - HKCU\..\Run: [uiurp6jtw1ev0xtkpa0xjpe] C:\DOCUME~1\TEST\LOCALS~1\Temp\p4cwcs07.exe
O4 - HKCU\..\Run: [ee8swzkvqy23r92cfwk8em43jycfyomvrb5lop9uh8kowgs] C:\DOCUME~1\TEST\LOCALS~1\Temp\wh4n0ea.exe
O4 - HKCU\..\Run: [ghmpfvs5x641otgb5vivnnd64jyyae3ksd8l2c322byu93q4p] C:\DOCUME~1\TEST\LOCALS~1\Temp\bx0dqjmbal.exe
O4 - HKCU\..\Run: [quns6buxuyssv55be5htqs3f] C:\DOCUME~1\TEST\LOCALS~1\Temp\h0jgsxry.exe
O4 - HKCU\..\Run: [caji341x8cn65j6fd6mx6tfyeth] C:\DOCUME~1\TEST\LOCALS~1\Temp\hv7xcyfvwe8.exe
O4 - HKCU\..\Run: [t8uoxrh9ec] C:\DOCUME~1\TEST\LOCALS~1\Temp\lkjypusqj3yzo.exe
O4 - HKCU\..\Run: [fsx6txjalhwfid8jr5bdzru46ykzflv613oraxcrfnlsqoo5] C:\DOCUME~1\TEST\LOCALS~1\Temp\sj9j8p52ife.exe
O4 - HKCU\..\Run: [rurxq9cspm59x2asffnhv2dl4gnnqabubolbts2caebiyaq2t] C:\DOCUME~1\TEST\LOCALS~1\Temp\kfxk7uwt1ug.exe
O4 - HKCU\..\Run: [joi2q5asom3gbxka3p2] C:\DOCUME~1\TEST\LOCALS~1\Temp\rfkcvk0xtrp.exe
O4 - HKCU\..\Run: [tr9kwlvk3cyv7p] C:\DOCUME~1\TEST\LOCALS~1\Temp\xeo35u.exe
O4 - HKCU\..\Run: [oz2b0vooo02y54oy6b9xbc23kihmrbhqe756cqc] C:\DOCUME~1\TEST\LOCALS~1\Temp\b1sqlm2wcioo2.exe
O4 - HKCU\..\Run: [gcc5knsnulcot5f4jnqi71i4jhcnr0m1m180z9g69ijof9r] C:\DOCUME~1\TEST\LOCALS~1\Temp\lu3i5au.exe
O4 - HKCU\..\Run: [h59zj4lkeii1fviwyf26s8] C:\DOCUME~1\TEST\LOCALS~1\Temp\kjydvkl.exe
O4 - HKCU\..\Run: [mvigiez2a6v7hhhirsfqcc0ulau] C:\DOCUME~1\TEST\LOCALS~1\Temp\yhvjx8sn0c5.exe
O4 - HKCU\..\Run: [bv3xw45wpk007p5ecgyqd4075yzn3t4qb7f0v0zr] C:\DOCUME~1\TEST\LOCALS~1\Temp\zr0ho8cy160f.exe
O4 - HKCU\..\Run: [wb8l1hvlwl3ifi8ot4mjcctckerr78i20mtu7r4] C:\DOCUME~1\TEST\LOCALS~1\Temp\gq727k6ahi.exe
O4 - HKCU\..\Run: [gcwgbyfhzbp84l8f4eexz4] C:\DOCUME~1\TEST\LOCALS~1\Temp\zw31b1wz.exe
O4 - HKCU\..\Run: [j68hb0vftsmx5] C:\DOCUME~1\TEST\LOCALS~1\Temp\lpripbi3xp.exe
O4 - HKCU\..\Run: [u8zcrqgeh8tvk1oxsjib6718vugjt35pm3693d] C:\DOCUME~1\TEST\LOCALS~1\Temp\n4vrjok8.exe
O4 - HKCU\..\Run: [nolmuqrejbfyek75sz3pgod] C:\DOCUME~1\TEST\LOCALS~1\Temp\v8o73jad.exe
O4 - HKCU\..\Run: [oyp4hfhgpyibp4bi3ntfry] C:\DOCUME~1\TEST\LOCALS~1\Temp\c7esmv.exe
O4 - HKCU\..\Run: [phqzxv4rdmhmot1biju6fszb5vay2f77ey02ndtdrc11rpc] C:\DOCUME~1\TEST\LOCALS~1\Temp\ch9csb4prv.exe
O4 - HKCU\..\Run: [rbymwpyxywwlglt] C:\DOCUME~1\TEST\LOCALS~1\Temp\b2se4c8bxvw6.exe
O4 - HKCU\..\Run: [zztioftlya1m7u8hkd1v1qbd5yqkci] C:\DOCUME~1\TEST\LOCALS~1\Temp\edkoy6z1lb.exe
O4 - HKCU\..\Run: [zfu6mc80lvhhb] C:\DOCUME~1\TEST\LOCALS~1\Temp\xjwn5sa35ec.exe
O4 - HKCU\..\Run: [y98ocz5hlj6x725nx6ujxllwsodjinntbpl8epbf] C:\DOCUME~1\TEST\LOCALS~1\Temp\n0gfrkztk7ef6.exe
O4 - HKCU\..\Run: [xq9m47pmwja6gbm5i39k8m0vpir9wvuwhcumrm10m2bhzf] C:\DOCUME~1\TEST\LOCALS~1\Temp\ixk6v30.exe
O4 - HKCU\..\Run: [jewehthczl8juw0dowsivjvf5et1guu9j] C:\DOCUME~1\TEST\LOCALS~1\Temp\hnf84m.exe
O4 - HKCU\..\Run: [s9d0evvjx9qcts9x1egykmbgz287badspd41fczi91170qw] C:\DOCUME~1\TEST\LOCALS~1\Temp\tz3pid2m.exe
O4 - HKCU\..\Run: [ol6kvj6nc6pzjr6u6lu9a6fd7febvgprc1qv1q0lhpk0adjb] C:\DOCUME~1\TEST\LOCALS~1\Temp\lvaqhitw.exe
O4 - HKCU\..\Run: [m4f21n6b8rrsf] C:\DOCUME~1\TEST\LOCALS~1\Temp\ei38o44yl.exe
O4 - HKCU\..\Run: [yc6w0ili8kv8743095a171g4fxb6tt4k6fy3jirlfo] C:\DOCUME~1\TEST\LOCALS~1\Temp\atbo36xy2.exe
O4 - HKCU\..\Run: [qnpx9v7dtfl4yg0plvwtxm722mf3nuf] C:\DOCUME~1\TEST\LOCALS~1\Temp\t467j9wem.exe
O4 - HKCU\..\Run: [f9co8u1a5lfs06h9kj5jd87g4m8r56buj] C:\DOCUME~1\TEST\LOCALS~1\Temp\b7sfrwng.exe
O4 - HKCU\..\Run: [atnize872l134p6cmisw2dwls0vzxv5k46wcbjwd7arm] C:\DOCUME~1\TEST\LOCALS~1\Temp\h1wms86l4r2m.exe
O4 - HKCU\..\Run: [k7ka06ddo37wznebedn44nfhp1] C:\DOCUME~1\TEST\LOCALS~1\Temp\gwarrp6ypp.exe
O4 - HKCU\..\Run: [zdtu9oc1a950gl1i7tbzrfuo57j3p8stkjdfzrd] C:\DOCUME~1\TEST\LOCALS~1\Temp\dmmc45qd.exe
O4 - HKCU\..\Run: [vpi07hyqcuy94ueof] C:\DOCUME~1\TEST\LOCALS~1\Temp\nvhtt10t.exe
O4 - HKCU\..\Run: [mb5l4yla258q03uaw6mwiwwv5heq5] C:\DOCUME~1\TEST\LOCALS~1\Temp\l6tid92b02.exe
O4 - HKCU\..\Run: [z702nkkjpakiy9js5zvbz8qxpu4bf259j0lte7bi7bxjb] C:\DOCUME~1\TEST\LOCALS~1\Temp\v4cc3de.exe
O4 - HKCU\..\Run: [uin5twbrytqp3czi2caymwy970ya0si81t] C:\DOCUME~1\TEST\LOCALS~1\Temp\rk0egfapws1w.exe
O4 - HKCU\..\Run: [ma25tfduxmexgi2svzz4kth] C:\DOCUME~1\TEST\LOCALS~1\Temp\ytljo7.exe
O4 - HKCU\..\Run: [cpk2m9h3zq855ffq4g6crsms] C:\DOCUME~1\TEST\LOCALS~1\Temp\x66wzf3lkf60s.exe
O4 - HKCU\..\Run: [qwe47jvwwxmcbzx0z9fdj] C:\DOCUME~1\TEST\LOCALS~1\Temp\bdb603.exe
O4 - HKCU\..\Run: [qn6ac9xz9s6yhjmlfzw3xs6xfbfczb5yyld7v8ap5v] C:\DOCUME~1\TEST\LOCALS~1\Temp\g9gh9ze4zy.exe
O4 - HKCU\..\Run: [mzmgahatdgj2tr4mchfml6btwlylw0kxvqa1gf3pvx058crjo3] C:\DOCUME~1\TEST\LOCALS~1\Temp\n8n2sbrg.exe
O4 - HKCU\..\Run: [bywl4ms02czla4k7bzqc2voifqw5z5qb6p73rdvthvehd] C:\DOCUME~1\TEST\LOCALS~1\Temp\ty52kqsw.exe
O4 - HKCU\..\Run: [ri8penlqu9qb1] C:\DOCUME~1\TEST\LOCALS~1\Temp\u4fi2spwiz.exe
O4 - HKCU\..\Run: [utfwlcph3i73j6hyqyiggpl327cwqmpzmfmg] C:\DOCUME~1\TEST\LOCALS~1\Temp\jg0xt2thkkpj5.exe
O4 - HKCU\..\Run: [fm7rdyt56qljoa8viyj] C:\DOCUME~1\TEST\LOCALS~1\Temp\xo55xonu4b.exe
O4 - HKCU\..\Run: [cas0p9aa3e4] C:\DOCUME~1\TEST\LOCALS~1\Temp\jhtmbf9yr6xd.exe
O4 - HKCU\..\Run: [e0jq8415lmm40vlmn5xitejxakdx8nfoj2xc] C:\DOCUME~1\TEST\LOCALS~1\Temp\rha9yk.exe
O4 - HKCU\..\Run: [w2ovupzyquiyh5kkyi] C:\DOCUME~1\TEST\LOCALS~1\Temp\b95udu.exe
O4 - HKCU\..\Run: [bosb663eby6m7atfq657u1balbv4w8vqye1ayt] C:\DOCUME~1\TEST\LOCALS~1\Temp\pgxdl8c.exe
O4 - HKCU\..\Run: [sth1ff2q471rm6xvk] C:\DOCUME~1\TEST\LOCALS~1\Temp\o1gfe9zwv.exe
O4 - HKCU\..\Run: [yb6m28d2gh1ndu908ybogpwvu6qh] C:\DOCUME~1\TEST\LOCALS~1\Temp\zzdlzgnkrcqlm.exe
O4 - HKCU\..\Run: [lr99txsylw] C:\DOCUME~1\TEST\LOCALS~1\Temp\jrrc7f.exe
O4 - HKCU\..\Run: [wmakzq0byvd2phz1cqbhavl5303] C:\DOCUME~1\TEST\LOCALS~1\Temp\rvkmfleba62en.exe
O4 - HKCU\..\Run: [jw73u0zhp8dav3558bynxxifsrd8oon5g] C:\DOCUME~1\TEST\LOCALS~1\Temp\yur7yxrn9ii.exe
O4 - HKCU\..\Run: [rzsmcenwdljggv7txb426grgvk5obunm603knzd] C:\DOCUME~1\TEST\LOCALS~1\Temp\zqfpyvgcav0.exe
O4 - HKCU\..\Run: [kt45thuwcgi38w] C:\DOCUME~1\TEST\LOCALS~1\Temp\fyhcqqqh.exe
O4 - HKCU\..\Run: [eavkbp4qy48r1w9ynev3b7q29b7u6t04jswns3mt5o0iwwuj] C:\DOCUME~1\TEST\LOCALS~1\Temp\qh0vw0sps.exe
O4 - HKCU\..\Run: [zit6ek1t54ohznzn7] C:\DOCUME~1\TEST\LOCALS~1\Temp\ej0e2auiey.exe
O4 - HKCU\..\Run: [xjw33q8igtlx4pi0e8ptizt] C:\DOCUME~1\TEST\LOCALS~1\Temp\n7cv024.exe
O4 - HKCU\..\Run: [yu9vmyefihvx9iquezj7a58k5qa] C:\DOCUME~1\TEST\LOCALS~1\Temp\p72hy1kphv.exe
O4 - HKCU\..\Run: [zzr9dfklmem21g2k3k81j97bcmq] C:\DOCUME~1\TEST\LOCALS~1\Temp\qh7f6il0ip5.exe
O4 - HKCU\..\Run: [mbsxet2c6rfvkncbv35fen1z] C:\DOCUME~1\TEST\LOCALS~1\Temp\ym0293j538.exe
O4 - HKCU\..\Run: [wvs28x095e5uhkyiqecziksc2r8h0mfcisfjgy9u1lj1ze8s] C:\DOCUME~1\TEST\LOCALS~1\Temp\qi7m88awm2.exe
O4 - HKCU\..\Run: [izv1ltlc2pe] C:\DOCUME~1\TEST\LOCALS~1\Temp\cbc3miw0qer7.exe
O4 - HKCU\..\Run: [bk48b9crgev9] C:\DOCUME~1\TEST\LOCALS~1\Temp\cqqq1wi.exe
O4 - HKCU\..\Run: [unz7gijksutayjpi7t4qxsyg6qs] C:\DOCUME~1\TEST\LOCALS~1\Temp\q99q76ko.exe
O4 - HKCU\..\Run: [k1rheahsnnaof6vf8lb223d5x7] C:\DOCUME~1\TEST\LOCALS~1\Temp\qj4tdmkoy8w6.exe
O4 - HKCU\..\Run: [jupq60bvsshi15c6d45lbp6] C:\DOCUME~1\TEST\LOCALS~1\Temp\whbdz1d8kk8qp.exe
O4 - HKCU\..\Run: [lj4s9iomtekwurkgcj8dhj2h] C:\DOCUME~1\TEST\LOCALS~1\Temp\bl4cjwmh1qwxo.exe
O4 - HKCU\..\Run: [imwbfkie095acrcbn23f3m8133tesay8weysvy3nt58u5o8ncx] C:\DOCUME~1\TEST\LOCALS~1\Temp\ttzdj215.exe
O4 - HKCU\..\Run: [lltrp1urrykl66g5jksthmtvlf40kxi9vzc] C:\DOCUME~1\TEST\LOCALS~1\Temp\xibewye0ek.exe
O4 - HKCU\..\Run: [a096kattqt9w] C:\DOCUME~1\TEST\LOCALS~1\Temp\qondm3p2y8j.exe
O4 - HKCU\..\Run: [zhxho8qsdj8a2xafa9fxutp393gkrv9dqm0zr66y4] C:\DOCUME~1\TEST\LOCALS~1\Temp\ikux28gth2c.exe
O4 - HKCU\..\Run: [i3qsmpt91vxyvfu071dla02kjw1l8se0wuy6df1tq98lcrg7] C:\DOCUME~1\TEST\LOCALS~1\Temp\w3ug8iimkkv3.exe
O4 - HKCU\..\Run: [cof9z3lm5u1txt0quwn1alrdy2pu7y97acau3ob] C:\DOCUME~1\TEST\LOCALS~1\Temp\iwixm9.exe
O4 - HKCU\..\Run: [bgodgtchvujh81orcetivcas1qzi] C:\DOCUME~1\TEST\LOCALS~1\Temp\m4ufz5hl.exe
O4 - HKCU\..\Run: [ashegy6ltri4h0lohl7tlwe8935m9] C:\DOCUME~1\TEST\LOCALS~1\Temp\eh1gya8c.exe
O4 - HKCU\..\Run: [x6vzutle4irhwj8ghjhc8n0or8pc] C:\DOCUME~1\TEST\LOCALS~1\Temp\h5hh1req.exe
O4 - HKCU\..\Run: [itd513fh8fwlwfx9s7xishnfxz56953boj631x] C:\DOCUME~1\TEST\LOCALS~1\Temp\a73l0b0cj.exe
O4 - HKCU\..\Run: [kmem6ejf5ejbvcdei288clk6a59qfh2ycmjpfhkjsj37] C:\DOCUME~1\TEST\LOCALS~1\Temp\s3rmggr32.exe
O4 - HKCU\..\Run: [gjdtnm1m1ca45qe3v5adwwf41] C:\DOCUME~1\TEST\LOCALS~1\Temp\kum6zm6rsx02.exe
O4 - HKCU\..\Run: [i90d1q9lxqv2fi8oxsdzh4vyqgv9vru0dr52pv0dynsah0n1p] C:\DOCUME~1\TEST\LOCALS~1\Temp\un6bx3.exe
O4 - HKCU\..\Run: [orgy6odhvua791ebzpnr5xbdkfakqflikr7j] C:\DOCUME~1\TEST\LOCALS~1\Temp\o4z7bsbaei.exe
O4 - HKCU\..\Run: [tej29x86a0m550rqrhg8nn0c1xj5aqh] C:\DOCUME~1\TEST\LOCALS~1\Temp\cevvji8x98mqc.exe
O4 - HKCU\..\Run: [j9bdbew4vit3] C:\DOCUME~1\TEST\LOCALS~1\Temp\abal9jugwgl.exe
O4 - HKCU\..\Run: [oa40tm64droqauvagy8fkbmdyaw81hvp] C:\DOCUME~1\TEST\LOCALS~1\Temp\rv1tnp8kkc.exe
O4 - HKCU\..\Run: [zeto6ha2fia7onarfl7xllh99ftz68] C:\DOCUME~1\TEST\LOCALS~1\Temp\t0aib5tnco9u.exe
O4 - HKCU\..\Run: [ptkh4t9v7grsakdla0s] C:\DOCUME~1\TEST\LOCALS~1\Temp\b535eq8sx7o.exe
O4 - HKCU\..\Run: [rus94wb6lpb6lncs03y330ke4n91vlcd] C:\DOCUME~1\TEST\LOCALS~1\Temp\n3a61yza1j6b.exe
O4 - HKCU\..\Run: [rgvxq2pa6uqdn1yv4xtcqz4ctd7fzohe8a99] C:\DOCUME~1\TEST\LOCALS~1\Temp\wv2xopqsl.exe
O4 - HKCU\..\Run: [hjmykdg2lwxidnhzylai4lk4p] C:\DOCUME~1\TEST\LOCALS~1\Temp\yrw9b1lnw.exe
O4 - HKCU\..\Run: [hhxe53y1if21nbmczlk] C:\DOCUME~1\TEST\LOCALS~1\Temp\lakzxf.exe
O4 - HKCU\..\Run: [e0hthozvh0lifbxrw00vi19ucvwym1xoq94ckov5kbl9289zi] C:\DOCUME~1\TEST\LOCALS~1\Temp\m0y7rieb17e.exe
O4 - HKCU\..\Run: [czo3wubp44s25wwldwe9j6zi9grzstwn0grmp03ru8xw] C:\DOCUME~1\TEST\LOCALS~1\Temp\hgvvljmjpdp.exe
O4 - HKCU\..\Run: [diu27a2j8afhwnqiocxyqhgd4utrkgkhgomn] C:\DOCUME~1\TEST\LOCALS~1\Temp\co1x7q3qoq.exe
O4 - HKCU\..\Run: [hsobwf19bryd703qo3715ejkdwk6g6oqm1xbj4b9p8xacby5uj] C:\DOCUME~1\TEST\LOCALS~1\Temp\yqrjtd.exe
O4 - HKCU\..\Run: [d7tc66ovlu8symtrpjqf77dqs9785zadvblfd9hf6vw56syzu] C:\DOCUME~1\TEST\LOCALS~1\Temp\jjv23iug3u51.exe
O4 - HKCU\..\Run: [puviiibjfrp4mj] C:\DOCUME~1\TEST\LOCALS~1\Temp\qd9n6vcpq0iki.exe
O4 - HKCU\..\Run: [qwq4cbz1b26r0xbj94hdf5qyqkpbrs0zd6rebye] C:\DOCUME~1\TEST\LOCALS~1\Temp\npx4qw0m.exe
O4 - HKCU\..\Run: [pt69xdbxneikvizo7f6ooi6nqux9fxu82d0tbt] C:\DOCUME~1\TEST\LOCALS~1\Temp\txzr1rtnvchhm.exe
O4 - HKCU\..\Run: [ei76dnc0t3fgz5h8ddyf4deorega7igzmvauiptr8] C:\DOCUME~1\TEST\LOCALS~1\Temp\xmbsen6.exe
O4 - HKCU\..\Run: [yooio13vd1a] C:\DOCUME~1\TEST\LOCALS~1\Temp\t7uu77ano.exe
O4 - HKCU\..\Run: [nd6ofwocfnwj] C:\DOCUME~1\TEST\LOCALS~1\Temp\tjiuvycsg1kn.exe
O4 - HKCU\..\Run: [bpsb309u17pftvy] C:\DOCUME~1\TEST\LOCALS~1\Temp\kff6him4.exe
O4 - HKCU\..\Run: [zveq1xtzhptgtkk5xnn3wi9kptprpci64byvt6gvshtk] C:\DOCUME~1\TEST\LOCALS~1\Temp\dgwzfz4gg0f.exe
O4 - HKCU\..\Run: [sbzv04vy6zb3qtgfqn4suji138io1elkgovwwipthakgp0] C:\DOCUME~1\TEST\LOCALS~1\Temp\xddwdlgt11hd8.exe
O4 - HKCU\..\Run: [wr74k7setiuqrp1bfukcbqp2e1if2kp9k0zghvg4yd34m0kud] C:\DOCUME~1\TEST\LOCALS~1\Temp\qqea5nc4e.exe
O4 - HKCU\..\Run: [xtelxswhn6ayfp] C:\DOCUME~1\TEST\LOCALS~1\Temp\rhj8d4dbpv.exe
O4 - HKCU\..\Run: [na7nnwbtf910ojm157jyo5uztnb2wduhgdk] C:\DOCUME~1\TEST\LOCALS~1\Temp\jdqsc98s3x.exe
O4 - HKCU\..\Run: [u43ebcjpyjm5oz8hb4fqcr0az01sny6q] C:\DOCUME~1\TEST\LOCALS~1\Temp\knvq39od9jy.exe
O4 - HKCU\..\Run: [qlrpfag7l9l2llfvmbz] C:\DOCUME~1\TEST\LOCALS~1\Temp\cj2rjef4sda.exe
O4 - HKCU\..\Run: [ar2pmy3ougefig95czc8yqmg1u3h8f] C:\DOCUME~1\TEST\LOCALS~1\Temp\begw1vjqr.exe
O4 - HKCU\..\Run: [be41ovfkhrurqcvoxmrtogpt] C:\DOCUME~1\TEST\LOCALS~1\Temp\dkttnoo.exe
O4 - HKCU\..\Run: [xg9ex2ridvxy2g8ga3swo3tm9qakw1h3gtksnu] C:\DOCUME~1\TEST\LOCALS~1\Temp\zh0v0qzwy8k6.exe
O4 - HKCU\..\Run: [i7jyc4rrc4qoucutq76yeuftymfbvc4] C:\DOCUME~1\TEST\LOCALS~1\Temp\ty1hooz0ytq.exe
O4 - HKCU\..\Run: [x5g8aru1j7z9zllc5sci0lqoooblxkmc77cumcoot] C:\DOCUME~1\TEST\LOCALS~1\Temp\y8m69kdn2b.exe
O4 - HKCU\..\Run: [zr6aqmn8hlfj9875um] C:\DOCUME~1\TEST\LOCALS~1\Temp\kkan6bzr6n82.exe
O4 - HKCU\..\Run: [thmphygug0psoy3zue958rv9mqvxtuiripo] C:\DOCUME~1\TEST\LOCALS~1\Temp\hwynqcn.exe
O4 - HKCU\..\Run: [l7stsvqsndiww75tjgo6m5lo0vy9e86f7o7zwzl30mykll] C:\DOCUME~1\TEST\LOCALS~1\Temp\dhhpjwraj.exe
O4 - HKCU\..\Run: [qf5e5qqhvrs2lwknwoik3z] C:\DOCUME~1\TEST\LOCALS~1\Temp\rtcsvm.exe
O4 - HKCU\..\Run: [xm4e310lhss1f79rir5eg44jhujrl4wjsu46afickczt8ytju] C:\DOCUME~1\TEST\LOCALS~1\Temp\grc98crrcneeu.exe
O4 - HKCU\..\Run: [fgn1ltwik0nq1x4zxuef4vkvcfkkeasiun57w8abrio0dvpp2z] C:\DOCUME~1\TEST\LOCALS~1\Temp\qevu7nx6.exe
O4 - HKCU\..\Run: [zzmpb2kygmfg2bqsvuglgkb4] C:\DOCUME~1\TEST\LOCALS~1\Temp\bxeddxz3e.exe
O4 - HKCU\..\Run: [p61kou3b6ifoa2vvik4oruoob5a] C:\DOCUME~1\TEST\LOCALS~1\Temp\nqjurol3szu.exe
O4 - HKCU\..\Run: [wc2pmyek4e9xoppp046ceoei7ade6h8yzn7] C:\DOCUME~1\TEST\LOCALS~1\Temp\qoqi3h5r3rir.exe
O4 - HKCU\..\Run: [cit8g9aq8dnngmze847wt2hd9ncxs2wrcoi3td] C:\DOCUME~1\TEST\LOCALS~1\Temp\kl7ubp.exe
O4 - HKCU\..\Run: [baykm294fl1gx7gw564iwl55a29ob] C:\DOCUME~1\TEST\LOCALS~1\Temp\j6qwnqdm.exe
O4 - HKCU\..\Run: [ep3a23jcacbxplv8dmg7tlyjqfwc0wr2ekv3oe5g2ibnl3y3bi] C:\DOCUME~1\TEST\LOCALS~1\Temp\srdphi8u9515.exe
O4 - HKCU\..\Run: [z67iv79kbw3yjckctq4jrum1ftb6dwjrsqpgwaa1wh] C:\DOCUME~1\TEST\LOCALS~1\Temp\soyk8ncf.exe
O4 - HKCU\..\Run: [q10mx9xh9m5qjkmwf70f2tj26mse2ho5hq] C:\DOCUME~1\TEST\LOCALS~1\Temp\zs7tqu2q1tlue.exe
O4 - HKCU\..\Run: [d49r99or3tr] C:\DOCUME~1\TEST\LOCALS~1\Temp\btu13a13gv.exe
O4 - HKCU\..\Run: [hshxc8dqs6zss974i05htm3icw7exxz7arnr3h566zcsmb8] C:\DOCUME~1\TEST\LOCALS~1\Temp\p06k6jfz.exe
O4 - HKCU\..\Run: [lfzf0qn2kicyjm] C:\DOCUME~1\TEST\LOCALS~1\Temp\pf3sbbsyd5h.exe
O4 - HKCU\..\Run: [oxgjpyaq5qe1eaqn9qz] C:\DOCUME~1\TEST\LOCALS~1\Temp\wea94sep4.exe
O4 - HKCU\..\Run: [fzfcwk3uqfx3yvhfimu59t7rjk04s0yjg9] C:\DOCUME~1\TEST\LOCALS~1\Temp\l2qoe3xy.exe
O4 - HKCU\..\Run: [cd7m21d6hzv727eu1v30] C:\DOCUME~1\TEST\LOCALS~1\Temp\hpj6lp801.exe
O4 - HKCU\..\Run: [l2t3zdmj186l5yvf8fngcbuyn4ff4cqzvvl0hon1krj17esr] C:\DOCUME~1\TEST\LOCALS~1\Temp\avv5suj2lx.exe
O4 - HKCU\..\Run: [g09r00i2jfd19n4s8p2] C:\DOCUME~1\TEST\LOCALS~1\Temp\leeoy4lvofd.exe
O4 - HKCU\..\Run: [gxl68ypptjtxfepq44p0lupkcg5ux01u66jl9kq] C:\DOCUME~1\TEST\LOCALS~1\Temp\r8zvzxj.exe
O4 - HKCU\..\Run: [j51tkfbub7wf9pagpqhdjv8] C:\DOCUME~1\TEST\LOCALS~1\Temp\nw2ljvwww.exe
O4 - HKCU\..\Run: [iq3wrcgmpc1or] C:\DOCUME~1\TEST\LOCALS~1\Temp\v5e4t7tj.exe
O4 - HKCU\..\Run: [kfkuqxmynvko8plpvqh0pm61tyhi2uvmc3997uxli2qpbsz6h] C:\DOCUME~1\TEST\LOCALS~1\Temp\zuqm636ej7.exe
O4 - HKCU\..\Run: [fp7uyrya5pgr7td] C:\DOCUME~1\TEST\LOCALS~1\Temp\r2ln69l29vgul.exe
O4 - HKCU\..\Run: [g6b5xyo1lktbfhxuob7i] C:\DOCUME~1\TEST\LOCALS~1\Temp\fjb9yyg.exe
O4 - HKCU\..\Run: [auocvr8ebx3p] C:\DOCUME~1\TEST\LOCALS~1\Temp\j8nrbdtal.exe
O4 - HKCU\..\Run: [c6eva8tfk] C:\DOCUME~1\TEST\LOCALS~1\Temp\qxzso969ywg.exe
O4 - HKCU\..\Run: [efvmpkbrmkifoqe1jp2ethkqy9qruo77lg1] C:\DOCUME~1\TEST\LOCALS~1\Temp\nsns8a.exe
O4 - HKCU\..\Run: [lmepwtxj1ycnpkvign2kcn4nzvvvftc55ng7r] C:\DOCUME~1\TEST\LOCALS~1\Temp\mn1eqryox1ee.exe
O4 - HKCU\..\Run: [qq2ccsvaopydr5qjjr99g6svoulkdj3004bdcy0wk] C:\DOCUME~1\TEST\LOCALS~1\Temp\tm8z93s0dd.exe
O4 - HKCU\..\Run: [kb23abb5upw0rvmw2ozihy6fbt6o78ofeftown4c55oi8] C:\DOCUME~1\TEST\LOCALS~1\Temp\id30ss7o31kqd.exe
O4 - HKCU\..\Run: [a7afnid1pxbxzd5jrausalqxk8997rx4ao9vqj6ma2] C:\DOCUME~1\TEST\LOCALS~1\Temp\m2f15ok.exe
O4 - HKCU\..\Run: [nxydp2gpqzauyr2843qhhajpe7c6tlyeser3b3lg73] C:\DOCUME~1\TEST\LOCALS~1\Temp\lny3ypo5f.exe
O4 - HKCU\..\Run: [fr8yilumuta7hw05kzlyo7cc9hue7dip2yo] C:\DOCUME~1\TEST\LOCALS~1\Temp\xgmkvza9jj7.exe
O4 - HKCU\..\Run: [kadbp6sj2cpg0ubldf3wugigw7] C:\DOCUME~1\TEST\LOCALS~1\Temp\lxtnn5om8dj40.exe
O4 - HKCU\..\Run: [f8heyw21ud0qp3zxgtt97vankwg3nm] C:\DOCUME~1\TEST\LOCALS~1\Temp\eftmeb4lz.exe
O4 - HKCU\..\Run: [bd24oa5o50es2sa4py09a4zs8uu32nulxp6hjy3o6e1a5g] C:\DOCUME~1\TEST\LOCALS~1\Temp\phc5klpe2d.exe
O4 - HKCU\..\Run: [uegk6cp2s9drstm6tepmaxjmadobdptcw9jay31] C:\DOCUME~1\TEST\LOCALS~1\Temp\xsu06d0bmv21r.exe
O4 - HKCU\..\Run: [y82wrqwy2lag4jpyjggkgm] C:\DOCUME~1\TEST\LOCALS~1\Temp\qkp23ggr6jwca.exe
O4 - HKCU\..\Run: [dpgsl2ut4k5sav4] C:\DOCUME~1\TEST\LOCALS~1\Temp\mqyozrqg.exe
O4 - HKCU\..\Run: [w0012xjqjruxyz142q84wc4tzd7gr] C:\DOCUME~1\TEST\LOCALS~1\Temp\is1mmmvf.exe
O4 - HKCU\..\Run: [zy2hu5ix2oc5eixhc2qvsw9p1fj] C:\DOCUME~1\TEST\LOCALS~1\Temp\ao8nlrm6.exe
O4 - HKCU\..\Run: [utw1bakg4d1w5kdt75l9i6xi] C:\DOCUME~1\TEST\LOCALS~1\Temp\lq8681oz1.exe
O4 - HKCU\..\Run: [ay6vii1w6q7079sc4gv6nv6v35] C:\DOCUME~1\TEST\LOCALS~1\Temp\fnpm6njcmk0.exe
O4 - HKCU\..\Run: [o0yqq710ydzfjxjh3naafsln7p0rkya51jgwvv3wa12afd0] C:\DOCUME~1\TEST\LOCALS~1\Temp\i2w6s2cw8wcz.exe
O4 - HKCU\..\Run: [p59uo40n3mi4kfhgww44zxhp0xuu47] C:\DOCUME~1\TEST\LOCALS~1\Temp\ay37r736r7o9.exe
O4 - HKCU\..\Run: [kjpwo8mu0es0] C:\DOCUME~1\TEST\LOCALS~1\Temp\koswywexj6a6.exe
O4 - HKCU\..\Run: [w585oggcq2ll8vo7cbjk4rjhmr] C:\DOCUME~1\TEST\LOCALS~1\Temp\b8j4v2b172g.exe
O4 - HKCU\..\Run: [dxdwoo7sgscpv849i2enx21ag0q2esxq] C:\DOCUME~1\TEST\LOCALS~1\Temp\qk6iqbntzn.exe
O4 - HKCU\..\Run: [zznp0d4k7y38dp7ci2hsbnn] C:\DOCUME~1\TEST\LOCALS~1\Temp\fnasoqu3.exe
O4 - HKCU\..\Run: [nwf0jfmt1xqwgqf1] C:\DOCUME~1\TEST\LOCALS~1\Temp\xbferbzc2vw9b.exe
O4 - HKCU\..\Run: [hemp1w1na99yrzgycbtq2drra2uab8p] C:\DOCUME~1\TEST\LOCALS~1\Temp\syzksfl.exe
O4 - HKCU\..\Run: [ctrbtilccsybmf1kj9s7] C:\DOCUME~1\TEST\LOCALS~1\Temp\ekd3j25.exe
O4 - HKCU\..\Run: [la6kp385ozg922ut4psp0ixeb7i0h57ki8] C:\DOCUME~1\TEST\LOCALS~1\Temp\xqp6gl72.exe
O4 - HKCU\..\Run: [bags5gh0hv689vykechoa6hq3qvu3hnpnki0hagy8vvqaqo8l] C:\DOCUME~1\TEST\LOCALS~1\Temp\mykm9dv5p5o.exe
O4 - HKCU\..\Run: [m1m6ibc85aljbk] C:\DOCUME~1\TEST\LOCALS~1\Temp\lv268g87b78t.exe
O4 - HKCU\..\Run: [lbdv7odv990h8i9ondnhem0p5y5uzxim5u0tgi1d] C:\DOCUME~1\TEST\LOCALS~1\Temp\b832n0.exe
O4 - HKCU\..\Run: [mvdtryqydcrdhxqk06hxkla3k] C:\DOCUME~1\TEST\LOCALS~1\Temp\kwgjinn3.exe
O4 - HKCU\..\Run: [fcne4nfwtywav5ofhhuvg244a4oomtrk884lzluhxgl9640u] C:\DOCUME~1\TEST\LOCALS~1\Temp\h84j2ob0lk9.exe
O4 - HKCU\..\Run: [i4ahgz06q4qyr] C:\DOCUME~1\TEST\LOCALS~1\Temp\oxz1fkovrqz8p.exe
O4 - HKCU\..\Run: [su8zzle0devfjf5d8mf0hqvtz] C:\DOCUME~1\TEST\LOCALS~1\Temp\zzzk2u.exe
O4 - HKCU\..\Run: [thkhjkzfldq0xee] C:\DOCUME~1\TEST\LOCALS~1\Temp\jty3hq05j.exe
O4 - HKCU\..\Run: [eomh35f28vu859f32dzvstkc8gcejjwy1eqc] C:\DOCUME~1\TEST\LOCALS~1\Temp\o9yj2mxb7sl1.exe
O4 - HKCU\..\Run: [jz21n3ht99t68ceqht81tm7sngekc6a9qzxmus3] C:\DOCUME~1\TEST\LOCALS~1\Temp\kp5lyopuk.exe
O4 - HKCU\..\Run: [t4tl1ryzjyajtet135s4aw0fattu3xwuwx8pgivbaldeiiq3gb] C:\DOCUME~1\TEST\LOCALS~1\Temp\ifxcf5ej1yhds.exe
O4 - HKCU\..\Run: [cq8lfp9w4mo8fybbir6cs6dumz8y7z8z5i] C:\DOCUME~1\TEST\LOCALS~1\Temp\fnq0lgf9jz.exe
O4 - HKCU\..\Run: [t3omdp1gzvr5q0a7xeg] C:\DOCUME~1\TEST\LOCALS~1\Temp\xtzo0jgb.exe
O4 - HKCU\..\Run: [bh9fqx1bptty1hf568cqe1fc36i7acjkn4lbhkj5wn22z] C:\DOCUME~1\TEST\LOCALS~1\Temp\e2kt8ba4uu.exe
O4 - HKCU\..\Run: [dqov92j7bxivr1ecykvu4wpvlckfig64xj9xrjz7hga4bdo2] C:\DOCUME~1\TEST\LOCALS~1\Temp\a4afuu.exe
O4 - HKCU\..\Run: [jhazossts7cdzve] C:\DOCUME~1\TEST\LOCALS~1\Temp\z4742sg1pua.exe
O4 - HKCU\..\Run: [to9vdy28e6tfxnpxqb0uuti8xq0dccpi] C:\DOCUME~1\TEST\LOCALS~1\Temp\vatjzffs2o.exe
O4 - HKCU\..\Run: [cx1mlg7f2b21j6251ygrkzj] C:\DOCUME~1\TEST\LOCALS~1\Temp\gtc25p0l56g.exe
O4 - HKCU\..\Run: [dgwbhiagf234mkvrqrwnnr69xwn07yu8iteu] C:\DOCUME~1\TEST\LOCALS~1\Temp\og516kqumc4.exe
O4 - HKCU\..\Run: [i8lg5g0cv2nvm19] C:\DOCUME~1\TEST\LOCALS~1\Temp\xx0hoqoy58mz.exe
O4 - HKCU\..\Run: [ruwk65gc2f7au0nw9011k0a3zl7e3e8lu7p] C:\DOCUME~1\TEST\LOCALS~1\Temp\cnmk5faj4f.exe
O4 - HKCU\..\Run: [x5e2sh67ms2v4l5v3cl2cwtxkmy] C:\DOCUME~1\TEST\LOCALS~1\Temp\wf4e8fw5y4.exe
O4 - HKCU\..\Run: [pvfrsljppchmco] C:\DOCUME~1\TEST\LOCALS~1\Temp\dyr6f509qm.exe
O4 - HKCU\..\Run: [vbh12wms9wm0t1lqcbntijre9lqdbs88j1i9brz] C:\DOCUME~1\TEST\LOCALS~1\Temp\ya91y2n.exe
O4 - HKCU\..\Run: [v40qvz3dngfolhns039ytxjwa] C:\DOCUME~1\TEST\LOCALS~1\Temp\igwkezl1tpbpn.exe
O4 - HKCU\..\Run: [df16q38o7rnhdd6he3ovr5vz3f5m23vi1m4vwr5ur7k4e257y] C:\DOCUME~1\TEST\LOCALS~1\Temp\lv340e.exe
O4 - HKCU\..\Run: [mdgrdaqqihaip3c5kazy41emh09] C:\DOCUME~1\TEST\LOCALS~1\Temp\vl6u4p.exe
O4 - HKCU\..\Run: [s4i9cpnnwyhdozxevywk9i9xer2kjweok48hhr] C:\DOCUME~1\TEST\LOCALS~1\Temp\ebl9x3mnpmk.exe
O4 - HKCU\..\Run: [fo1g3mobg4hkg2tlwi00i3fpqi1u9e6] C:\DOCUME~1\TEST\LOCALS~1\Temp\pdls3dogs43o.exe
O4 - HKCU\..\Run: [rdm5acyxdzq9] C:\DOCUME~1\TEST\LOCALS~1\Temp\ja281z.exe
O4 - HKCU\..\Run: [e0233jy9rod6w95aj86ead1nh] C:\DOCUME~1\TEST\LOCALS~1\Temp\arsbtoe6.exe
O4 - HKCU\..\Run: [f2p6d4ko2dqxrlezvs67o3rxoie4] C:\DOCUME~1\TEST\LOCALS~1\Temp\a1nvz4vnvm99.exe
O4 - HKCU\..\Run: [eisgyw79wt75nctokskou4kzy9xv2yj8jtdww2uo2k0] C:\DOCUME~1\TEST\LOCALS~1\Temp\hqzwc0.exe
O4 - HKCU\..\Run: [chhi0coppkv2] C:\DOCUME~1\TEST\LOCALS~1\Temp\aspiyjoye5.exe
O4 - HKCU\..\Run: [ln47zevbhm] C:\DOCUME~1\TEST\LOCALS~1\Temp\g0r59ey.exe
O4 - HKCU\..\Run: [cc26y1lvcfa3y] C:\DOCUME~1\TEST\LOCALS~1\Temp\kpmnme187.exe
O4 - HKCU\..\Run: [bou08f9x89zs] C:\DOCUME~1\TEST\LOCALS~1\Temp\h0ug1gpiuy.exe
O4 - HKCU\..\Run: [bp7zi7s8mdsqtz8g5semb9s92vsppnx9fp7s5k] C:\DOCUME~1\TEST\LOCALS~1\Temp\ehk0by1t1bq5.exe
O4 - HKCU\..\Run: [uima0jt8nns5e8wo] C:\DOCUME~1\TEST\LOCALS~1\Temp\h5d0rxdwu.exe
O4 - HKCU\..\Run: [aq5lg37pju82cpt5xyuze7r3v10rfi1elt2u2nl8p687mbf6t] C:\DOCUME~1\TEST\LOCALS~1\Temp\vyrm34.exe
O4 - HKCU\..\Run: [k6lx6c63tiyb4s3sfd08zcipi8a1ns2whcekrgrz] C:\DOCUME~1\TEST\LOCALS~1\Temp\zir40kxy35p.exe
O4 - HKCU\..\Run: [y3v6sp5l8mi34itu42kt09nhjv5zqaq8op] C:\DOCUME~1\TEST\LOCALS~1\Temp\so3m7680ntw9.exe
O4 - HKCU\..\Run: [w912inapqgcc3h6zspegay0] C:\DOCUME~1\TEST\LOCALS~1\Temp\nzh7sqsbszk3b.exe
O4 - HKCU\..\Run: [najy3f8baiadwoemmbt15le76w8vx] C:\DOCUME~1\TEST\LOCALS~1\Temp\c7crbf7z.exe
O4 - HKCU\..\Run: [wsjg62dcivcfptykh6863h0zbi34xijxet1ymflcjh8p2w0cxe] C:\DOCUME~1\TEST\LOCALS~1\Temp\ov589oh0tt2la.exe
O4 - HKCU\..\Run: [ln6vss0at8elq7] C:\DOCUME~1\TEST\LOCALS~1\Temp\fmqeqtcdbt6.exe
O4 - HKCU\..\Run: [uvs1j0b2epw2zixwyultlwwngbw8eqrfk0yztyxw8yob] C:\DOCUME~1\TEST\LOCALS~1\Temp\jipeasm.exe
O4 - HKCU\..\Run: [xao0tj9ej744yprstyjcd5krl1xf72d1lkutu] C:\DOCUME~1\TEST\LOCALS~1\Temp\loevch6ixt5.exe
O4 - HKCU\..\Run: [an3yzxq8zmu2txi] C:\DOCUME~1\TEST\LOCALS~1\Temp\rdnh7gk9d8.exe
O4 - HKCU\..\Run: [pr4814o01c] C:\DOCUME~1\TEST\LOCALS~1\Temp\cwnhu7m2gqh.exe
O4 - HKCU\..\Run: [orsj5jlio27uqlt611dfo4yph1vu4cjnw5vbvoc] C:\DOCUME~1\TEST\LOCALS~1\Temp\usu1tvdtzka.exe
O4 - HKCU\..\Run: [d56kkq2t2wn9b1t52vn252vkdzn2yqzgqxplf7snpih] C:\DOCUME~1\TEST\LOCALS~1\Temp\v2zzkcx40e5r.exe
O4 - HKCU\..\Run: [ss1wrepdehy66a5w4t3hfllelypvy9i] C:\DOCUME~1\TEST\LOCALS~1\Temp\n3p39yt9284.exe
O4 - HKCU\..\Run: [e75es5xag4a2rasurpx62fd] C:\DOCUME~1\TEST\LOCALS~1\Temp\ympmw8v25qn5.exe
O4 - HKCU\..\Run: [rbq6ntbj65k3i4ee] C:\DOCUME~1\TEST\LOCALS~1\Temp\u78o89.exe
O4 - HKCU\..\Run: [lswuu9uev1m60hof4xkd8zgwp] C:\DOCUME~1\TEST\LOCALS~1\Temp\cbk494.exe
O4 - HKCU\..\Run: [vew9x694z0buzh7b0zoyjim37ad2eqx41l3mbs5mejaa] C:\DOCUME~1\TEST\LOCALS~1\Temp\lyc0ikborz5ax.exe
O4 - HKCU\..\Run: [jkost0rx36hv0r9] C:\DOCUME~1\TEST\LOCALS~1\Temp\lthbqfi.exe
O4 - HKCU\..\Run: [deytyhrxkbubcq5bn3bsx0sxoxpva] C:\DOCUME~1\TEST\LOCALS~1\Temp\t2ma793aawyc.exe
O4 - HKCU\..\Run: [gjgnq4kiomy5rylltp4tue8eyvham8bwg2lmbgz5iet] C:\DOCUME~1\TEST\LOCALS~1\Temp\mkm9hw29.exe
O4 - HKCU\..\Run: [dve0ycvsj8wodbtodaewtdy6cwhq05qvu] C:\DOCUME~1\TEST\LOCALS~1\Temp\nz375v.exe
O4 - HKCU\..\Run: [ktuxa4xy3ulxjwat] C:\DOCUME~1\TEST\LOCALS~1\Temp\zrpyfpeews.exe
O4 - HKCU\..\Run: [yb75eymyxu7qkvtjsuekhqq9awn] C:\DOCUME~1\TEST\LOCALS~1\Temp\qevblqoxgs6gu.exe
O4 - HKCU\..\Run: [qjxosn4btqz489v4x85knq9un6ifv0m4o9dje] C:\DOCUME~1\TEST\LOCALS~1\Temp\tylygm5v245ud.exe
O4 - HKCU\..\Run: [sey0kbz2yfcgh18ox095xf7nvs9ilw] C:\DOCUME~1\TEST\LOCALS~1\Temp\t34i6kaslnso.exe
O4 - HKCU\..\Run: [ditb6z64kvz1so3gqemh1sid] C:\DOCUME~1\TEST\LOCALS~1\Temp\yi8rjgct65.exe
O4 - HKCU\..\Run: [o5cmiw9na2qjrxr1f631dndwmb9uzv] C:\DOCUME~1\TEST\LOCALS~1\Temp\uutxbfqqv5.exe
O4 - HKCU\..\Run: [a0yp5t1vjlndptk] C:\DOCUME~1\TEST\LOCALS~1\Temp\by2l388.exe
O4 - HKCU\..\Run: [e3y80nr7hjmyso9ywbrdjid8lhv64femzro82efztvd9ij] C:\DOCUME~1\TEST\LOCALS~1\Temp\a8ubhmye.exe
O4 - HKCU\..\Run: [ikxeoi1me4] C:\DOCUME~1\TEST\LOCALS~1\Temp\dn8ywjksyiz.exe
O4 - HKCU\..\Run: [ym6714bfd8jw79gpi4uv69lv0iu0jopesx] C:\DOCUME~1\TEST\LOCALS~1\Temp\rn2z5b74.exe
O4 - HKCU\..\Run: [os6yd3ibbl3] C:\DOCUME~1\TEST\LOCALS~1\Temp\sot19lgum9z5.exe
O4 - HKCU\..\Run: [xpr4x2hpe5f1a] C:\DOCUME~1\TEST\LOCALS~1\Temp\p60slcykxg866.exe
O4 - HKCU\..\Run: [agm1egql8x] C:\DOCUME~1\TEST\LOCALS~1\Temp\fokrqu.exe
O4 - HKCU\..\Run: [t30m6ztvzx5hgck54oh68otm] C:\DOCUME~1\TEST\LOCALS~1\Temp\z41oogoj.exe
O4 - HKCU\..\Run: [dpdhkj6vi0yf7wpdccfsl91hln14t8llq0euj] C:\DOCUME~1\TEST\LOCALS~1\Temp\kga9om7.exe
O4 - HKCU\..\Run: [vtdy3zui87cuy5] C:\DOCUME~1\TEST\LOCALS~1\Temp\qps34v.exe
O4 - HKCU\..\Run: [ivhuv1ohuqtz1aeds2guu5zohnrz6rgcgunwx0ekg] C:\DOCUME~1\TEST\LOCALS~1\Temp\b8smamt.exe
O4 - HKCU\..\Run: [te6ytvvp3r1afvj9h995xcjrzx3q44c65rdr6ui] C:\DOCUME~1\TEST\LOCALS~1\Temp\xe4lhr4e.exe
O4 - HKCU\..\Run: [oiuy03i6xasn] C:\DOCUME~1\TEST\LOCALS~1\Temp\icir2j1g3b9j.exe
O4 - HKCU\..\Run: [ws01v4x334qbr867snuk5phaklc6vg0v1y38gy54rffblmd5] C:\DOCUME~1\TEST\LOCALS~1\Temp\biuq9km4fer1q.exe
O4 - HKCU\..\Run: [sdvh6jxrfkd2j0gl6iynsa53gyt] C:\DOCUME~1\TEST\LOCALS~1\Temp\yrnlyltsi.exe
O4 - HKCU\..\Run: [bedsmp1fi3noczbhrok1h55q] C:\DOCUME~1\TEST\LOCALS~1\Temp\zygeb2dbf67.exe
O4 - HKCU\..\Run: [azwwklq7p7] C:\DOCUME~1\TEST\LOCALS~1\Temp\knfovourduwpp.exe
O4 - HKCU\..\Run: [o131yw2hmps1n] C:\DOCUME~1\TEST\LOCALS~1\Temp\qwa2vwsuph6t.exe
O4 - HKCU\..\Run: [lmp55cc3ss9roa55ozy2df5hgbeovvfeuhk2hg2i1xozgc] C:\DOCUME~1\TEST\LOCALS~1\Temp\hqlcchldxuy.exe
O4 - HKCU\..\Run: [w13ivkru2] C:\DOCUME~1\TEST\LOCALS~1\Temp\ktbz7djfs1o.exe
O4 - HKCU\..\Run: [fmxi09lxrx0jv72jzye] C:\DOCUME~1\TEST\LOCALS~1\Temp\kpp3mv.exe
O4 - HKCU\..\Run: [lzx1zd7837obryg9dfb39ey1ssubxwcre3wsvf74uytddj4z5] C:\DOCUME~1\TEST\LOCALS~1\Temp\nzk6s756oi.exe
O4 - HKCU\..\Run: [h6bpgdqze7nb4c2car2f1] C:\DOCUME~1\TEST\LOCALS~1\Temp\bby94xo.exe
O4 - HKCU\..\Run: [gnwrssd1xusi7hnlvliqwgwogyzkon8g7gxj] C:\DOCUME~1\TEST\LOCALS~1\Temp\ifhu38dvco.exe
O4 - HKCU\..\Run: [w5gcbrr8txya] C:\DOCUME~1\TEST\LOCALS~1\Temp\ju5ckp2kdi.exe
O4 - HKCU\..\Run: [zl5ngrlmw4uggfvmtl5i3ol5w6ltv7a1mbshov8m] C:\DOCUME~1\TEST\LOCALS~1\Temp\pjqzv52.exe
O4 - HKCU\..\Run: [jsprrr797en6d99nxhs1thf0z] C:\DOCUME~1\TEST\LOCALS~1\Temp\xs2i5d.exe
O4 - HKCU\..\Run: [buufuco2c3j0bj8l8ujy23c4of5q017r7441cejnbcm10g4j95] C:\DOCUME~1\TEST\LOCALS~1\Temp\hkx3k6.exe
O4 - HKCU\..\Run: [fexlk05zz1xpt0rutogjtzcn97yuahxys3k06v6bcf649k] C:\DOCUME~1\TEST\LOCALS~1\Temp\kubnq38qn0.exe
O4 - HKCU\..\Run: [hxmdk3uho] C:\DOCUME~1\TEST\LOCALS~1\Temp\n53ekxzz.exe
O4 - HKCU\..\Run: [xtg6elp5bsy1xu57v0zr4ioddbiye] C:\DOCUME~1\TEST\LOCALS~1\Temp\gn3wbkyy2diq.exe
O4 - HKCU\..\Run: [mpdslvzkoiwaih775fzqofedt3xjc3dgzp9m9sdk7nx2e] C:\DOCUME~1\TEST\LOCALS~1\Temp\f6ti9jv.exe
O4 - HKCU\..\Run: [ty42l8rnv9tgb4jswm252w88] C:\DOCUME~1\TEST\LOCALS~1\Temp\qucl5r6.exe
O4 - HKCU\..\Run: [sjjpzusvvkunrsjl0] C:\DOCUME~1\TEST\LOCALS~1\Temp\uzlhassj34j8.exe
O4 - HKCU\..\Run: [s6f8ex1jvc0ahis7rgmpofr661b5o9p9eixsv41mi] C:\DOCUME~1\TEST\LOCALS~1\Temp\xt26omfnwjz9h.exe
O4 - HKCU\..\Run: [zelojb750gdv5820ez75aif0oq4wxeafejdgokd] C:\DOCUME~1\TEST\LOCALS~1\Temp\xsrzwus7nbwql.exe
O4 - HKCU\..\Run: [gcbl2k5vufc08g9wtm6t8pxalmb4chx4kpa3p] C:\DOCUME~1\TEST\LOCALS~1\Temp\titlyv.exe
O4 - HKCU\..\Run: [y1bhu0u2n1wn8ni5x7llnkpeuqtml21] C:\DOCUME~1\TEST\LOCALS~1\Temp\ojt5uznkos0.exe
O4 - HKCU\..\Run: [o1f0te7z6sltho6wqbioabl1fxnosnjd6s3wu4] C:\DOCUME~1\TEST\LOCALS~1\Temp\rpsw8b270h6g.exe
O4 - HKCU\..\Run: [y5wwquvea1eu2w9jk8bsd1a4t3bjkc9gauo6fhya4o] C:\DOCUME~1\TEST\LOCALS~1\Temp\gx4xrhh.exe
O4 - HKCU\..\Run: [bhvautxdl9t62rh6u7kr2q4exho1wdf50izjc2q06] C:\DOCUME~1\TEST\LOCALS~1\Temp\jhdk3df.exe
O4 - HKCU\..\Run: [oun8c248d8lcc1030a580cba559scgvnwfqeg1d5bytt] C:\DOCUME~1\TEST\LOCALS~1\Temp\eioe6q.exe
O4 - HKCU\..\Run: [s1x8abjf0ghne8qyv2x4i2aah4bpvvgcqgz5h8yh6z91eg2y] C:\DOCUME~1\TEST\LOCALS~1\Temp\isckcin0h.exe
O4 - HKCU\..\Run: [vshu1x0z60x09bwrkzyszmvuoyzbifckol9lsol4q35] C:\DOCUME~1\TEST\LOCALS~1\Temp\ku34dpxi4k.exe
O4 - HKCU\..\Run: [mdyn6mwtnawhk7not2vw7gbk06366b3wdbydwu1zq88h4wlbj] C:\DOCUME~1\TEST\LOCALS~1\Temp\xmhpszf068.exe
O4 - HKCU\..\Run: [fl25777ch5vzvvvexpnfafhfg] C:\DOCUME~1\TEST\LOCALS~1\Temp\jfm66uri15ya.exe
O4 - HKCU\..\Run: [cud62d4pcaeztwgponhbozl2rs1d8gew1oq7ghol] C:\DOCUME~1\TEST\LOCALS~1\Temp\eloabusv.exe
O4 - HKCU\..\Run: [sa0t8ryb49] C:\DOCUME~1\TEST\LOCALS~1\Temp\pjlgwigj18q5.exe
O4 - HKCU\..\Run: [m2xldimkr3c7ja35ixpwr9brc3bu85igg74l45hx9m9m6s] C:\DOCUME~1\TEST\LOCALS~1\Temp\xkzaoitd.exe
O4 - HKCU\..\Run: [ejwf7glztcxp0x2kgpujiyrdq7] C:\DOCUME~1\TEST\LOCALS~1\Temp\fteacpmne42l.exe
O4 - HKCU\..\Run: [c1asaoaq3l] C:\DOCUME~1\TEST\LOCALS~1\Temp\jiqspl.exe
O4 - HKCU\..\Run: [aibk9ku7fmyz0x7dfwg8hnhkjrl3cni1twyox5ay2k2ua46] C:\DOCUME~1\TEST\LOCALS~1\Temp\pdy9oa.exe
O4 - HKCU\..\Run: [nd4kyrvuqm1732sywp8ylzwmbspzzcdjij2wywn8olcu] C:\DOCUME~1\TEST\LOCALS~1\Temp\rj4mhlcc5c.exe
O4 - HKCU\..\Run: [by2d3z8o7w05efjv5b5yz40m5tv5if8z14jnmqh9gvmlop7r1] C:\DOCUME~1\TEST\LOCALS~1\Temp\bbi7wvdu70.exe
O4 - HKCU\..\Run: [g3pxwgwas4kn1i08dr8zg8m1l9b4zsgrreq77oec23h] C:\DOCUME~1\TEST\LOCALS~1\Temp\s44bg8.exe
O4 - HKCU\..\Run: [b10wby2df13msk3qu8cn8at8ypvf] C:\DOCUME~1\TEST\LOCALS~1\Temp\raaevw9m.exe
O4 - HKCU\..\Run: [rj4szd0mkd4vg6] C:\DOCUME~1\TEST\LOCALS~1\Temp\llsrhwe8.exe
O4 - HKCU\..\Run: [d3xfwwjiwdq5bjxh1uruwqgm4s0pnj4erxgm6qb38mmyt599] C:\DOCUME~1\TEST\LOCALS~1\Temp\sb1zz6ivzmez.exe
O4 - HKCU\..\Run: [fmih4mezorgnf9ay84njyjl9uk8jnut] C:\DOCUME~1\TEST\LOCALS~1\Temp\p19w7lg1f4ufm.exe
O4 - HKCU\..\Run: [ebg640qh2lakxrhrqxa7bvlb6h6udmpth5jwr0m5ipinm4] C:\DOCUME~1\TEST\LOCALS~1\Temp\gpcxi00tst.exe
O4 - HKCU\..\Run: [o1e4hzij3y8j7ah] C:\DOCUME~1\TEST\LOCALS~1\Temp\mog79a3mqb9aa.exe
O4 - HKCU\..\Run: [q6z2plptxdq] C:\DOCUME~1\TEST\LOCALS~1\Temp\lafgqph0r.exe
O4 - HKCU\..\Run: [axeavzz3xek5008e8bv7jimd] C:\DOCUME~1\TEST\LOCALS~1\Temp\ozonb2kc.exe
O4 - HKCU\..\Run: [q1s2la1dzr0h6p3fme6vcdb4m9ezej6b9mo0jw1] C:\DOCUME~1\TEST\LOCALS~1\Temp\q9ghyu1ed.exe
O4 - HKCU\..\Run: [zx0kvahdn1yklqvjb44ve1f3747vyt8ncjgyyg5l998gj] C:\DOCUME~1\TEST\LOCALS~1\Temp\v6iem70.exe
O4 - HKCU\..\Run: [cgsu1k2cucm4ep7pisc53ja43xxx4dzi7l2hm1e1hq] C:\DOCUME~1\TEST\LOCALS~1\Temp\asilza8f.exe
O4 - HKCU\..\Run: [rqeox4eenh6h2cbkdlvx0lw8h3oo50ick213in2] C:\DOCUME~1\TEST\LOCALS~1\Temp\jafsglix3.exe
O4 - HKCU\..\Run: [nm50kn97rvmhcb3bmg6owourqaztkhj4wwck3r3tm7i41uays] C:\DOCUME~1\TEST\LOCALS~1\Temp\f3q11285ib4.exe
O4 - HKCU\..\Run: [llvtztliezt12scavrvmlf5fpg1xr6n8ajob9j542nxw] C:\DOCUME~1\TEST\LOCALS~1\Temp\ajnpc3gunhf.exe
O4 - HKCU\..\Run: [v3g4zuakmuyybjt34hkd6n51pwjap1] C:\DOCUME~1\TEST\LOCALS~1\Temp\srl1m0ukd9l5d.exe
O4 - HKCU\..\Run: [naemmwqmdjc8zcv6scg1tdwrq5jyhhlf1bpo] C:\DOCUME~1\TEST\LOCALS~1\Temp\gpeytgxjr.exe
O4 - HKCU\..\Run: [gurggyf92vglu7snmh6zxkgetyy3tvwpfxtcpjoarkp] C:\DOCUME~1\TEST\LOCALS~1\Temp\j4l1fvq3d7.exe
O4 - HKCU\..\Run: [aw5fstwp012bszm6dblsz17q1s40y] C:\DOCUME~1\TEST\LOCALS~1\Temp\cxrcu7.exe
O4 - HKCU\..\Run: [su9t9vkx83genbkeczdemh92pr2abe5z2e] C:\DOCUME~1\TEST\LOCALS~1\Temp\dco9s0.exe
O4 - HKCU\..\Run: [qwjq8gb7diujc] C:\DOCUME~1\TEST\LOCALS~1\Temp\a3qdry92u93g.exe
O4 - HKCU\..\Run: [z0ftohmk9w2heel] C:\DOCUME~1\TEST\LOCALS~1\Temp\hsle4u.exe
O4 - HKCU\..\Run: [c2t6bd5n5eo] C:\DOCUME~1\TEST\LOCALS~1\Temp\njrgdb.exe
O4 - HKCU\..\Run: [fgcsp67qa8boeww5kr94l6a98e72kscizotya5hw2] C:\DOCUME~1\TEST\LOCALS~1\Temp\fqxbg9.exe
O4 - HKCU\..\Run: [fphatusuxjhhm4ywpk2u5dm59r3hkh] C:\DOCUME~1\TEST\LOCALS~1\Temp\btn4414kx.exe
O4 - HKCU\..\Run: [tpo3hxzfdbbiwon51ijzhwcq4ee689o] C:\DOCUME~1\TEST\LOCALS~1\Temp\wjmfe0m.exe
O4 - HKCU\..\Run: [nuktcdbhisbkk7esbacaqeh77962l4gs] C:\DOCUME~1\TEST\LOCALS~1\Temp\vblw4mb87.exe
O4 - HKCU\..\Run: [z31qdgn19538xtwifap8i2wnh0] C:\DOCUME~1\TEST\LOCALS~1\Temp\cashny5.exe
O4 - HKCU\..\Run: [g3cddricahfz7m8zkvx6p3rjta9fng3atvije31] C:\DOCUME~1\TEST\LOCALS~1\Temp\yi1u17fan.exe
O4 - HKCU\..\Run: [s63qexdfkkzwu1bkxvaex9kgi2b966in4rlhxlu2r3j8k43] C:\DOCUME~1\TEST\LOCALS~1\Temp\zs6ssoglon.exe
O4 - HKCU\..\Run: [g9dw1dyf44c94qkc] C:\DOCUME~1\TEST\LOCALS~1\Temp\zt6gbx50s.exe
O4 - HKCU\..\Run: [v6gc49di15yogciydls1ucax3] C:\DOCUME~1\TEST\LOCALS~1\Temp\qcqgwvk.exe
O4 - HKCU\..\Run: [ec3sjyt0b] C:\DOCUME~1\TEST\LOCALS~1\Temp\fl9889ys61f.exe
O4 - HKCU\..\Run: [w6x6vfxzacaxwc12suxplqvrrq] C:\DOCUME~1\TEST\LOCALS~1\Temp\rb2ka0.exe
O4 - HKCU\..\Run: [ta1jq6cxrs2zh1rldnx8uf9zn01sqrmw] C:\DOCUME~1\TEST\LOCALS~1\Temp\sl7ii0n.exe
O4 - HKCU\..\Run: [expgwpx86v292znnw627nzu95hexm99kuk] C:\DOCUME~1\TEST\LOCALS~1\Temp\uawvusz8us2.exe
O4 - HKCU\..\Run: [yu6a3f67t1z46pnon25uf9lpm4fg5p9iz] C:\DOCUME~1\TEST\LOCALS~1\Temp\q21dhwmd7.exe
O4 - HKCU\..\Run: [wpvkfeg5xzcs0ok0mb5g549f2tc] C:\DOCUME~1\TEST\LOCALS~1\Temp\b93gdnc3a.exe
O4 - HKCU\..\Run: [w2xs4svh0cpld9zkwj5e4mnvuxi19eu8fi] C:\DOCUME~1\TEST\LOCALS~1\Temp\x7r6syairb6vi.exe
O4 - HKCU\..\Run: [vj4mq9wcihhcbyuqq] C:\DOCUME~1\TEST\LOCALS~1\Temp\ukmxo7g59.exe
O4 - HKCU\..\Run: [ts6txmg36y] C:\DOCUME~1\TEST\LOCALS~1\Temp\mlc1dtca.exe
O4 - HKCU\..\Run: [uuyid6z12deucvust1dz8su0nvfqsrnu1sejix] C:\DOCUME~1\TEST\LOCALS~1\Temp\h4autb3qfxe6s.exe
O4 - HKCU\..\Run: [l4soaoo7exg2ht934ismwt1u5a5kdqnjapelsno] C:\DOCUME~1\TEST\LOCALS~1\Temp\elrfa6.exe
O4 - HKCU\..\Run: [q3ydsow1qs2gugwit9plbe1gn54n4cakxqsdq5gclfn4p] C:\DOCUME~1\TEST\LOCALS~1\Temp\vycoh94q5sf.exe
O4 - HKCU\..\Run: [fm113bwh4tjvt92wd7t5b9t9ulb6agdbv6b0rw28qrundgy] C:\DOCUME~1\TEST\LOCALS~1\Temp\n51jk7y10b1.exe
O4 - HKCU\..\Run: [lha0itp15h97eypghy0t] C:\DOCUME~1\TEST\LOCALS~1\Temp\b9yxelgijcwdx.exe
O4 - HKCU\..\Run: [f97b6kkfncrauu9g2owyc0z7prjlo0x0htx6y8ftdb] C:\DOCUME~1\TEST\LOCALS~1\Temp\izqmwv3mi.exe
O4 - HKCU\..\Run: [tiibn0sx1oscb7] C:\DOCUME~1\TEST\LOCALS~1\Temp\xg73ql1t.exe
O4 - HKCU\..\Run: [rb1z2oxhfbag8tr3vnd9] C:\DOCUME~1\TEST\LOCALS~1\Temp\lkn03zjayq.exe
O4 - HKCU\..\Run: [yiiv7yrtf1vph5dskosxzbujudci89p4p7jp1iw47c7um508v] C:\DOCUME~1\TEST\LOCALS~1\Temp\l66ktgooy.exe
O4 - HKCU\..\Run: [e7dhp57f030] C:\DOCUME~1\TEST\LOCALS~1\Temp\ml7ieazpkel4.exe
O4 - HKCU\..\Run: [a8jh49bgwq2rzwois] C:\DOCUME~1\TEST\LOCALS~1\Temp\b8nqmct2tl84.exe
O4 - HKCU\..\Run: [ezlrmhbkk] C:\DOCUME~1\TEST\LOCALS~1\Temp\xt6sfw.exe
O4 - HKCU\..\Run: [vg8171hstvkv5wri94abmv2ryp3ko2rfsb0byb2an96f3akv] C:\DOCUME~1\TEST\LOCALS~1\Temp\vfj749k.exe
O4 - HKCU\..\Run: [uiaoofcdi0pj6qsc1n3evlma4bqc] C:\DOCUME~1\TEST\LOCALS~1\Temp\nx9btv.exe
O4 - HKCU\..\Run: [qq4t6mct517gvksaetd6yoae138igq56p] C:\DOCUME~1\TEST\LOCALS~1\Temp\eo11kz.exe
O4 - HKCU\..\Run: [gdatp3ohrg4eevibcqaf0snhsawj0dh3u] C:\DOCUME~1\TEST\LOCALS~1\Temp\xpug1na0.exe
O4 - HKCU\..\Run: [q7m2q1ohxsdob] C:\DOCUME~1\TEST\LOCALS~1\Temp\xqrn61k9mh.exe
O4 - HKCU\..\Run: [s18gha2u48w87gird92h7cs29of0r0j7d7bnn2lk0uxgj1lb] C:\DOCUME~1\TEST\LOCALS~1\Temp\lt7dh6wb15ft0.exe
O4 - HKCU\..\Run: [wbazb79d2hpbak5mlm] C:\DOCUME~1\TEST\LOCALS~1\Temp\q98tzxp4ycpae.exe
O4 - HKCU\..\Run: [ii0w89x49afd91mqoon843dnyxfxe3yvxa4zrezmg] C:\DOCUME~1\TEST\LOCALS~1\Temp\jfks6j.exe
O4 - HKCU\..\Run: [nmuhwswqtr4j0vqchqsalq49p1qws42l2g8blmr21u] C:\DOCUME~1\TEST\LOCALS~1\Temp\jbifzb.exe
O4 - HKCU\..\Run: [dyo6p4xjjcy] C:\DOCUME~1\TEST\LOCALS~1\Temp\ov48oa.exe
O4 - HKCU\..\Run: [y7ljrxjxyk3jy6blldivtxh3zok5es75u6itpty28wtx] C:\DOCUME~1\TEST\LOCALS~1\Temp\n0dxc7e2.exe
O4 - HKCU\..\Run: [bt3qrd6j6vjhnk0oa52drhwyxfaq7hpppfir6bp50vygzv] C:\DOCUME~1\TEST\LOCALS~1\Temp\ermn3u27.exe
O4 - HKCU\..\Run: [hae83krkgaw7] C:\DOCUME~1\TEST\LOCALS~1\Temp\uamthgltex2.exe
O4 - HKCU\..\Run: [x570bygcroqd6ekhjtg177q4ton2fw6mhe998jitmi18r7gtev] C:\DOCUME~1\TEST\LOCALS~1\Temp\f37gif26fq.exe
O4 - HKCU\..\Run: [izxwm38l3vq8oupqcij71886lxas69y2dbuactuw3] C:\DOCUME~1\TEST\LOCALS~1\Temp\msnzit9.exe
O4 - HKCU\..\Run: [o270cgv8ppmc8d4nyocc82y4f385kmxhjxoc219a89] C:\DOCUME~1\TEST\LOCALS~1\Temp\uwcxf6oaj2t2.exe
O4 - HKCU\..\Run: [gd8n8byl16a] C:\DOCUME~1\TEST\LOCALS~1\Temp\lxs6jr.exe
O4 - HKCU\..\Run: [pluls79hivv3ikd6] C:\DOCUME~1\TEST\LOCALS~1\Temp\ljia27y.exe
O4 - HKCU\..\Run: [miu1ud3286zii5oqmss] C:\DOCUME~1\TEST\LOCALS~1\Temp\i44nntcyrfy1.exe
O4 - HKCU\..\Run: [p1phmt1sn91] C:\DOCUME~1\TEST\LOCALS~1\Temp\ca3g427e6avw3.exe
O4 - HKCU\..\Run: [ib01enp3urjht] C:\DOCUME~1\TEST\LOCALS~1\Temp\g5v8r3lo.exe
O4 - HKCU\..\Run: [drxlth78q3dsm9tzlotsrsq5lyuk0inotk62h4brxr87z] C:\DOCUME~1\TEST\LOCALS~1\Temp\uoe8xunh6.exe
O4 - HKCU\..\Run: [hbrxz7uywz5f9b] C:\DOCUME~1\TEST\LOCALS~1\Temp\nqouxrz1bg.exe
O4 - HKCU\..\Run: [kfryhq1ahc0zmwu7eycv33yexfvb478c2oik80ddql] C:\DOCUME~1\TEST\LOCALS~1\Temp\fwxicuj3.exe
O4 - HKCU\..\Run: [ksl3j29b8c7jrrqyng9ifbyp60xrto77orf1sfultxlce] C:\DOCUME~1\TEST\LOCALS~1\Temp\spot14w7zke44.exe
O4 - HKCU\..\Run: [vg787qtdjh] C:\DOCUME~1\TEST\LOCALS~1\Temp\oaocuo0.exe
O4 - HKCU\..\Run: [haiigcc1mved10ou3vcd6omy1ynui0dagolmxdwgsg0] C:\DOCUME~1\TEST\LOCALS~1\Temp\icrcfmf7i5lbu.exe
O4 - HKCU\..\Run: [asbmuml26w5z43ta79qhrhdhpawjr9vg02zmjxun9] C:\DOCUME~1\TEST\LOCALS~1\Temp\fyuwjyzra.exe
O4 - HKCU\..\Run: [ffg2xm619i7rnn45b7nngc] C:\DOCUME~1\TEST\LOCALS~1\Temp\bznb0350kv8.exe
O4 - HKCU\..\Run: [gaalpl22p6l6q1sxiwc0da2srvavyy6dupcb84] C:\DOCUME~1\TEST\LOCALS~1\Temp\gy8srhddn.exe
O4 - HKCU\..\Run: [awd118vq1h4jiv] C:\DOCUME~1\TEST\LOCALS~1\Temp\i4anxaeem1.exe
O4 - HKCU\..\Run: [j906vslhr0lmwezn4o] C:\DOCUME~1\TEST\LOCALS~1\Temp\xla4r0clj.exe
O4 - HKCU\..\Run: [r24h2j7y98fvnwgkf42eogjzaa0b5nfmegbkfyjqo38lfmyc] C:\DOCUME~1\TEST\LOCALS~1\Temp\euc9zsneb1s.exe
O4 - HKCU\..\Run: [hvzu5s86l4ht8nz7dju9e] C:\DOCUME~1\TEST\LOCALS~1\Temp\n863c02.exe
O4 - HKCU\..\Run: [kte6odq5ce083ndogkblqkxlkgr9mc] C:\DOCUME~1\TEST\LOCALS~1\Temp\gvp5c46n5d.exe
O4 - HKCU\..\Run: [bwy4vtxn8yiws27wziyjkjglg18ezw6zys5l01vu9wi] C:\DOCUME~1\TEST\LOCALS~1\Temp\xrtvj76.exe
O4 - HKCU\..\Run: [uhdssw4yg9mc27vxe24lcw0xa] C:\DOCUME~1\TEST\LOCALS~1\Temp\b1rqhp.exe
O4 - HKCU\..\Run: [xyv9k1ovwn] C:\DOCUME~1\TEST\LOCALS~1\Temp\xivzi5g66w8bq.exe
O4 - HKCU\..\Run: [o5eorh4pnybs4kyqop359pmdsdn0jv3j75ihxpx505y] C:\DOCUME~1\TEST\LOCALS~1\Temp\u8kwqk.exe
O4 - HKCU\..\Run: [mk1b0aibfbk4ba8x7a] C:\DOCUME~1\TEST\LOCALS~1\Temp\jly0z7ye.exe
O4 - HKCU\..\Run: [a3liafdv7nj2ei9nxrt5] C:\DOCUME~1\TEST\LOCALS~1\Temp\v9kxnhf4zes.exe
O4 - HKCU\..\Run: [wxfn17ov4loa7ndydb2sjvl] C:\DOCUME~1\TEST\LOCALS~1\Temp\b87oea.exe
O4 - HKCU\..\Run: [qm41reu6y0ewvfk7on3f6bj6ugk1k42t4sr076wujg45d] C:\DOCUME~1\TEST\LOCALS~1\Temp\ngt94t52.exe
O4 - HKCU\..\Run: [fmheoj7r7wti0ii2pq0fqu8b0sp0313anvrsmr7tn] C:\DOCUME~1\TEST\LOCALS~1\Temp\kdapjfhf7m.exe
O4 - HKCU\..\Run: [loy8lc64pczj61i386qpuz3tqf5o0wh3t7nc2ew5gl5eq5m] C:\DOCUME~1\TEST\LOCALS~1\Temp\f32xjw.exe
O4 - HKCU\..\Run: [hraxgg9atqljhsz7khzmnr0] C:\DOCUME~1\TEST\LOCALS~1\Temp\da18tcolc4tz.exe
O4 - HKCU\..\Run: [gqqdtc4b6henpv3ryy4sxto] C:\DOCUME~1\TEST\LOCALS~1\Temp\txkatk1.exe
O4 - HKCU\..\Run: [bijben75hu8erqfxx8vblpewpddnya2xcm] C:\DOCUME~1\TEST\LOCALS~1\Temp\rxe59vaf3.exe
O4 - HKCU\..\Run: [cwxlbvgyuo23tvykoyinu5tcia8k0en] C:\DOCUME~1\TEST\LOCALS~1\Temp\b1xq86guczxr.exe
O4 - HKCU\..\Run: [tk0t0j3udemj34] C:\DOCUME~1\TEST\LOCALS~1\Temp\cb2oz605dtsfk.exe
O4 - HKCU\..\Run: [erqpnksns9fdf08it6jewb2iohh762z8lnm] C:\DOCUME~1\TEST\LOCALS~1\Temp\z27scgpk.exe
O4 - HKCU\..\Run: [ce4v1aodommqvinrlc8f0m8ugwxo7zt8px5ksxuayb2khlcg8r] C:\DOCUME~1\TEST\LOCALS~1\Temp\o670ywhkpvmuo.exe
O4 - HKCU\..\Run: [k7os8115bd1hvu6i0kt4y3hdlbrrn2vvruvqfsd0] C:\DOCUME~1\TEST\LOCALS~1\Temp\gs5h4qenih.exe
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [aiilkmuc3y] C:\DOCUME~1\TEST\LOCALS~1\Temp\wsywe19ly2ee.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [i9h29niu67kjogpc57ej5v7tg] C:\DOCUME~1\TEST\LOCALS~1\Temp\du9kgp1b54uq.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [skh34aa24ww2vzgyqmy] C:\DOCUME~1\TEST\LOCALS~1\Temp\wjcezs.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o4upjgbb2a0u0k5scpjud820wpt30gktew0zfr883eg8qtjc5] C:\DOCUME~1\TEST\LOCALS~1\Temp\angiwk1p5q7h0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [z0pi0vpsnurw3di5pvf8dwk5bhsafxq6rkl63] C:\DOCUME~1\TEST\LOCALS~1\Temp\ouchkuchwod.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xxlcmw1s2cyqqe7fw8pkftybkpqgbgyo] C:\DOCUME~1\TEST\LOCALS~1\Temp\t1gmxjc.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o0lsithb50] C:\DOCUME~1\TEST\LOCALS~1\Temp\bcyhjbntvf.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [selc00nmvzq5vsrhcgws] C:\DOCUME~1\TEST\LOCALS~1\Temp\er1lppun27i.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lxw21vctobqsmcx8bkugh] C:\DOCUME~1\TEST\LOCALS~1\Temp\zgn6jyoz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xwgxqnsup] C:\DOCUME~1\TEST\LOCALS~1\Temp\ot1asl816x.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o31xwpayfzoridi83f4d6yvef] C:\DOCUME~1\TEST\LOCALS~1\Temp\i8kgjb.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [jv8qvzhzud5lgmltdpcq5zeh92i9vtsiqhvnk6q] C:\DOCUME~1\TEST\LOCALS~1\Temp\v6escgz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [y5sa5kjd0wxn3snew7k5bcmqaymdac3bxi1fd4t5vc5pr] C:\DOCUME~1\TEST\LOCALS~1\Temp\chjx9dwcsf.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [uqoyw03n33otf] C:\DOCUME~1\TEST\LOCALS~1\Temp\jgqzs8qo.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [p6uhe0lidnmyjwbb7l] C:\DOCUME~1\TEST\LOCALS~1\Temp\j9g1m4.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [btldyrtc4f1iim] C:\DOCUME~1\TEST\LOCALS~1\Temp\c7uuuxhuuv6k.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [knla9o6ubc2eari8ba3s98a98x8bl] C:\DOCUME~1\TEST\LOCALS~1\Temp\lpd253bc2sk.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vtpw3qzyfirujw3] C:\DOCUME~1\TEST\LOCALS~1\Temp\m8mdomnby8arl.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qbqf8vj34z991k0] C:\DOCUME~1\TEST\LOCALS~1\Temp\d1hx37mkb4.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qeohi8hjv] C:\DOCUME~1\TEST\LOCALS~1\Temp\tzlp3d7xi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [v36pc9buqyvusj7zi] C:\DOCUME~1\TEST\LOCALS~1\Temp\vat55m7n55wi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o0qeix79h27w87ze9dvtc4txryk4p6igd1gufu9m9tyby1] C:\DOCUME~1\TEST\LOCALS~1\Temp\u7bp4pk8r7gmy.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [szll7b9ewguqsds5v174oadlm] C:\DOCUME~1\TEST\LOCALS~1\Temp\jgy7uu2s8.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [umt41b1tq] C:\DOCUME~1\TEST\LOCALS~1\Temp\ejxzyhx9irxi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [k28106k45djwxriuvyviws7vs42tl4a3cd] C:\DOCUME~1\TEST\LOCALS~1\Temp\dok7nyp1e8tv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [yqj8t7w80417cgyg9pjj54t0wvyzbxlcpoarb30pjkptzylcp] C:\DOCUME~1\TEST\LOCALS~1\Temp\ukoxbk69w.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bvt9txhzqdwrpqkz0at9yeqyr1] C:\DOCUME~1\TEST\LOCALS~1\Temp\etq2jc06e4he.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [khki4srwh3vq] C:\DOCUME~1\TEST\LOCALS~1\Temp\w24lhno.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ba7vfz2yjd6oh0t5eyuvcwjs5tqj0vjgqqrcri0clk] C:\DOCUME~1\TEST\LOCALS~1\Temp\oq97k8tacchl.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wu7781irzol3eonvywxganut] C:\DOCUME~1\TEST\LOCALS~1\Temp\vuzct1sjb.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [m73wu08l51moahhhrhx2vivd] C:\DOCUME~1\TEST\LOCALS~1\Temp\u30uh1nbr03.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [t49gc3j216ixh7hf4er5f7b] C:\DOCUME~1\TEST\LOCALS~1\Temp\n0ayh3x.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vt7427vkmmke7rurbzawq536zffga7s2ncs3pa2t1p0j6] C:\DOCUME~1\TEST\LOCALS~1\Temp\i6c2mool1lu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ddgik3ywjut] C:\DOCUME~1\TEST\LOCALS~1\Temp\n3ek0fv8x.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [t6niysgapxiouef7jdod8mxw5o74t2b] C:\DOCUME~1\TEST\LOCALS~1\Temp\j6ld57hke1kw.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [p0r8aygcrcwd0qqn85mfh2ghbz7s3ql6lod2s902dmlgj9g] C:\DOCUME~1\TEST\LOCALS~1\Temp\v94e8ek5uj.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zb5uld9h23yd1zrtn2ucgrn39j7jw4q15pzqclvt8lxgf4a5] C:\DOCUME~1\TEST\LOCALS~1\Temp\zn34gj91.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ta7u3babit2wuihayyajxxolh4zpb1sl0z6c17pylt] C:\DOCUME~1\TEST\LOCALS~1\Temp\kfr3xdudnnlpo.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gkif5jy72x0bo8ufwpfes8rhcgo5janfa17] C:\DOCUME~1\TEST\LOCALS~1\Temp\lzrluav5hn.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vq34a1oumhbn6n] C:\DOCUME~1\TEST\LOCALS~1\Temp\le07xnh.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [uvdx1sknix4jkkd8qsexoxsw20l1dkrkachkp8] C:\DOCUME~1\TEST\LOCALS~1\Temp\k6z769641.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w5u83737vd88m53w68h877nyhl94tqqhsigae2c] C:\DOCUME~1\TEST\LOCALS~1\Temp\gio0zs.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mmzx0qrf4cq6l83n5l9kml5qr2] C:\DOCUME~1\TEST\LOCALS~1\Temp\sbchdje6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [k1a4uww9l] C:\DOCUME~1\TEST\LOCALS~1\Temp\fzl67q1jn0n.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [muuksdmzoas8] C:\DOCUME~1\TEST\LOCALS~1\Temp\fu96rr.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cgd8phufrtkiv0slxfz9amzyjzge8jum] C:\DOCUME~1\TEST\LOCALS~1\Temp\qzwbxdpn5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [iib9zf38334njih] C:\DOCUME~1\TEST\LOCALS~1\Temp\g3zubc8n7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zzw66wcizpyd6k] C:\DOCUME~1\TEST\LOCALS~1\Temp\za8j6cay347d.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [jzxe2hc35jdv03w583me8hv] C:\DOCUME~1\TEST\LOCALS~1\Temp\f8f3sr31pg2e0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xiv6psriqihvha0fbmt] C:\DOCUME~1\TEST\LOCALS~1\Temp\dk7u1al.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [tgo3rmbczdfy] C:\DOCUME~1\TEST\LOCALS~1\Temp\k9jve6ype.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [t775x2lhude0imgnpo2avnhcbptnpr7mlcmb9cay0vxglg] C:\DOCUME~1\TEST\LOCALS~1\Temp\jzexnpet.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [m0t8229m1j9zopfzha6u] C:\DOCUME~1\TEST\LOCALS~1\Temp\jes123joz03.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [tmoa90f04hydv11qvrjrx9fa9dufg31c3d6xlpgkenjrn] C:\DOCUME~1\TEST\LOCALS~1\Temp\kogzt33zlkcn.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [g6cyg9cgvyb2yjgp] C:\DOCUME~1\TEST\LOCALS~1\Temp\mo64rj0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hlz9tl2eho99i5g] C:\DOCUME~1\TEST\LOCALS~1\Temp\kcnhxiwzfe2.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [opxjucw6dy7pe7dsvza2bibmxl8ndqah6od9oi657] C:\DOCUME~1\TEST\LOCALS~1\Temp\dkwubrnpw405j.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [m01yrbjfcv4u425if37a5of63x7r1cn3k4q3pn7u] C:\DOCUME~1\TEST\LOCALS~1\Temp\ygkvrwegffcy3.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bomcll8rahht3ifi1tunsv718dx57l0dsm26bop] C:\DOCUME~1\TEST\LOCALS~1\Temp\nyhj90.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [h8eylpzhxn4e] C:\DOCUME~1\TEST\LOCALS~1\Temp\b5c2c90bkay6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qor45cl5wxckk] C:\DOCUME~1\TEST\LOCALS~1\Temp\glt1gmx.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ro2f2enagqwp5r] C:\DOCUME~1\TEST\LOCALS~1\Temp\tf2w0zrk40.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ym6dnbf5am] C:\DOCUME~1\TEST\LOCALS~1\Temp\bsi8cw9hx9.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [msbvj7jf8tzf3zru9mma22ivszz1o2] C:\DOCUME~1\TEST\LOCALS~1\Temp\o2a626.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [z0up7h7nldhjnqty] C:\DOCUME~1\TEST\LOCALS~1\Temp\qciy2p74bz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [q2sicp3hjnghymkvq3f6h] C:\DOCUME~1\TEST\LOCALS~1\Temp\a4wjhzpmdn.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rptpf411k3pxq55l09s8hoj] C:\DOCUME~1\TEST\LOCALS~1\Temp\der3nf.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [n28yxmygtg66i53hfdi77jk18cg37l55fegb8pvxhypw] C:\DOCUME~1\TEST\LOCALS~1\Temp\srm7f295.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [f6yv1xn3gcxv3bbp4derqvuemu9t0yrpe5pqcxoopk] C:\DOCUME~1\TEST\LOCALS~1\Temp\ybvbry77.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lj8rcw17zlwdoexkom2b4wlf2f2szsr2zcrwx1o1gonj7t] C:\DOCUME~1\TEST\LOCALS~1\Temp\dacavu498cm.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [i050iejvvu0cscabmswl556z8r2x1mdklxzh] C:\DOCUME~1\TEST\LOCALS~1\Temp\ca2wta.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [x4i83cbtt3elfeteuokoz2nogyizdm4kt] C:\DOCUME~1\TEST\LOCALS~1\Temp\q8z2vh8m02.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w1eio9434cfjgzsmrp75twu1ayx7dnjnn6r483] C:\DOCUME~1\TEST\LOCALS~1\Temp\ayj9z9xsnw.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [v47p86zt1f4v0c842rzu5nr0prcc265hoymcwnsbuxydh] C:\DOCUME~1\TEST\LOCALS~1\Temp\uw0dg4y1trj.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o1szivcknqwcf3e3w5vtcy5] C:\DOCUME~1\TEST\LOCALS~1\Temp\au7g2jalf3v0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ymf3ff0f4mupexuc7iz7oiktj7clkyhxcbq33jkm] C:\DOCUME~1\TEST\LOCALS~1\Temp\mxqh5qd6vl.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [yffrjvn4v2xdd9h6jeng1uo5] C:\DOCUME~1\TEST\LOCALS~1\Temp\idxj1s5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [spas6ckun93r81vh7tfb6o9anim6j1x6yy4z0jet5ep] C:\DOCUME~1\TEST\LOCALS~1\Temp\l9bnxpvtfc.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [k2h34uolifjw70tdjl5947bkuqv8qn] C:\DOCUME~1\TEST\LOCALS~1\Temp\pynoalny7ri0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [kots4y3no9h5yh8k653rz46g5bjxlf226] C:\DOCUME~1\TEST\LOCALS~1\Temp\ealledxrl9vw.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wkda8zp6gtem19r1shkimkmyircb5a56oxov1z] C:\DOCUME~1\TEST\LOCALS~1\Temp\aqs4afpay.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [iwcu9f9afabrcjtvfjaj6ul53hjr2opbw8nlaqifat1821ix] C:\DOCUME~1\TEST\LOCALS~1\Temp\bivv55lo690cs.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [a4lg0y4k48xii2y8n5wsab8eci8d7eh3nsylbcrvyhsma] C:\DOCUME~1\TEST\LOCALS~1\Temp\h2ewuzi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [obhd307j2tm92bx0l9t] C:\DOCUME~1\TEST\LOCALS~1\Temp\q3ui9b3fgm.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rhud8tvzz592u7rk6yw4jrvc55fzx7putb] C:\DOCUME~1\TEST\LOCALS~1\Temp\lqajf942p741x.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [undhqf70al5pj2cqq5evnl9qjq2i92ewdbl7s5r4rxsmt57ae] C:\DOCUME~1\TEST\LOCALS~1\Temp\p92uysg.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [y704e67nz7bunqwm4cu3cr9j7cpjwjwe4x] C:\DOCUME~1\TEST\LOCALS~1\Temp\n88k23q.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [dlnmh96rl5n6nn82e4ugig87vcwv] C:\DOCUME~1\TEST\LOCALS~1\Temp\un7fq1voe.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [yo738aohaeyal6p] C:\DOCUME~1\TEST\LOCALS~1\Temp\h4nawsf5erc.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qhm6o19dj1gw] C:\DOCUME~1\TEST\LOCALS~1\Temp\smf3o59o.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vdm352kd5p9lpcqa69ek1pferw1jwkh282f46248fr3f] C:\DOCUME~1\TEST\LOCALS~1\Temp\wcg9014i2kg.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [duzugpn2cjumvbdjtoiap168wmqg4iq46c40iz080] C:\DOCUME~1\TEST\LOCALS~1\Temp\h0oc69doj.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [e379z92hqmh1esmiayl1hcymvdvqju864iu741ciogz] C:\DOCUME~1\TEST\LOCALS~1\Temp\v0i6cxriqb.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rg2zj38raeu886ij1mf] C:\DOCUME~1\TEST\LOCALS~1\Temp\d8xc5p.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hkiazb7oanic93a51hne0q6e7] C:\DOCUME~1\TEST\LOCALS~1\Temp\oaxvbzz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ctfxnsw3w8] C:\DOCUME~1\TEST\LOCALS~1\Temp\at79jalpuqnin.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [tecr1w93m60c41pt455] C:\DOCUME~1\TEST\LOCALS~1\Temp\wf6i0pzkc.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [suq1io9ulh3vcf8n] C:\DOCUME~1\TEST\LOCALS~1\Temp\v51k98f9.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vow8ax8s4uke0umwqtwehuiin] C:\DOCUME~1\TEST\LOCALS~1\Temp\rbujguqbv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wix010yqnk483gb] C:\DOCUME~1\TEST\LOCALS~1\Temp\dsuja3oi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ocklm9z7gamhow72h68lq44qrvne7] C:\DOCUME~1\TEST\LOCALS~1\Temp\p65u6skec6fa.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [h5r8lhwkd2ulio] C:\DOCUME~1\TEST\LOCALS~1\Temp\trezyl24b.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fsilfnth3qfumczchru] C:\DOCUME~1\TEST\LOCALS~1\Temp\i8vgsb0b.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xf0ixnamiwnl377x6dmwv8thfn09d196roc0umldpaf4c032s] C:\DOCUME~1\TEST\LOCALS~1\Temp\p1ratg.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ci1ojysrj] C:\DOCUME~1\TEST\LOCALS~1\Temp\a3rtz7n.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zvhtrl6iekwfx4jjl8m0mkrzv1r9w46rwogkdi4urjv] C:\DOCUME~1\TEST\LOCALS~1\Temp\wefsmbrrvcbzs.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [k9oj4iseaziw9t0a7p7t7huh2w1v0qdpzo64i1u23xaebv9w2b] C:\DOCUME~1\TEST\LOCALS~1\Temp\rh2az1m3up1i4.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [c1fxuitoqf8mtdmwx35vu9udcb53r936au717kc1bl5o35xr] C:\DOCUME~1\TEST\LOCALS~1\Temp\da7rws8.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zvjw6fbnw319lxezs1mhg4b8xlub4gt6pghojxai2wewlek] C:\DOCUME~1\TEST\LOCALS~1\Temp\sr78qi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mxetmv5j0pvqbee9hvvi7t2y29sw40gou] C:\DOCUME~1\TEST\LOCALS~1\Temp\c5ldvstag7omo.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [phk6n0np9f] C:\DOCUME~1\TEST\LOCALS~1\Temp\s12swynvop.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [jjp7d3aupi7lw581kcwdm1mms19hag9w36k6] C:\DOCUME~1\TEST\LOCALS~1\Temp\n74w12.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lmavpwia1bf4lj32xryrdnyvwec9ge32z] C:\DOCUME~1\TEST\LOCALS~1\Temp\k9etfn2jxwvtn.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fdebyhvn1nnytrujqjeujyo4x8i43asv038bcqa7pmlaz7] C:\DOCUME~1\TEST\LOCALS~1\Temp\guxv8o6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [u9z9q8ag5s1yrjv99mh6z6vu9mrpmd7f46qoqn5] C:\DOCUME~1\TEST\LOCALS~1\Temp\h42tz5qg.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [dl28mbv4lwybhha] C:\DOCUME~1\TEST\LOCALS~1\Temp\ylsfru4ttk.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ybzi0vdo0b656vugphb62pxkf] C:\DOCUME~1\TEST\LOCALS~1\Temp\snlc5fs97.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [px2uo1wo1mi8qhnm0jq9wako8t3e98vuvifeffq9w] C:\DOCUME~1\TEST\LOCALS~1\Temp\rwgeey8y.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [y22ie07cxpqz6] C:\DOCUME~1\TEST\LOCALS~1\Temp\oy9usjf.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ade9qcialfxjgd4yjecni6s1oxfr2cwqqb] C:\DOCUME~1\TEST\LOCALS~1\Temp\lmuzqlcgnku.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hpr588yprjt35impdsnxzxemofca0x170cw252bjdvx7] C:\DOCUME~1\TEST\LOCALS~1\Temp\mxcgr4gafh.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vri2ej3vu91o7ja8k7y1i412a] C:\DOCUME~1\TEST\LOCALS~1\Temp\vt2hw3910fig.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [s6c33vgt2evnw1ml6wqpcutd] C:\DOCUME~1\TEST\LOCALS~1\Temp\m3k8ngm0lc.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lgiaifolczp28nciszx9qazkt11ut10x82a] C:\DOCUME~1\TEST\LOCALS~1\Temp\rdlxdh4jx644.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cm74a8u3nd26wznha13wmx8e3tfmy60iwati2z] C:\DOCUME~1\TEST\LOCALS~1\Temp\ca9g3syz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [s408zi0tokphbk] C:\DOCUME~1\TEST\LOCALS~1\Temp\v7gizu5s3chnl.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [e7mrzp3aggm3j51g8jwa5npryvuz3llqjy32lqlt3x5cze] C:\DOCUME~1\TEST\LOCALS~1\Temp\nyb2z0kg.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [auw5b6e3w] C:\DOCUME~1\TEST\LOCALS~1\Temp\br65bq3qpogkt.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o3bpf56bp1qe6osj2irfp6ndh82nebd5pga937pkb2y] C:\DOCUME~1\TEST\LOCALS~1\Temp\bfi5rpftiu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xkd8spzp71b7yqxrik9zqlode34ggf35ay] C:\DOCUME~1\TEST\LOCALS~1\Temp\i0rajix.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [goh83cif87g9977yx6a3rog6vd9k1apr69vu646ci7bue6j] C:\DOCUME~1\TEST\LOCALS~1\Temp\egycf3plu02s.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bk7flu49c27vhglajhdc8hlnpc6zmfo38j5swz] C:\DOCUME~1\TEST\LOCALS~1\Temp\tttgoq.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zpycqbf4pluivkxnduh47j953nal9n08dibx9wpxgyi1p] C:\DOCUME~1\TEST\LOCALS~1\Temp\evczbhb.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [g1ycm7a6d918j2uvsnoa4dqufembqu] C:\DOCUME~1\TEST\LOCALS~1\Temp\h57j0xbxzv7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w6pl6x5n0shdut709u7vtvkxv0czyn53lt6fpjlsn065km] C:\DOCUME~1\TEST\LOCALS~1\Temp\ehvjky.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [y0vu2a1qhy538xky] C:\DOCUME~1\TEST\LOCALS~1\Temp\znxnpj72ip.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wco7n3olj34gw5x8qxq88tduoh4pj9w] C:\DOCUME~1\TEST\LOCALS~1\Temp\jag8odd0r7pf7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xassiwp92t9ht2qig78pyfiwdvcphscnx2xxkadmuddxlv22cz] C:\DOCUME~1\TEST\LOCALS~1\Temp\oqxo9qan.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mk9ojaawk0079qfkkl8mz891g20svlw] C:\DOCUME~1\TEST\LOCALS~1\Temp\dhspsfpbov0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cjop2ydgstws] C:\DOCUME~1\TEST\LOCALS~1\Temp\zsg7f0cgi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w0vp2p45m4qpvnlpstgfvnxclwgy7r94svxkrxmh82wysy7hi1] C:\DOCUME~1\TEST\LOCALS~1\Temp\ysdwny.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zyfhwoszdeyyncfz8otumx1ic8qbeau9qgvvnbr] C:\DOCUME~1\TEST\LOCALS~1\Temp\u31va28ldpid.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wjw0ku6kn6rgfudzssymgfi] C:\DOCUME~1\TEST\LOCALS~1\Temp\rfpvd3w.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zrk0zhnving] C:\DOCUME~1\TEST\LOCALS~1\Temp\udwyzip2.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [anfi2ovq9pnkqtee4060] C:\DOCUME~1\TEST\LOCALS~1\Temp\i6r1b88clj0ih.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zvko665ci4obhvjdqyzisgdqt83lfx4tpukb] C:\DOCUME~1\TEST\LOCALS~1\Temp\frkyptfsg7oy.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mpe1rvngy1ap4dv7rjl0kfe] C:\DOCUME~1\TEST\LOCALS~1\Temp\u4y2yg.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [kdjgu36wvzyktilbbnf7sbeoxv7lm662xp] C:\DOCUME~1\TEST\LOCALS~1\Temp\h8b50sqb7l7gw.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [i4mza6tq8yj4c015godn1] C:\DOCUME~1\TEST\LOCALS~1\Temp\zv1tyvau9ft.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mod7fjsqno] C:\DOCUME~1\TEST\LOCALS~1\Temp\wgu9c17ov7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fgs73epbngzweof1on1c8sjxblb9u1i7q] C:\DOCUME~1\TEST\LOCALS~1\Temp\wqptid.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [poccw1e4futgs] C:\DOCUME~1\TEST\LOCALS~1\Temp\snwvvyqatmn.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [a2ad7hqpb69erikaejvet6i7hdqnxuo4fatvf6xg] C:\DOCUME~1\TEST\LOCALS~1\Temp\kerwe4.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [s3gh321c33brsmpw8ib92nbmwj9070oeeomcv3] C:\DOCUME~1\TEST\LOCALS~1\Temp\ckt0jpwpea.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rgkii1kgzqq971m3] C:\DOCUME~1\TEST\LOCALS~1\Temp\yvhi6tjf.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [uoszxjbtsuax5s65kzumnd0o8m8mpisq4g50wynr31a] C:\DOCUME~1\TEST\LOCALS~1\Temp\jvolm2ey1g9.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [szzjo936s7j] C:\DOCUME~1\TEST\LOCALS~1\Temp\i0xaaizicsamx.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [e0qgv3g9wlf1qcwpzee6m4m5hvoyb1eyp0rvzk7clswk09jc] C:\DOCUME~1\TEST\LOCALS~1\Temp\xhxrn8xp9arv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [muh025a2h60tr0fxp620b3vgsnnjgfyhx0qmd6luefhqau] C:\DOCUME~1\TEST\LOCALS~1\Temp\m3q8xx7z.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ry9xmax7clbq6ph6hlfqf1taf22r] C:\DOCUME~1\TEST\LOCALS~1\Temp\ku57crg8.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ns1gn0atswkono9jtqwebhn1lyu8t5y2eelaqcinibsi458t] C:\DOCUME~1\TEST\LOCALS~1\Temp\dm09sdfo.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vx8c00nuz686m2kh2v2mta83n6zv979m6e7vyfqwt8k2ktsw] C:\DOCUME~1\TEST\LOCALS~1\Temp\yn0tohiivhq7v.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [q6ut4satezjfst46x6epffgz5y3rf] C:\DOCUME~1\TEST\LOCALS~1\Temp\zoavsrrr7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [nfw7dzchq4igfh3yxrni1ohffg3g7eyvczl5wa] C:\DOCUME~1\TEST\LOCALS~1\Temp\ddmd5n4muov.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lojhfpuj2ofh5nd5t1qgrkvh6ejv4h26xgmw6q] C:\DOCUME~1\TEST\LOCALS~1\Temp\ayftj8bj8c.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bozt1lckdw2] C:\DOCUME~1\TEST\LOCALS~1\Temp\v9txlbvddi3.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gti7p4llrj4dm8v06z1lhdpb6] C:\DOCUME~1\TEST\LOCALS~1\Temp\vvchu90rdi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zs1je02yeoefn7x38jt6xftw2j7kaoabe2bcnrjmuvnz] C:\DOCUME~1\TEST\LOCALS~1\Temp\di5gv490uo.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hpdhrvux7ibasf928kxhmmargnb827oi] C:\DOCUME~1\TEST\LOCALS~1\Temp\gxc00j2kg09.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [j8kcji0gxjdzfoct5] C:\DOCUME~1\TEST\LOCALS~1\Temp\w5hfl9k2ecl.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [eggfkh5wzdz7yscb] C:\DOCUME~1\TEST\LOCALS~1\Temp\o1zzax9u2kshu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zasqn8jt4tn7vbtz2kr73pj8q] C:\DOCUME~1\TEST\LOCALS~1\Temp\lr4flhsdq.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vqz6ldu639l3t4a7u018lqkuquevox3bug3ki939xzr4sqed] C:\DOCUME~1\TEST\LOCALS~1\Temp\sqb0ntm.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [l9px6luuy5ssbceq4hjnp3o826s] C:\DOCUME~1\TEST\LOCALS~1\Temp\uq1m2sn4vt.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [c8kyctoqwa31ee0vq8imsg8egil02s3tjbyyg26nn] C:\DOCUME~1\TEST\LOCALS~1\Temp\kr1lcf.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w558hryk7z1lgxa2ht93upr0lxlx60k3ysvngz9nvqsk] C:\DOCUME~1\TEST\LOCALS~1\Temp\yqffxcvx8.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ddfxqxri9cw56qsidido7n0klg2o3koojvk6obc7] C:\DOCUME~1\TEST\LOCALS~1\Temp\qbr8ob.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gyfnseiif9b] C:\DOCUME~1\TEST\LOCALS~1\Temp\ypyre3p1nr.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [usk0p9aajkya9z] C:\DOCUME~1\TEST\LOCALS~1\Temp\jy3qzno.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [dbmnkbrnqkuydfag] C:\DOCUME~1\TEST\LOCALS~1\Temp\c4fpl2lf.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [nwhvkydxxriwtwjsplaw4lz07stdj5zf8gbsu1z9] C:\DOCUME~1\TEST\LOCALS~1\Temp\iy0wmejuw9j7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [d0v0reca8jh50syyx4usjsziv3klhctjo32wxflwu0bwqm75pg] C:\DOCUME~1\TEST\LOCALS~1\Temp\ms7x0z3jxas.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [m2fix4j6wl1fm4a4rjzzf5a48jryyktgjom] C:\DOCUME~1\TEST\LOCALS~1\Temp\pc44k4zkorvnv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lc4w2v2ax8v23o3vd] C:\DOCUME~1\TEST\LOCALS~1\Temp\w6smdioi43op.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cgt9buiwygkhs0e7qw6jcey9iw4u5xe5144fnt3sqdhp] C:\DOCUME~1\TEST\LOCALS~1\Temp\m291v7ikv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [g5k0zyee8o1va] C:\DOCUME~1\TEST\LOCALS~1\Temp\wbb63zcwn3b.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fewbtgklcqa3pu3yqgudq] C:\DOCUME~1\TEST\LOCALS~1\Temp\sm36d2ac50we.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ty8gpefgs5g33jg59285ts8h8eqbjxy1qlgakdo] C:\DOCUME~1\TEST\LOCALS~1\Temp\epiptr2.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [neclxu9xekr37t2lbvuuyc72r9s0pnxesjkn9eojyf] C:\DOCUME~1\TEST\LOCALS~1\Temp\lopacmwydaoci.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [pjkaomq7dirmimxbkkn6q0e1v4dtuc5cm] C:\DOCUME~1\TEST\LOCALS~1\Temp\oyku12df6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [otdb7jt187xt8q05aq0l] C:\DOCUME~1\TEST\LOCALS~1\Temp\us5knlplpnlgn.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ff9qpvi7ypt1wuhfbtveg0qglhbycnbn54g6zx20bexo0] C:\DOCUME~1\TEST\LOCALS~1\Temp\rdyhxgiaimt3.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [j8w9b26vmk8qnjt6uhq98b7sh5dwvfba0] C:\DOCUME~1\TEST\LOCALS~1\Temp\am9r379s2.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [krgc0pbom0zu9d8nqq67zfxyf] C:\DOCUME~1\TEST\LOCALS~1\Temp\tslqackum4.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [khpyzlswg5gcnd40g5o47s6koy] C:\DOCUME~1\TEST\LOCALS~1\Temp\fout7f.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gxuu4rjljgu0zjhjm20e7o3qvm2lwt236ub962l7gx] C:\DOCUME~1\TEST\LOCALS~1\Temp\v5qqcvh.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hvhcf47wep9prsdui] C:\DOCUME~1\TEST\LOCALS~1\Temp\v0v1kq55d.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [r80zk0xoajuvly4wpuxp19gss15m65azhz96akoaguui7e] C:\DOCUME~1\TEST\LOCALS~1\Temp\kd95td87mpq.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wbwt5utpy9vbgkyksveu3iv9ok6dbu1tyv0t] C:\DOCUME~1\TEST\LOCALS~1\Temp\qlbs48ir.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [v1nv7g4geygg9r3z3ky4j3npocznyu8k2cdhwy1tq9hsfgjx] C:\DOCUME~1\TEST\LOCALS~1\Temp\rcgqvp2j2.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [t0jrs59kr9e9m0dzu] C:\DOCUME~1\TEST\LOCALS~1\Temp\xkidnk.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fbjfa20os897kjeqib7t9] C:\DOCUME~1\TEST\LOCALS~1\Temp\miiu0aaair5sb.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zgv05agqg6kog1bq2nhermb1rxjxtj3a4tpag0] C:\DOCUME~1\TEST\LOCALS~1\Temp\ht3ivc6w.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [kdlmsykb43n8mhck0vt5rh4b63d581p] C:\DOCUME~1\TEST\LOCALS~1\Temp\kicpgps.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [uig4emohmfdda3j9du34ieudl4mynpks4ievk3u6l2izddpx] C:\DOCUME~1\TEST\LOCALS~1\Temp\kig7373jjg.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zwrs3f6x59ovj8] C:\DOCUME~1\TEST\LOCALS~1\Temp\o7o7tl57r.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hqjtmhba2] C:\DOCUME~1\TEST\LOCALS~1\Temp\u2plzsu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rme87z2ps0138t9ir9hbwpm] C:\DOCUME~1\TEST\LOCALS~1\Temp\rs1lmu64peu3d.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [me8crdcxuculvyjnrq0m7o57] C:\DOCUME~1\TEST\LOCALS~1\Temp\ivar40.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [uiurp6jtw1ev0xtkpa0xjpe] C:\DOCUME~1\TEST\LOCALS~1\Temp\p4cwcs07.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ee8swzkvqy23r92cfwk8em43jycfyomvrb5lop9uh8kowgs] C:\DOCUME~1\TEST\LOCALS~1\Temp\wh4n0ea.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ghmpfvs5x641otgb5vivnnd64jyyae3ksd8l2c322byu93q4p] C:\DOCUME~1\TEST\LOCALS~1\Temp\bx0dqjmbal.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [quns6buxuyssv55be5htqs3f] C:\DOCUME~1\TEST\LOCALS~1\Temp\h0jgsxry.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [caji341x8cn65j6fd6mx6tfyeth] C:\DOCUME~1\TEST\LOCALS~1\Temp\hv7xcyfvwe8.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [t8uoxrh9ec] C:\DOCUME~1\TEST\LOCALS~1\Temp\lkjypusqj3yzo.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fsx6txjalhwfid8jr5bdzru46ykzflv613oraxcrfnlsqoo5] C:\DOCUME~1\TEST\LOCALS~1\Temp\sj9j8p52ife.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rurxq9cspm59x2asffnhv2dl4gnnqabubolbts2caebiyaq2t] C:\DOCUME~1\TEST\LOCALS~1\Temp\kfxk7uwt1ug.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [joi2q5asom3gbxka3p2] C:\DOCUME~1\TEST\LOCALS~1\Temp\rfkcvk0xtrp.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [tr9kwlvk3cyv7p] C:\DOCUME~1\TEST\LOCALS~1\Temp\xeo35u.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [oz2b0vooo02y54oy6b9xbc23kihmrbhqe756cqc] C:\DOCUME~1\TEST\LOCALS~1\Temp\b1sqlm2wcioo2.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gcc5knsnulcot5f4jnqi71i4jhcnr0m1m180z9g69ijof9r] C:\DOCUME~1\TEST\LOCALS~1\Temp\lu3i5au.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [h59zj4lkeii1fviwyf26s8] C:\DOCUME~1\TEST\LOCALS~1\Temp\kjydvkl.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mvigiez2a6v7hhhirsfqcc0ulau] C:\DOCUME~1\TEST\LOCALS~1\Temp\yhvjx8sn0c5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bv3xw45wpk007p5ecgyqd4075yzn3t4qb7f0v0zr] C:\DOCUME~1\TEST\LOCALS~1\Temp\zr0ho8cy160f.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wb8l1hvlwl3ifi8ot4mjcctckerr78i20mtu7r4] C:\DOCUME~1\TEST\LOCALS~1\Temp\gq727k6ahi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gcwgbyfhzbp84l8f4eexz4] C:\DOCUME~1\TEST\LOCALS~1\Temp\zw31b1wz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [j68hb0vftsmx5] C:\DOCUME~1\TEST\LOCALS~1\Temp\lpripbi3xp.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [u8zcrqgeh8tvk1oxsjib6718vugjt35pm3693d] C:\DOCUME~1\TEST\LOCALS~1\Temp\n4vrjok8.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [nolmuqrejbfyek75sz3pgod] C:\DOCUME~1\TEST\LOCALS~1\Temp\v8o73jad.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [oyp4hfhgpyibp4bi3ntfry] C:\DOCUME~1\TEST\LOCALS~1\Temp\c7esmv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [phqzxv4rdmhmot1biju6fszb5vay2f77ey02ndtdrc11rpc] C:\DOCUME~1\TEST\LOCALS~1\Temp\ch9csb4prv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rbymwpyxywwlglt] C:\DOCUME~1\TEST\LOCALS~1\Temp\b2se4c8bxvw6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zztioftlya1m7u8hkd1v1qbd5yqkci] C:\DOCUME~1\TEST\LOCALS~1\Temp\edkoy6z1lb.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zfu6mc80lvhhb] C:\DOCUME~1\TEST\LOCALS~1\Temp\xjwn5sa35ec.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [y98ocz5hlj6x725nx6ujxllwsodjinntbpl8epbf] C:\DOCUME~1\TEST\LOCALS~1\Temp\n0gfrkztk7ef6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xq9m47pmwja6gbm5i39k8m0vpir9wvuwhcumrm10m2bhzf] C:\DOCUME~1\TEST\LOCALS~1\Temp\ixk6v30.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [jewehthczl8juw0dowsivjvf5et1guu9j] C:\DOCUME~1\TEST\LOCALS~1\Temp\hnf84m.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [s9d0evvjx9qcts9x1egykmbgz287badspd41fczi91170qw] C:\DOCUME~1\TEST\LOCALS~1\Temp\tz3pid2m.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ol6kvj6nc6pzjr6u6lu9a6fd7febvgprc1qv1q0lhpk0adjb] C:\DOCUME~1\TEST\LOCALS~1\Temp\lvaqhitw.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [m4f21n6b8rrsf] C:\DOCUME~1\TEST\LOCALS~1\Temp\ei38o44yl.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [yc6w0ili8kv8743095a171g4fxb6tt4k6fy3jirlfo] C:\DOCUME~1\TEST\LOCALS~1\Temp\atbo36xy2.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qnpx9v7dtfl4yg0plvwtxm722mf3nuf] C:\DOCUME~1\TEST\LOCALS~1\Temp\t467j9wem.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [f9co8u1a5lfs06h9kj5jd87g4m8r56buj] C:\DOCUME~1\TEST\LOCALS~1\Temp\b7sfrwng.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [atnize872l134p6cmisw2dwls0vzxv5k46wcbjwd7arm] C:\DOCUME~1\TEST\LOCALS~1\Temp\h1wms86l4r2m.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [k7ka06ddo37wznebedn44nfhp1] C:\DOCUME~1\TEST\LOCALS~1\Temp\gwarrp6ypp.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zdtu9oc1a950gl1i7tbzrfuo57j3p8stkjdfzrd] C:\DOCUME~1\TEST\LOCALS~1\Temp\dmmc45qd.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vpi07hyqcuy94ueof] C:\DOCUME~1\TEST\LOCALS~1\Temp\nvhtt10t.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mb5l4yla258q03uaw6mwiwwv5heq5] C:\DOCUME~1\TEST\LOCALS~1\Temp\l6tid92b02.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [z702nkkjpakiy9js5zvbz8qxpu4bf259j0lte7bi7bxjb] C:\DOCUME~1\TEST\LOCALS~1\Temp\v4cc3de.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [uin5twbrytqp3czi2caymwy970ya0si81t] C:\DOCUME~1\TEST\LOCALS~1\Temp\rk0egfapws1w.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ma25tfduxmexgi2svzz4kth] C:\DOCUME~1\TEST\LOCALS~1\Temp\ytljo7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cpk2m9h3zq855ffq4g6crsms] C:\DOCUME~1\TEST\LOCALS~1\Temp\x66wzf3lkf60s.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qwe47jvwwxmcbzx0z9fdj] C:\DOCUME~1\TEST\LOCALS~1\Temp\bdb603.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qn6ac9xz9s6yhjmlfzw3xs6xfbfczb5yyld7v8ap5v] C:\DOCUME~1\TEST\LOCALS~1\Temp\g9gh9ze4zy.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mzmgahatdgj2tr4mchfml6btwlylw0kxvqa1gf3pvx058crjo3] C:\DOCUME~1\TEST\LOCALS~1\Temp\n8n2sbrg.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bywl4ms02czla4k7bzqc2voifqw5z5qb6p73rdvthvehd] C:\DOCUME~1\TEST\LOCALS~1\Temp\ty52kqsw.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ri8penlqu9qb1] C:\DOCUME~1\TEST\LOCALS~1\Temp\u4fi2spwiz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [utfwlcph3i73j6hyqyiggpl327cwqmpzmfmg] C:\DOCUME~1\TEST\LOCALS~1\Temp\jg0xt2thkkpj5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fm7rdyt56qljoa8viyj] C:\DOCUME~1\TEST\LOCALS~1\Temp\xo55xonu4b.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cas0p9aa3e4] C:\DOCUME~1\TEST\LOCALS~1\Temp\jhtmbf9yr6xd.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [e0jq8415lmm40vlmn5xitejxakdx8nfoj2xc] C:\DOCUME~1\TEST\LOCALS~1\Temp\rha9yk.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w2ovupzyquiyh5kkyi] C:\DOCUME~1\TEST\LOCALS~1\Temp\b95udu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bosb663eby6m7atfq657u1balbv4w8vqye1ayt] C:\DOCUME~1\TEST\LOCALS~1\Temp\pgxdl8c.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [sth1ff2q471rm6xvk] C:\DOCUME~1\TEST\LOCALS~1\Temp\o1gfe9zwv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [yb6m28d2gh1ndu908ybogpwvu6qh] C:\DOCUME~1\TEST\LOCALS~1\Temp\zzdlzgnkrcqlm.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lr99txsylw] C:\DOCUME~1\TEST\LOCALS~1\Temp\jrrc7f.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wmakzq0byvd2phz1cqbhavl5303] C:\DOCUME~1\TEST\LOCALS~1\Temp\rvkmfleba62en.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [jw73u0zhp8dav3558bynxxifsrd8oon5g] C:\DOCUME~1\TEST\LOCALS~1\Temp\yur7yxrn9ii.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rzsmcenwdljggv7txb426grgvk5obunm603knzd] C:\DOCUME~1\TEST\LOCALS~1\Temp\zqfpyvgcav0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [kt45thuwcgi38w] C:\DOCUME~1\TEST\LOCALS~1\Temp\fyhcqqqh.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [eavkbp4qy48r1w9ynev3b7q29b7u6t04jswns3mt5o0iwwuj] C:\DOCUME~1\TEST\LOCALS~1\Temp\qh0vw0sps.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zit6ek1t54ohznzn7] C:\DOCUME~1\TEST\LOCALS~1\Temp\ej0e2auiey.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xjw33q8igtlx4pi0e8ptizt] C:\DOCUME~1\TEST\LOCALS~1\Temp\n7cv024.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [yu9vmyefihvx9iquezj7a58k5qa] C:\DOCUME~1\TEST\LOCALS~1\Temp\p72hy1kphv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zzr9dfklmem21g2k3k81j97bcmq] C:\DOCUME~1\TEST\LOCALS~1\Temp\qh7f6il0ip5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mbsxet2c6rfvkncbv35fen1z] C:\DOCUME~1\TEST\LOCALS~1\Temp\ym0293j538.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wvs28x095e5uhkyiqecziksc2r8h0mfcisfjgy9u1lj1ze8s] C:\DOCUME~1\TEST\LOCALS~1\Temp\qi7m88awm2.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [izv1ltlc2pe] C:\DOCUME~1\TEST\LOCALS~1\Temp\cbc3miw0qer7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bk48b9crgev9] C:\DOCUME~1\TEST\LOCALS~1\Temp\cqqq1wi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [unz7gijksutayjpi7t4qxsyg6qs] C:\DOCUME~1\TEST\LOCALS~1\Temp\q99q76ko.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [k1rheahsnnaof6vf8lb223d5x7] C:\DOCUME~1\TEST\LOCALS~1\Temp\qj4tdmkoy8w6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [jupq60bvsshi15c6d45lbp6] C:\DOCUME~1\TEST\LOCALS~1\Temp\whbdz1d8kk8qp.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lj4s9iomtekwurkgcj8dhj2h] C:\DOCUME~1\TEST\LOCALS~1\Temp\bl4cjwmh1qwxo.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [imwbfkie095acrcbn23f3m8133tesay8weysvy3nt58u5o8ncx] C:\DOCUME~1\TEST\LOCALS~1\Temp\ttzdj215.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lltrp1urrykl66g5jksthmtvlf40kxi9vzc] C:\DOCUME~1\TEST\LOCALS~1\Temp\xibewye0ek.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [a096kattqt9w] C:\DOCUME~1\TEST\LOCALS~1\Temp\qondm3p2y8j.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zhxho8qsdj8a2xafa9fxutp393gkrv9dqm0zr66y4] C:\DOCUME~1\TEST\LOCALS~1\Temp\ikux28gth2c.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [i3qsmpt91vxyvfu071dla02kjw1l8se0wuy6df1tq98lcrg7] C:\DOCUME~1\TEST\LOCALS~1\Temp\w3ug8iimkkv3.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cof9z3lm5u1txt0quwn1alrdy2pu7y97acau3ob] C:\DOCUME~1\TEST\LOCALS~1\Temp\iwixm9.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bgodgtchvujh81orcetivcas1qzi] C:\DOCUME~1\TEST\LOCALS~1\Temp\m4ufz5hl.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ashegy6ltri4h0lohl7tlwe8935m9] C:\DOCUME~1\TEST\LOCALS~1\Temp\eh1gya8c.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [x6vzutle4irhwj8ghjhc8n0or8pc] C:\DOCUME~1\TEST\LOCALS~1\Temp\h5hh1req.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [itd513fh8fwlwfx9s7xishnfxz56953boj631x] C:\DOCUME~1\TEST\LOCALS~1\Temp\a73l0b0cj.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [kmem6ejf5ejbvcdei288clk6a59qfh2ycmjpfhkjsj37] C:\DOCUME~1\TEST\LOCALS~1\Temp\s3rmggr32.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gjdtnm1m1ca45qe3v5adwwf41] C:\DOCUME~1\TEST\LOCALS~1\Temp\kum6zm6rsx02.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [i90d1q9lxqv2fi8oxsdzh4vyqgv9vru0dr52pv0dynsah0n1p] C:\DOCUME~1\TEST\LOCALS~1\Temp\un6bx3.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [orgy6odhvua791ebzpnr5xbdkfakqflikr7j] C:\DOCUME~1\TEST\LOCALS~1\Temp\o4z7bsbaei.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [tej29x86a0m550rqrhg8nn0c1xj5aqh] C:\DOCUME~1\TEST\LOCALS~1\Temp\cevvji8x98mqc.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [j9bdbew4vit3] C:\DOCUME~1\TEST\LOCALS~1\Temp\abal9jugwgl.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [oa40tm64droqauvagy8fkbmdyaw81hvp] C:\DOCUME~1\TEST\LOCALS~1\Temp\rv1tnp8kkc.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zeto6ha2fia7onarfl7xllh99ftz68] C:\DOCUME~1\TEST\LOCALS~1\Temp\t0aib5tnco9u.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ptkh4t9v7grsakdla0s] C:\DOCUME~1\TEST\LOCALS~1\Temp\b535eq8sx7o.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rus94wb6lpb6lncs03y330ke4n91vlcd] C:\DOCUME~1\TEST\LOCALS~1\Temp\n3a61yza1j6b.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rgvxq2pa6uqdn1yv4xtcqz4ctd7fzohe8a99] C:\DOCUME~1\TEST\LOCALS~1\Temp\wv2xopqsl.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hjmykdg2lwxidnhzylai4lk4p] C:\DOCUME~1\TEST\LOCALS~1\Temp\yrw9b1lnw.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hhxe53y1if21nbmczlk] C:\DOCUME~1\TEST\LOCALS~1\Temp\lakzxf.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [e0hthozvh0lifbxrw00vi19ucvwym1xoq94ckov5kbl9289zi] C:\DOCUME~1\TEST\LOCALS~1\Temp\m0y7rieb17e.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [czo3wubp44s25wwldwe9j6zi9grzstwn0grmp03ru8xw] C:\DOCUME~1\TEST\LOCALS~1\Temp\hgvvljmjpdp.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [diu27a2j8afhwnqiocxyqhgd4utrkgkhgomn] C:\DOCUME~1\TEST\LOCALS~1\Temp\co1x7q3qoq.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hsobwf19bryd703qo3715ejkdwk6g6oqm1xbj4b9p8xacby5uj] C:\DOCUME~1\TEST\LOCALS~1\Temp\yqrjtd.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [d7tc66ovlu8symtrpjqf77dqs9785zadvblfd9hf6vw56syzu] C:\DOCUME~1\TEST\LOCALS~1\Temp\jjv23iug3u51.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [puviiibjfrp4mj] C:\DOCUME~1\TEST\LOCALS~1\Temp\qd9n6vcpq0iki.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qwq4cbz1b26r0xbj94hdf5qyqkpbrs0zd6rebye] C:\DOCUME~1\TEST\LOCALS~1\Temp\npx4qw0m.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [pt69xdbxneikvizo7f6ooi6nqux9fxu82d0tbt] C:\DOCUME~1\TEST\LOCALS~1\Temp\txzr1rtnvchhm.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ei76dnc0t3fgz5h8ddyf4deorega7igzmvauiptr8] C:\DOCUME~1\TEST\LOCALS~1\Temp\xmbsen6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [yooio13vd1a] C:\DOCUME~1\TEST\LOCALS~1\Temp\t7uu77ano.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [nd6ofwocfnwj] C:\DOCUME~1\TEST\LOCALS~1\Temp\tjiuvycsg1kn.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bpsb309u17pftvy] C:\DOCUME~1\TEST\LOCALS~1\Temp\kff6him4.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zveq1xtzhptgtkk5xnn3wi9kptprpci64byvt6gvshtk] C:\DOCUME~1\TEST\LOCALS~1\Temp\dgwzfz4gg0f.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [sbzv04vy6zb3qtgfqn4suji138io1elkgovwwipthakgp0] C:\DOCUME~1\TEST\LOCALS~1\Temp\xddwdlgt11hd8.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wr74k7setiuqrp1bfukcbqp2e1if2kp9k0zghvg4yd34m0kud] C:\DOCUME~1\TEST\LOCALS~1\Temp\qqea5nc4e.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xtelxswhn6ayfp] C:\DOCUME~1\TEST\LOCALS~1\Temp\rhj8d4dbpv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [na7nnwbtf910ojm157jyo5uztnb2wduhgdk] C:\DOCUME~1\TEST\LOCALS~1\Temp\jdqsc98s3x.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [u43ebcjpyjm5oz8hb4fqcr0az01sny6q] C:\DOCUME~1\TEST\LOCALS~1\Temp\knvq39od9jy.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qlrpfag7l9l2llfvmbz] C:\DOCUME~1\TEST\LOCALS~1\Temp\cj2rjef4sda.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ar2pmy3ougefig95czc8yqmg1u3h8f] C:\DOCUME~1\TEST\LOCALS~1\Temp\begw1vjqr.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [be41ovfkhrurqcvoxmrtogpt] C:\DOCUME~1\TEST\LOCALS~1\Temp\dkttnoo.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xg9ex2ridvxy2g8ga3swo3tm9qakw1h3gtksnu] C:\DOCUME~1\TEST\LOCALS~1\Temp\zh0v0qzwy8k6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [i7jyc4rrc4qoucutq76yeuftymfbvc4] C:\DOCUME~1\TEST\LOCALS~1\Temp\ty1hooz0ytq.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [x5g8aru1j7z9zllc5sci0lqoooblxkmc77cumcoot] C:\DOCUME~1\TEST\LOCALS~1\Temp\y8m69kdn2b.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zr6aqmn8hlfj9875um] C:\DOCUME~1\TEST\LOCALS~1\Temp\kkan6bzr6n82.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [thmphygug0psoy3zue958rv9mqvxtuiripo] C:\DOCUME~1\TEST\LOCALS~1\Temp\hwynqcn.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [l7stsvqsndiww75tjgo6m5lo0vy9e86f7o7zwzl30mykll] C:\DOCUME~1\TEST\LOCALS~1\Temp\dhhpjwraj.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qf5e5qqhvrs2lwknwoik3z] C:\DOCUME~1\TEST\LOCALS~1\Temp\rtcsvm.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xm4e310lhss1f79rir5eg44jhujrl4wjsu46afickczt8ytju] C:\DOCUME~1\TEST\LOCALS~1\Temp\grc98crrcneeu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fgn1ltwik0nq1x4zxuef4vkvcfkkeasiun57w8abrio0dvpp2z] C:\DOCUME~1\TEST\LOCALS~1\Temp\qevu7nx6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zzmpb2kygmfg2bqsvuglgkb4] C:\DOCUME~1\TEST\LOCALS~1\Temp\bxeddxz3e.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [p61kou3b6ifoa2vvik4oruoob5a] C:\DOCUME~1\TEST\LOCALS~1\Temp\nqjurol3szu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wc2pmyek4e9xoppp046ceoei7ade6h8yzn7] C:\DOCUME~1\TEST\LOCALS~1\Temp\qoqi3h5r3rir.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cit8g9aq8dnngmze847wt2hd9ncxs2wrcoi3td] C:\DOCUME~1\TEST\LOCALS~1\Temp\kl7ubp.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [baykm294fl1gx7gw564iwl55a29ob] C:\DOCUME~1\TEST\LOCALS~1\Temp\j6qwnqdm.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ep3a23jcacbxplv8dmg7tlyjqfwc0wr2ekv3oe5g2ibnl3y3bi] C:\DOCUME~1\TEST\LOCALS~1\Temp\srdphi8u9515.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [z67iv79kbw3yjckctq4jrum1ftb6dwjrsqpgwaa1wh] C:\DOCUME~1\TEST\LOCALS~1\Temp\soyk8ncf.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [q10mx9xh9m5qjkmwf70f2tj26mse2ho5hq] C:\DOCUME~1\TEST\LOCALS~1\Temp\zs7tqu2q1tlue.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [d49r99or3tr] C:\DOCUME~1\TEST\LOCALS~1\Temp\btu13a13gv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hshxc8dqs6zss974i05htm3icw7exxz7arnr3h566zcsmb8] C:\DOCUME~1\TEST\LOCALS~1\Temp\p06k6jfz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lfzf0qn2kicyjm] C:\DOCUME~1\TEST\LOCALS~1\Temp\pf3sbbsyd5h.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [oxgjpyaq5qe1eaqn9qz] C:\DOCUME~1\TEST\LOCALS~1\Temp\wea94sep4.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fzfcwk3uqfx3yvhfimu59t7rjk04s0yjg9] C:\DOCUME~1\TEST\LOCALS~1\Temp\l2qoe3xy.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cd7m21d6hzv727eu1v30] C:\DOCUME~1\TEST\LOCALS~1\Temp\hpj6lp801.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [l2t3zdmj186l5yvf8fngcbuyn4ff4cqzvvl0hon1krj17esr] C:\DOCUME~1\TEST\LOCALS~1\Temp\avv5suj2lx.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [g09r00i2jfd19n4s8p2] C:\DOCUME~1\TEST\LOCALS~1\Temp\leeoy4lvofd.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gxl68ypptjtxfepq44p0lupkcg5ux01u66jl9kq] C:\DOCUME~1\TEST\LOCALS~1\Temp\r8zvzxj.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [j51tkfbub7wf9pagpqhdjv8] C:\DOCUME~1\TEST\LOCALS~1\Temp\nw2ljvwww.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [iq3wrcgmpc1or] C:\DOCUME~1\TEST\LOCALS~1\Temp\v5e4t7tj.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [kfkuqxmynvko8plpvqh0pm61tyhi2uvmc3997uxli2qpbsz6h] C:\DOCUME~1\TEST\LOCALS~1\Temp\zuqm636ej7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fp7uyrya5pgr7td] C:\DOCUME~1\TEST\LOCALS~1\Temp\r2ln69l29vgul.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [g6b5xyo1lktbfhxuob7i] C:\DOCUME~1\TEST\LOCALS~1\Temp\fjb9yyg.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [auocvr8ebx3p] C:\DOCUME~1\TEST\LOCALS~1\Temp\j8nrbdtal.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [c6eva8tfk] C:\DOCUME~1\TEST\LOCALS~1\Temp\qxzso969ywg.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [efvmpkbrmkifoqe1jp2ethkqy9qruo77lg1] C:\DOCUME~1\TEST\LOCALS~1\Temp\nsns8a.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lmepwtxj1ycnpkvign2kcn4nzvvvftc55ng7r] C:\DOCUME~1\TEST\LOCALS~1\Temp\mn1eqryox1ee.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qq2ccsvaopydr5qjjr99g6svoulkdj3004bdcy0wk] C:\DOCUME~1\TEST\LOCALS~1\Temp\tm8z93s0dd.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [kb23abb5upw0rvmw2ozihy6fbt6o78ofeftown4c55oi8] C:\DOCUME~1\TEST\LOCALS~1\Temp\id30ss7o31kqd.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [a7afnid1pxbxzd5jrausalqxk8997rx4ao9vqj6ma2] C:\DOCUME~1\TEST\LOCALS~1\Temp\m2f15ok.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [nxydp2gpqzauyr2843qhhajpe7c6tlyeser3b3lg73] C:\DOCUME~1\TEST\LOCALS~1\Temp\lny3ypo5f.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fr8yilumuta7hw05kzlyo7cc9hue7dip2yo] C:\DOCUME~1\TEST\LOCALS~1\Temp\xgmkvza9jj7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [kadbp6sj2cpg0ubldf3wugigw7] C:\DOCUME~1\TEST\LOCALS~1\Temp\lxtnn5om8dj40.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [f8heyw21ud0qp3zxgtt97vankwg3nm] C:\DOCUME~1\TEST\LOCALS~1\Temp\eftmeb4lz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bd24oa5o50es2sa4py09a4zs8uu32nulxp6hjy3o6e1a5g] C:\DOCUME~1\TEST\LOCALS~1\Temp\phc5klpe2d.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [uegk6cp2s9drstm6tepmaxjmadobdptcw9jay31] C:\DOCUME~1\TEST\LOCALS~1\Temp\xsu06d0bmv21r.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [y82wrqwy2lag4jpyjggkgm] C:\DOCUME~1\TEST\LOCALS~1\Temp\qkp23ggr6jwca.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [dpgsl2ut4k5sav4] C:\DOCUME~1\TEST\LOCALS~1\Temp\mqyozrqg.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w0012xjqjruxyz142q84wc4tzd7gr] C:\DOCUME~1\TEST\LOCALS~1\Temp\is1mmmvf.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zy2hu5ix2oc5eixhc2qvsw9p1fj] C:\DOCUME~1\TEST\LOCALS~1\Temp\ao8nlrm6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [utw1bakg4d1w5kdt75l9i6xi] C:\DOCUME~1\TEST\LOCALS~1\Temp\lq8681oz1.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ay6vii1w6q7079sc4gv6nv6v35] C:\DOCUME~1\TEST\LOCALS~1\Temp\fnpm6njcmk0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o0yqq710ydzfjxjh3naafsln7p0rkya51jgwvv3wa12afd0] C:\DOCUME~1\TEST\LOCALS~1\Temp\i2w6s2cw8wcz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [p59uo40n3mi4kfhgww44zxhp0xuu47] C:\DOCUME~1\TEST\LOCALS~1\Temp\ay37r736r7o9.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [kjpwo8mu0es0] C:\DOCUME~1\TEST\LOCALS~1\Temp\koswywexj6a6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w585oggcq2ll8vo7cbjk4rjhmr] C:\DOCUME~1\TEST\LOCALS~1\Temp\b8j4v2b172g.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [dxdwoo7sgscpv849i2enx21ag0q2esxq] C:\DOCUME~1\TEST\LOCALS~1\Temp\qk6iqbntzn.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zznp0d4k7y38dp7ci2hsbnn] C:\DOCUME~1\TEST\LOCALS~1\Temp\fnasoqu3.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [nwf0jfmt1xqwgqf1] C:\DOCUME~1\TEST\LOCALS~1\Temp\xbferbzc2vw9b.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hemp1w1na99yrzgycbtq2drra2uab8p] C:\DOCUME~1\TEST\LOCALS~1\Temp\syzksfl.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ctrbtilccsybmf1kj9s7] C:\DOCUME~1\TEST\LOCALS~1\Temp\ekd3j25.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [la6kp385ozg922ut4psp0ixeb7i0h57ki8] C:\DOCUME~1\TEST\LOCALS~1\Temp\xqp6gl72.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bags5gh0hv689vykechoa6hq3qvu3hnpnki0hagy8vvqaqo8l] C:\DOCUME~1\TEST\LOCALS~1\Temp\mykm9dv5p5o.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [m1m6ibc85aljbk] C:\DOCUME~1\TEST\LOCALS~1\Temp\lv268g87b78t.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lbdv7odv990h8i9ondnhem0p5y5uzxim5u0tgi1d] C:\DOCUME~1\TEST\LOCALS~1\Temp\b832n0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mvdtryqydcrdhxqk06hxkla3k] C:\DOCUME~1\TEST\LOCALS~1\Temp\kwgjinn3.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fcne4nfwtywav5ofhhuvg244a4oomtrk884lzluhxgl9640u] C:\DOCUME~1\TEST\LOCALS~1\Temp\h84j2ob0lk9.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [i4ahgz06q4qyr] C:\DOCUME~1\TEST\LOCALS~1\Temp\oxz1fkovrqz8p.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [su8zzle0devfjf5d8mf0hqvtz] C:\DOCUME~1\TEST\LOCALS~1\Temp\zzzk2u.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [thkhjkzfldq0xee] C:\DOCUME~1\TEST\LOCALS~1\Temp\jty3hq05j.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [eomh35f28vu859f32dzvstkc8gcejjwy1eqc] C:\DOCUME~1\TEST\LOCALS~1\Temp\o9yj2mxb7sl1.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [jz21n3ht99t68ceqht81tm7sngekc6a9qzxmus3] C:\DOCUME~1\TEST\LOCALS~1\Temp\kp5lyopuk.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [t4tl1ryzjyajtet135s4aw0fattu3xwuwx8pgivbaldeiiq3gb] C:\DOCUME~1\TEST\LOCALS~1\Temp\ifxcf5ej1yhds.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cq8lfp9w4mo8fybbir6cs6dumz8y7z8z5i] C:\DOCUME~1\TEST\LOCALS~1\Temp\fnq0lgf9jz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [t3omdp1gzvr5q0a7xeg] C:\DOCUME~1\TEST\LOCALS~1\Temp\xtzo0jgb.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bh9fqx1bptty1hf568cqe1fc36i7acjkn4lbhkj5wn22z] C:\DOCUME~1\TEST\LOCALS~1\Temp\e2kt8ba4uu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [dqov92j7bxivr1ecykvu4wpvlckfig64xj9xrjz7hga4bdo2] C:\DOCUME~1\TEST\LOCALS~1\Temp\a4afuu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [jhazossts7cdzve] C:\DOCUME~1\TEST\LOCALS~1\Temp\z4742sg1pua.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [to9vdy28e6tfxnpxqb0uuti8xq0dccpi] C:\DOCUME~1\TEST\LOCALS~1\Temp\vatjzffs2o.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cx1mlg7f2b21j6251ygrkzj] C:\DOCUME~1\TEST\LOCALS~1\Temp\gtc25p0l56g.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [dgwbhiagf234mkvrqrwnnr69xwn07yu8iteu] C:\DOCUME~1\TEST\LOCALS~1\Temp\og516kqumc4.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [i8lg5g0cv2nvm19] C:\DOCUME~1\TEST\LOCALS~1\Temp\xx0hoqoy58mz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ruwk65gc2f7au0nw9011k0a3zl7e3e8lu7p] C:\DOCUME~1\TEST\LOCALS~1\Temp\cnmk5faj4f.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [x5e2sh67ms2v4l5v3cl2cwtxkmy] C:\DOCUME~1\TEST\LOCALS~1\Temp\wf4e8fw5y4.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [pvfrsljppchmco] C:\DOCUME~1\TEST\LOCALS~1\Temp\dyr6f509qm.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vbh12wms9wm0t1lqcbntijre9lqdbs88j1i9brz] C:\DOCUME~1\TEST\LOCALS~1\Temp\ya91y2n.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [v40qvz3dngfolhns039ytxjwa] C:\DOCUME~1\TEST\LOCALS~1\Temp\igwkezl1tpbpn.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [df16q38o7rnhdd6he3ovr5vz3f5m23vi1m4vwr5ur7k4e257y] C:\DOCUME~1\TEST\LOCALS~1\Temp\lv340e.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mdgrdaqqihaip3c5kazy41emh09] C:\DOCUME~1\TEST\LOCALS~1\Temp\vl6u4p.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [s4i9cpnnwyhdozxevywk9i9xer2kjweok48hhr] C:\DOCUME~1\TEST\LOCALS~1\Temp\ebl9x3mnpmk.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fo1g3mobg4hkg2tlwi00i3fpqi1u9e6] C:\DOCUME~1\TEST\LOCALS~1\Temp\pdls3dogs43o.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rdm5acyxdzq9] C:\DOCUME~1\TEST\LOCALS~1\Temp\ja281z.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [e0233jy9rod6w95aj86ead1nh] C:\DOCUME~1\TEST\LOCALS~1\Temp\arsbtoe6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [f2p6d4ko2dqxrlezvs67o3rxoie4] C:\DOCUME~1\TEST\LOCALS~1\Temp\a1nvz4vnvm99.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [eisgyw79wt75nctokskou4kzy9xv2yj8jtdww2uo2k0] C:\DOCUME~1\TEST\LOCALS~1\Temp\hqzwc0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [chhi0coppkv2] C:\DOCUME~1\TEST\LOCALS~1\Temp\aspiyjoye5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ln47zevbhm] C:\DOCUME~1\TEST\LOCALS~1\Temp\g0r59ey.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cc26y1lvcfa3y] C:\DOCUME~1\TEST\LOCALS~1\Temp\kpmnme187.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bou08f9x89zs] C:\DOCUME~1\TEST\LOCALS~1\Temp\h0ug1gpiuy.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bp7zi7s8mdsqtz8g5semb9s92vsppnx9fp7s5k] C:\DOCUME~1\TEST\LOCALS~1\Temp\ehk0by1t1bq5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [uima0jt8nns5e8wo] C:\DOCUME~1\TEST\LOCALS~1\Temp\h5d0rxdwu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [aq5lg37pju82cpt5xyuze7r3v10rfi1elt2u2nl8p687mbf6t] C:\DOCUME~1\TEST\LOCALS~1\Temp\vyrm34.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [k6lx6c63tiyb4s3sfd08zcipi8a1ns2whcekrgrz] C:\DOCUME~1\TEST\LOCALS~1\Temp\zir40kxy35p.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [y3v6sp5l8mi34itu42kt09nhjv5zqaq8op] C:\DOCUME~1\TEST\LOCALS~1\Temp\so3m7680ntw9.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w912inapqgcc3h6zspegay0] C:\DOCUME~1\TEST\LOCALS~1\Temp\nzh7sqsbszk3b.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [najy3f8baiadwoemmbt15le76w8vx] C:\DOCUME~1\TEST\LOCALS~1\Temp\c7crbf7z.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wsjg62dcivcfptykh6863h0zbi34xijxet1ymflcjh8p2w0cxe] C:\DOCUME~1\TEST\LOCALS~1\Temp\ov589oh0tt2la.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ln6vss0at8elq7] C:\DOCUME~1\TEST\LOCALS~1\Temp\fmqeqtcdbt6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [uvs1j0b2epw2zixwyultlwwngbw8eqrfk0yztyxw8yob] C:\DOCUME~1\TEST\LOCALS~1\Temp\jipeasm.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xao0tj9ej744yprstyjcd5krl1xf72d1lkutu] C:\DOCUME~1\TEST\LOCALS~1\Temp\loevch6ixt5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [an3yzxq8zmu2txi] C:\DOCUME~1\TEST\LOCALS~1\Temp\rdnh7gk9d8.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [pr4814o01c] C:\DOCUME~1\TEST\LOCALS~1\Temp\cwnhu7m2gqh.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [orsj5jlio27uqlt611dfo4yph1vu4cjnw5vbvoc] C:\DOCUME~1\TEST\LOCALS~1\Temp\usu1tvdtzka.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [d56kkq2t2wn9b1t52vn252vkdzn2yqzgqxplf7snpih] C:\DOCUME~1\TEST\LOCALS~1\Temp\v2zzkcx40e5r.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ss1wrepdehy66a5w4t3hfllelypvy9i] C:\DOCUME~1\TEST\LOCALS~1\Temp\n3p39yt9284.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [e75es5xag4a2rasurpx62fd] C:\DOCUME~1\TEST\LOCALS~1\Temp\ympmw8v25qn5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rbq6ntbj65k3i4ee] C:\DOCUME~1\TEST\LOCALS~1\Temp\u78o89.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lswuu9uev1m60hof4xkd8zgwp] C:\DOCUME~1\TEST\LOCALS~1\Temp\cbk494.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vew9x694z0buzh7b0zoyjim37ad2eqx41l3mbs5mejaa] C:\DOCUME~1\TEST\LOCALS~1\Temp\lyc0ikborz5ax.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [jkost0rx36hv0r9] C:\DOCUME~1\TEST\LOCALS~1\Temp\lthbqfi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [deytyhrxkbubcq5bn3bsx0sxoxpva] C:\DOCUME~1\TEST\LOCALS~1\Temp\t2ma793aawyc.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gjgnq4kiomy5rylltp4tue8eyvham8bwg2lmbgz5iet] C:\DOCUME~1\TEST\LOCALS~1\Temp\mkm9hw29.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [dve0ycvsj8wodbtodaewtdy6cwhq05qvu] C:\DOCUME~1\TEST\LOCALS~1\Temp\nz375v.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ktuxa4xy3ulxjwat] C:\DOCUME~1\TEST\LOCALS~1\Temp\zrpyfpeews.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [yb75eymyxu7qkvtjsuekhqq9awn] C:\DOCUME~1\TEST\LOCALS~1\Temp\qevblqoxgs6gu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qjxosn4btqz489v4x85knq9un6ifv0m4o9dje] C:\DOCUME~1\TEST\LOCALS~1\Temp\tylygm5v245ud.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [sey0kbz2yfcgh18ox095xf7nvs9ilw] C:\DOCUME~1\TEST\LOCALS~1\Temp\t34i6kaslnso.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ditb6z64kvz1so3gqemh1sid] C:\DOCUME~1\TEST\LOCALS~1\Temp\yi8rjgct65.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o5cmiw9na2qjrxr1f631dndwmb9uzv] C:\DOCUME~1\TEST\LOCALS~1\Temp\uutxbfqqv5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [a0yp5t1vjlndptk] C:\DOCUME~1\TEST\LOCALS~1\Temp\by2l388.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [e3y80nr7hjmyso9ywbrdjid8lhv64femzro82efztvd9ij] C:\DOCUME~1\TEST\LOCALS~1\Temp\a8ubhmye.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ikxeoi1me4] C:\DOCUME~1\TEST\LOCALS~1\Temp\dn8ywjksyiz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ym6714bfd8jw79gpi4uv69lv0iu0jopesx] C:\DOCUME~1\TEST\LOCALS~1\Temp\rn2z5b74.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [os6yd3ibbl3] C:\DOCUME~1\TEST\LOCALS~1\Temp\sot19lgum9z5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xpr4x2hpe5f1a] C:\DOCUME~1\TEST\LOCALS~1\Temp\p60slcykxg866.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [agm1egql8x] C:\DOCUME~1\TEST\LOCALS~1\Temp\fokrqu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [t30m6ztvzx5hgck54oh68otm] C:\DOCUME~1\TEST\LOCALS~1\Temp\z41oogoj.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [dpdhkj6vi0yf7wpdccfsl91hln14t8llq0euj] C:\DOCUME~1\TEST\LOCALS~1\Temp\kga9om7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vtdy3zui87cuy5] C:\DOCUME~1\TEST\LOCALS~1\Temp\qps34v.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ivhuv1ohuqtz1aeds2guu5zohnrz6rgcgunwx0ekg] C:\DOCUME~1\TEST\LOCALS~1\Temp\b8smamt.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [te6ytvvp3r1afvj9h995xcjrzx3q44c65rdr6ui] C:\DOCUME~1\TEST\LOCALS~1\Temp\xe4lhr4e.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [oiuy03i6xasn] C:\DOCUME~1\TEST\LOCALS~1\Temp\icir2j1g3b9j.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ws01v4x334qbr867snuk5phaklc6vg0v1y38gy54rffblmd5] C:\DOCUME~1\TEST\LOCALS~1\Temp\biuq9km4fer1q.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [sdvh6jxrfkd2j0gl6iynsa53gyt] C:\DOCUME~1\TEST\LOCALS~1\Temp\yrnlyltsi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bedsmp1fi3noczbhrok1h55q] C:\DOCUME~1\TEST\LOCALS~1\Temp\zygeb2dbf67.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [azwwklq7p7] C:\DOCUME~1\TEST\LOCALS~1\Temp\knfovourduwpp.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o131yw2hmps1n] C:\DOCUME~1\TEST\LOCALS~1\Temp\qwa2vwsuph6t.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lmp55cc3ss9roa55ozy2df5hgbeovvfeuhk2hg2i1xozgc] C:\DOCUME~1\TEST\LOCALS~1\Temp\hqlcchldxuy.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w13ivkru2] C:\DOCUME~1\TEST\LOCALS~1\Temp\ktbz7djfs1o.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fmxi09lxrx0jv72jzye] C:\DOCUME~1\TEST\LOCALS~1\Temp\kpp3mv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lzx1zd7837obryg9dfb39ey1ssubxwcre3wsvf74uytddj4z5] C:\DOCUME~1\TEST\LOCALS~1\Temp\nzk6s756oi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [h6bpgdqze7nb4c2car2f1] C:\DOCUME~1\TEST\LOCALS~1\Temp\bby94xo.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gnwrssd1xusi7hnlvliqwgwogyzkon8g7gxj] C:\DOCUME~1\TEST\LOCALS~1\Temp\ifhu38dvco.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w5gcbrr8txya] C:\DOCUME~1\TEST\LOCALS~1\Temp\ju5ckp2kdi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zl5ngrlmw4uggfvmtl5i3ol5w6ltv7a1mbshov8m] C:\DOCUME~1\TEST\LOCALS~1\Temp\pjqzv52.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [jsprrr797en6d99nxhs1thf0z] C:\DOCUME~1\TEST\LOCALS~1\Temp\xs2i5d.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [buufuco2c3j0bj8l8ujy23c4of5q017r7441cejnbcm10g4j95] C:\DOCUME~1\TEST\LOCALS~1\Temp\hkx3k6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fexlk05zz1xpt0rutogjtzcn97yuahxys3k06v6bcf649k] C:\DOCUME~1\TEST\LOCALS~1\Temp\kubnq38qn0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hxmdk3uho] C:\DOCUME~1\TEST\LOCALS~1\Temp\n53ekxzz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xtg6elp5bsy1xu57v0zr4ioddbiye] C:\DOCUME~1\TEST\LOCALS~1\Temp\gn3wbkyy2diq.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mpdslvzkoiwaih775fzqofedt3xjc3dgzp9m9sdk7nx2e] C:\DOCUME~1\TEST\LOCALS~1\Temp\f6ti9jv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ty42l8rnv9tgb4jswm252w88] C:\DOCUME~1\TEST\LOCALS~1\Temp\qucl5r6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [sjjpzusvvkunrsjl0] C:\DOCUME~1\TEST\LOCALS~1\Temp\uzlhassj34j8.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [s6f8ex1jvc0ahis7rgmpofr661b5o9p9eixsv41mi] C:\DOCUME~1\TEST\LOCALS~1\Temp\xt26omfnwjz9h.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zelojb750gdv5820ez75aif0oq4wxeafejdgokd] C:\DOCUME~1\TEST\LOCALS~1\Temp\xsrzwus7nbwql.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gcbl2k5vufc08g9wtm6t8pxalmb4chx4kpa3p] C:\DOCUME~1\TEST\LOCALS~1\Temp\titlyv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [y1bhu0u2n1wn8ni5x7llnkpeuqtml21] C:\DOCUME~1\TEST\LOCALS~1\Temp\ojt5uznkos0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o1f0te7z6sltho6wqbioabl1fxnosnjd6s3wu4] C:\DOCUME~1\TEST\LOCALS~1\Temp\rpsw8b270h6g.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [y5wwquvea1eu2w9jk8bsd1a4t3bjkc9gauo6fhya4o] C:\DOCUME~1\TEST\LOCALS~1\Temp\gx4xrhh.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bhvautxdl9t62rh6u7kr2q4exho1wdf50izjc2q06] C:\DOCUME~1\TEST\LOCALS~1\Temp\jhdk3df.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [oun8c248d8lcc1030a580cba559scgvnwfqeg1d5bytt] C:\DOCUME~1\TEST\LOCALS~1\Temp\eioe6q.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [s1x8abjf0ghne8qyv2x4i2aah4bpvvgcqgz5h8yh6z91eg2y] C:\DOCUME~1\TEST\LOCALS~1\Temp\isckcin0h.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vshu1x0z60x09bwrkzyszmvuoyzbifckol9lsol4q35] C:\DOCUME~1\TEST\LOCALS~1\Temp\ku34dpxi4k.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mdyn6mwtnawhk7not2vw7gbk06366b3wdbydwu1zq88h4wlbj] C:\DOCUME~1\TEST\LOCALS~1\Temp\xmhpszf068.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fl25777ch5vzvvvexpnfafhfg] C:\DOCUME~1\TEST\LOCALS~1\Temp\jfm66uri15ya.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cud62d4pcaeztwgponhbozl2rs1d8gew1oq7ghol] C:\DOCUME~1\TEST\LOCALS~1\Temp\eloabusv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [sa0t8ryb49] C:\DOCUME~1\TEST\LOCALS~1\Temp\pjlgwigj18q5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [m2xldimkr3c7ja35ixpwr9brc3bu85igg74l45hx9m9m6s] C:\DOCUME~1\TEST\LOCALS~1\Temp\xkzaoitd.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ejwf7glztcxp0x2kgpujiyrdq7] C:\DOCUME~1\TEST\LOCALS~1\Temp\fteacpmne42l.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [c1asaoaq3l] C:\DOCUME~1\TEST\LOCALS~1\Temp\jiqspl.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [aibk9ku7fmyz0x7dfwg8hnhkjrl3cni1twyox5ay2k2ua46] C:\DOCUME~1\TEST\LOCALS~1\Temp\pdy9oa.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [nd4kyrvuqm1732sywp8ylzwmbspzzcdjij2wywn8olcu] C:\DOCUME~1\TEST\LOCALS~1\Temp\rj4mhlcc5c.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [by2d3z8o7w05efjv5b5yz40m5tv5if8z14jnmqh9gvmlop7r1] C:\DOCUME~1\TEST\LOCALS~1\Temp\bbi7wvdu70.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [g3pxwgwas4kn1i08dr8zg8m1l9b4zsgrreq77oec23h] C:\DOCUME~1\TEST\LOCALS~1\Temp\s44bg8.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [b10wby2df13msk3qu8cn8at8ypvf] C:\DOCUME~1\TEST\LOCALS~1\Temp\raaevw9m.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rj4szd0mkd4vg6] C:\DOCUME~1\TEST\LOCALS~1\Temp\llsrhwe8.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [d3xfwwjiwdq5bjxh1uruwqgm4s0pnj4erxgm6qb38mmyt599] C:\DOCUME~1\TEST\LOCALS~1\Temp\sb1zz6ivzmez.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fmih4mezorgnf9ay84njyjl9uk8jnut] C:\DOCUME~1\TEST\LOCALS~1\Temp\p19w7lg1f4ufm.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ebg640qh2lakxrhrqxa7bvlb6h6udmpth5jwr0m5ipinm4] C:\DOCUME~1\TEST\LOCALS~1\Temp\gpcxi00tst.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o1e4hzij3y8j7ah] C:\DOCUME~1\TEST\LOCALS~1\Temp\mog79a3mqb9aa.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [q6z2plptxdq] C:\DOCUME~1\TEST\LOCALS~1\Temp\lafgqph0r.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [axeavzz3xek5008e8bv7jimd] C:\DOCUME~1\TEST\LOCALS~1\Temp\ozonb2kc.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [q1s2la1dzr0h6p3fme6vcdb4m9ezej6b9mo0jw1] C:\DOCUME~1\TEST\LOCALS~1\Temp\q9ghyu1ed.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [zx0kvahdn1yklqvjb44ve1f3747vyt8ncjgyyg5l998gj] C:\DOCUME~1\TEST\LOCALS~1\Temp\v6iem70.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cgsu1k2cucm4ep7pisc53ja43xxx4dzi7l2hm1e1hq] C:\DOCUME~1\TEST\LOCALS~1\Temp\asilza8f.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rqeox4eenh6h2cbkdlvx0lw8h3oo50ick213in2] C:\DOCUME~1\TEST\LOCALS~1\Temp\jafsglix3.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [nm50kn97rvmhcb3bmg6owourqaztkhj4wwck3r3tm7i41uays] C:\DOCUME~1\TEST\LOCALS~1\Temp\f3q11285ib4.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [llvtztliezt12scavrvmlf5fpg1xr6n8ajob9j542nxw] C:\DOCUME~1\TEST\LOCALS~1\Temp\ajnpc3gunhf.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [v3g4zuakmuyybjt34hkd6n51pwjap1] C:\DOCUME~1\TEST\LOCALS~1\Temp\srl1m0ukd9l5d.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [naemmwqmdjc8zcv6scg1tdwrq5jyhhlf1bpo] C:\DOCUME~1\TEST\LOCALS~1\Temp\gpeytgxjr.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gurggyf92vglu7snmh6zxkgetyy3tvwpfxtcpjoarkp] C:\DOCUME~1\TEST\LOCALS~1\Temp\j4l1fvq3d7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [aw5fstwp012bszm6dblsz17q1s40y] C:\DOCUME~1\TEST\LOCALS~1\Temp\cxrcu7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [su9t9vkx83genbkeczdemh92pr2abe5z2e] C:\DOCUME~1\TEST\LOCALS~1\Temp\dco9s0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qwjq8gb7diujc] C:\DOCUME~1\TEST\LOCALS~1\Temp\a3qdry92u93g.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [z0ftohmk9w2heel] C:\DOCUME~1\TEST\LOCALS~1\Temp\hsle4u.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [c2t6bd5n5eo] C:\DOCUME~1\TEST\LOCALS~1\Temp\njrgdb.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fgcsp67qa8boeww5kr94l6a98e72kscizotya5hw2] C:\DOCUME~1\TEST\LOCALS~1\Temp\fqxbg9.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fphatusuxjhhm4ywpk2u5dm59r3hkh] C:\DOCUME~1\TEST\LOCALS~1\Temp\btn4414kx.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [tpo3hxzfdbbiwon51ijzhwcq4ee689o] C:\DOCUME~1\TEST\LOCALS~1\Temp\wjmfe0m.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [nuktcdbhisbkk7esbacaqeh77962l4gs] C:\DOCUME~1\TEST\LOCALS~1\Temp\vblw4mb87.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [z31qdgn19538xtwifap8i2wnh0] C:\DOCUME~1\TEST\LOCALS~1\Temp\cashny5.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [g3cddricahfz7m8zkvx6p3rjta9fng3atvije31] C:\DOCUME~1\TEST\LOCALS~1\Temp\yi1u17fan.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [s63qexdfkkzwu1bkxvaex9kgi2b966in4rlhxlu2r3j8k43] C:\DOCUME~1\TEST\LOCALS~1\Temp\zs6ssoglon.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [g9dw1dyf44c94qkc] C:\DOCUME~1\TEST\LOCALS~1\Temp\zt6gbx50s.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [v6gc49di15yogciydls1ucax3] C:\DOCUME~1\TEST\LOCALS~1\Temp\qcqgwvk.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ec3sjyt0b] C:\DOCUME~1\TEST\LOCALS~1\Temp\fl9889ys61f.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w6x6vfxzacaxwc12suxplqvrrq] C:\DOCUME~1\TEST\LOCALS~1\Temp\rb2ka0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ta1jq6cxrs2zh1rldnx8uf9zn01sqrmw] C:\DOCUME~1\TEST\LOCALS~1\Temp\sl7ii0n.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [expgwpx86v292znnw627nzu95hexm99kuk] C:\DOCUME~1\TEST\LOCALS~1\Temp\uawvusz8us2.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [yu6a3f67t1z46pnon25uf9lpm4fg5p9iz] C:\DOCUME~1\TEST\LOCALS~1\Temp\q21dhwmd7.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wpvkfeg5xzcs0ok0mb5g549f2tc] C:\DOCUME~1\TEST\LOCALS~1\Temp\b93gdnc3a.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [w2xs4svh0cpld9zkwj5e4mnvuxi19eu8fi] C:\DOCUME~1\TEST\LOCALS~1\Temp\x7r6syairb6vi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vj4mq9wcihhcbyuqq] C:\DOCUME~1\TEST\LOCALS~1\Temp\ukmxo7g59.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ts6txmg36y] C:\DOCUME~1\TEST\LOCALS~1\Temp\mlc1dtca.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [uuyid6z12deucvust1dz8su0nvfqsrnu1sejix] C:\DOCUME~1\TEST\LOCALS~1\Temp\h4autb3qfxe6s.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [l4soaoo7exg2ht934ismwt1u5a5kdqnjapelsno] C:\DOCUME~1\TEST\LOCALS~1\Temp\elrfa6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [q3ydsow1qs2gugwit9plbe1gn54n4cakxqsdq5gclfn4p] C:\DOCUME~1\TEST\LOCALS~1\Temp\vycoh94q5sf.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fm113bwh4tjvt92wd7t5b9t9ulb6agdbv6b0rw28qrundgy] C:\DOCUME~1\TEST\LOCALS~1\Temp\n51jk7y10b1.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [lha0itp15h97eypghy0t] C:\DOCUME~1\TEST\LOCALS~1\Temp\b9yxelgijcwdx.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [f97b6kkfncrauu9g2owyc0z7prjlo0x0htx6y8ftdb] C:\DOCUME~1\TEST\LOCALS~1\Temp\izqmwv3mi.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [tiibn0sx1oscb7] C:\DOCUME~1\TEST\LOCALS~1\Temp\xg73ql1t.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [rb1z2oxhfbag8tr3vnd9] C:\DOCUME~1\TEST\LOCALS~1\Temp\lkn03zjayq.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [yiiv7yrtf1vph5dskosxzbujudci89p4p7jp1iw47c7um508v] C:\DOCUME~1\TEST\LOCALS~1\Temp\l66ktgooy.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [e7dhp57f030] C:\DOCUME~1\TEST\LOCALS~1\Temp\ml7ieazpkel4.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [a8jh49bgwq2rzwois] C:\DOCUME~1\TEST\LOCALS~1\Temp\b8nqmct2tl84.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ezlrmhbkk] C:\DOCUME~1\TEST\LOCALS~1\Temp\xt6sfw.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vg8171hstvkv5wri94abmv2ryp3ko2rfsb0byb2an96f3akv] C:\DOCUME~1\TEST\LOCALS~1\Temp\vfj749k.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [uiaoofcdi0pj6qsc1n3evlma4bqc] C:\DOCUME~1\TEST\LOCALS~1\Temp\nx9btv.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qq4t6mct517gvksaetd6yoae138igq56p] C:\DOCUME~1\TEST\LOCALS~1\Temp\eo11kz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gdatp3ohrg4eevibcqaf0snhsawj0dh3u] C:\DOCUME~1\TEST\LOCALS~1\Temp\xpug1na0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [q7m2q1ohxsdob] C:\DOCUME~1\TEST\LOCALS~1\Temp\xqrn61k9mh.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [s18gha2u48w87gird92h7cs29of0r0j7d7bnn2lk0uxgj1lb] C:\DOCUME~1\TEST\LOCALS~1\Temp\lt7dh6wb15ft0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wbazb79d2hpbak5mlm] C:\DOCUME~1\TEST\LOCALS~1\Temp\q98tzxp4ycpae.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ii0w89x49afd91mqoon843dnyxfxe3yvxa4zrezmg] C:\DOCUME~1\TEST\LOCALS~1\Temp\jfks6j.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [nmuhwswqtr4j0vqchqsalq49p1qws42l2g8blmr21u] C:\DOCUME~1\TEST\LOCALS~1\Temp\jbifzb.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [dyo6p4xjjcy] C:\DOCUME~1\TEST\LOCALS~1\Temp\ov48oa.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [y7ljrxjxyk3jy6blldivtxh3zok5es75u6itpty28wtx] C:\DOCUME~1\TEST\LOCALS~1\Temp\n0dxc7e2.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bt3qrd6j6vjhnk0oa52drhwyxfaq7hpppfir6bp50vygzv] C:\DOCUME~1\TEST\LOCALS~1\Temp\ermn3u27.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hae83krkgaw7] C:\DOCUME~1\TEST\LOCALS~1\Temp\uamthgltex2.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [x570bygcroqd6ekhjtg177q4ton2fw6mhe998jitmi18r7gtev] C:\DOCUME~1\TEST\LOCALS~1\Temp\f37gif26fq.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [izxwm38l3vq8oupqcij71886lxas69y2dbuactuw3] C:\DOCUME~1\TEST\LOCALS~1\Temp\msnzit9.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o270cgv8ppmc8d4nyocc82y4f385kmxhjxoc219a89] C:\DOCUME~1\TEST\LOCALS~1\Temp\uwcxf6oaj2t2.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gd8n8byl16a] C:\DOCUME~1\TEST\LOCALS~1\Temp\lxs6jr.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [pluls79hivv3ikd6] C:\DOCUME~1\TEST\LOCALS~1\Temp\ljia27y.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [miu1ud3286zii5oqmss] C:\DOCUME~1\TEST\LOCALS~1\Temp\i44nntcyrfy1.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [p1phmt1sn91] C:\DOCUME~1\TEST\LOCALS~1\Temp\ca3g427e6avw3.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ib01enp3urjht] C:\DOCUME~1\TEST\LOCALS~1\Temp\g5v8r3lo.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [drxlth78q3dsm9tzlotsrsq5lyuk0inotk62h4brxr87z] C:\DOCUME~1\TEST\LOCALS~1\Temp\uoe8xunh6.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hbrxz7uywz5f9b] C:\DOCUME~1\TEST\LOCALS~1\Temp\nqouxrz1bg.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [kfryhq1ahc0zmwu7eycv33yexfvb478c2oik80ddql] C:\DOCUME~1\TEST\LOCALS~1\Temp\fwxicuj3.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ksl3j29b8c7jrrqyng9ifbyp60xrto77orf1sfultxlce] C:\DOCUME~1\TEST\LOCALS~1\Temp\spot14w7zke44.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [vg787qtdjh] C:\DOCUME~1\TEST\LOCALS~1\Temp\oaocuo0.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [haiigcc1mved10ou3vcd6omy1ynui0dagolmxdwgsg0] C:\DOCUME~1\TEST\LOCALS~1\Temp\icrcfmf7i5lbu.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [asbmuml26w5z43ta79qhrhdhpawjr9vg02zmjxun9] C:\DOCUME~1\TEST\LOCALS~1\Temp\fyuwjyzra.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ffg2xm619i7rnn45b7nngc] C:\DOCUME~1\TEST\LOCALS~1\Temp\bznb0350kv8.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gaalpl22p6l6q1sxiwc0da2srvavyy6dupcb84] C:\DOCUME~1\TEST\LOCALS~1\Temp\gy8srhddn.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [awd118vq1h4jiv] C:\DOCUME~1\TEST\LOCALS~1\Temp\i4anxaeem1.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [j906vslhr0lmwezn4o] C:\DOCUME~1\TEST\LOCALS~1\Temp\xla4r0clj.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [r24h2j7y98fvnwgkf42eogjzaa0b5nfmegbkfyjqo38lfmyc] C:\DOCUME~1\TEST\LOCALS~1\Temp\euc9zsneb1s.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hvzu5s86l4ht8nz7dju9e] C:\DOCUME~1\TEST\LOCALS~1\Temp\n863c02.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [kte6odq5ce083ndogkblqkxlkgr9mc] C:\DOCUME~1\TEST\LOCALS~1\Temp\gvp5c46n5d.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bwy4vtxn8yiws27wziyjkjglg18ezw6zys5l01vu9wi] C:\DOCUME~1\TEST\LOCALS~1\Temp\xrtvj76.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [uhdssw4yg9mc27vxe24lcw0xa] C:\DOCUME~1\TEST\LOCALS~1\Temp\b1rqhp.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [xyv9k1ovwn] C:\DOCUME~1\TEST\LOCALS~1\Temp\xivzi5g66w8bq.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [o5eorh4pnybs4kyqop359pmdsdn0jv3j75ihxpx505y] C:\DOCUME~1\TEST\LOCALS~1\Temp\u8kwqk.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [mk1b0aibfbk4ba8x7a] C:\DOCUME~1\TEST\LOCALS~1\Temp\jly0z7ye.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [a3liafdv7nj2ei9nxrt5] C:\DOCUME~1\TEST\LOCALS~1\Temp\v9kxnhf4zes.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [wxfn17ov4loa7ndydb2sjvl] C:\DOCUME~1\TEST\LOCALS~1\Temp\b87oea.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [qm41reu6y0ewvfk7on3f6bj6ugk1k42t4sr076wujg45d] C:\DOCUME~1\TEST\LOCALS~1\Temp\ngt94t52.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [fmheoj7r7wti0ii2pq0fqu8b0sp0313anvrsmr7tn] C:\DOCUME~1\TEST\LOCALS~1\Temp\kdapjfhf7m.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [loy8lc64pczj61i386qpuz3tqf5o0wh3t7nc2ew5gl5eq5m] C:\DOCUME~1\TEST\LOCALS~1\Temp\f32xjw.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [hraxgg9atqljhsz7khzmnr0] C:\DOCUME~1\TEST\LOCALS~1\Temp\da18tcolc4tz.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [gqqdtc4b6henpv3ryy4sxto] C:\DOCUME~1\TEST\LOCALS~1\Temp\txkatk1.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [bijben75hu8erqfxx8vblpewpddnya2xcm] C:\DOCUME~1\TEST\LOCALS~1\Temp\rxe59vaf3.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [cwxlbvgyuo23tvykoyinu5tcia8k0en] C:\DOCUME~1\TEST\LOCALS~1\Temp\b1xq86guczxr.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [tk0t0j3udemj34] C:\DOCUME~1\TEST\LOCALS~1\Temp\cb2oz605dtsfk.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [erqpnksns9fdf08it6jewb2iohh762z8lnm] C:\DOCUME~1\TEST\LOCALS~1\Temp\z27scgpk.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [ce4v1aodommqvinrlc8f0m8ugwxo7zt8px5ksxuayb2khlcg8r] C:\DOCUME~1\TEST\LOCALS~1\Temp\o670ywhkpvmuo.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1005\..\Run: [k7os8115bd1hvu6i0kt4y3hdlbrrn2vvruvqfsd0] C:\DOCUME~1\TEST\LOCALS~1\Temp\gs5h4qenih.exe (User '?')
O4 - HKUS\S-1-5-21-3972044637-3259444104-3589820275-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - S-1-5-21-3972044637-3259444104-3589820275-1006 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User '?')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O18 - Filter hijack: text/html - {6a25a2d2-0736-4d8d-bb2e-5e2ee89ed4a1} - C:\WINDOWS\system32\mst122.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 164863 bytes
fuzzyspoon
Active Member
 
Posts: 14
Joined: February 25th, 2009, 12:30 pm

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby dan12 » February 25th, 2009, 5:03 pm

We will just deal with the user account ( which must be the admin account ) you posted to start with,there is something not quite right with the log you have just posted, we will have a look at that later.
I edited my last post to you to add couple of things
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby fuzzyspoon » February 25th, 2009, 5:06 pm

didn't see the rest of your message until just now...

Sorry to hear that your daughter had just been deployed again. And I PROMISE not to use any other tools than you tell me too while you're helping me. I really appreciate your help! Is it okay to leave my Norton and Ad-aware running while we do this?

The only thing I've done that you haven't directed me to do is change to the other user and run the trend micro log... see results above this post.
fuzzyspoon
Active Member
 
Posts: 14
Joined: February 25th, 2009, 12:30 pm

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby fuzzyspoon » February 25th, 2009, 5:10 pm

both accounts are listed as administrator.

The 2nd account is triggering the ad-aware to alert for the originally posted problem (Win32Tr\.\er Agent)... and now says that its quarantined. I didn't run a scan, it initiated on its own due to the "adwatch live has detected a malicious process."

If you confirm, I will switch back to other account and download the "dig deeper" tool... otherwise, we'll investigate this side.

Thanks again for your help!
fuzzyspoon
Active Member
 
Posts: 14
Joined: February 25th, 2009, 12:30 pm

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby dan12 » February 25th, 2009, 5:19 pm

Let's just run with the first account you posted for.
Do you have the combofix log from when you ran it, it should be here >> C:\ComboFix.txt. when did you run it.? in terms of days,reason being it has a shelf life so to speak. was it this account you ran it on.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby fuzzyspoon » February 25th, 2009, 5:24 pm

I did the DDS and Attach thing for the original account. yes, I believe I also did combofix on original account (which is firing adaware warning for same bug again). I just saved your gmer directions and was getting ready to close all programs and do the gmer thing. Do you want gmer or combofix first?

and combofix was done hours ago. today.
fuzzyspoon
Active Member
 
Posts: 14
Joined: February 25th, 2009, 12:30 pm

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby dan12 » February 25th, 2009, 5:27 pm

when you have the logs let me see them,thanks.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby fuzzyspoon » February 25th, 2009, 5:28 pm

here is combofix log: I will be logging off internet to do gmer thing... be back in 15 minutes or so.

ComboFix 09-02-24.02 - Mike 2009-02-25 11:12:05.1 - NTFSx86
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.

2009-02-25 10:59 . 2009-02-25 10:59 <DIR> d--hs---- c:\documents and settings\Default User\Temporary Internet Files
2009-02-25 10:59 . 2009-02-25 10:59 <DIR> d--hs---- c:\documents and settings\Default User\History
2009-02-25 10:39 . 2009-02-25 10:39 <DIR> d-------- c:\documents and settings\TEST\Application Data\Malwarebytes
2009-02-25 10:16 . 2009-02-25 10:16 <DIR> d-------- c:\documents and settings\Mike\Application Data\Malwarebytes
2009-02-25 10:16 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-25 10:15 . 2009-02-25 10:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 10:15 . 2009-02-25 10:15 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-25 10:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-24 22:18 . 2009-02-24 22:18 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-22 18:17 . 2009-02-22 18:17 <DIR> d-------- c:\program files\Norton Support
2009-02-22 18:08 . 2009-02-22 18:08 23,503 --a------ c:\windows\system32\AAWService_2009_02_22_18_08_22.dmp
2009-02-22 18:06 . 2009-02-22 18:06 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-02-22 18:06 . 2009-02-22 18:06 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-22 18:06 . 2009-02-22 18:06 <DIR> d-------- c:\program files\Symantec
2009-02-22 18:06 . 2009-02-22 18:06 <DIR> d-------- c:\program files\Norton Internet Security
2009-02-22 18:06 . 2009-02-22 18:06 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-22 18:06 . 2009-02-22 18:06 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-22 18:06 . 2009-02-22 18:06 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-02-22 18:06 . 2009-02-22 18:06 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-22 18:06 . 2009-02-22 18:06 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-22 18:05 . 2009-02-22 18:05 <DIR> d-------- c:\program files\NortonInstaller
2009-02-22 18:05 . 2009-02-22 18:05 <DIR> d----c--- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-22 18:05 . 2009-02-22 18:06 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Norton
2009-02-22 17:39 . 2009-02-22 17:39 25,613 --a------ c:\windows\system32\AAWService_2009_02_22_17_39_24.dmp
2009-02-21 22:52 . 2009-02-21 22:52 <DIR> d----c--- c:\documents and settings\All Users\Symantec Temporary Files
2009-02-21 22:18 . 2009-02-21 22:18 25,613 --a------ c:\windows\system32\AAWService_2009_02_21_22_18_34.dmp
2009-02-21 21:59 . 2009-02-21 21:59 25,605 --a------ c:\windows\system32\AAWService_2009_02_21_21_59_46.dmp
2009-02-21 21:58 . 2009-02-21 19:46 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-21 19:46 . 2009-02-21 19:46 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-21 19:43 . 2009-02-21 19:43 <DIR> d-------- c:\program files\Lavasoft
2009-02-21 19:43 . 2009-02-21 19:43 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-21 19:43 . 2009-02-21 19:43 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-18 22:31 . 2009-02-18 22:31 <DIR> d-------- c:\program files\Microsoft User Agent String Utility
2009-02-18 22:02 . 2009-02-18 22:02 <DIR> d-------- c:\program files\WOT
2009-02-18 21:58 . 2009-02-18 21:58 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-18 21:58 . 2009-02-18 21:58 <DIR> d----c--- C:\6d7c73ee5a114a3818da18a02674
2009-02-14 12:57 . 2009-02-14 12:57 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-14 12:38 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-14 12:38 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-14 12:38 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-14 11:59 . 2009-02-14 11:59 <DIR> d--h-c--- C:\TEMP
2009-02-14 11:59 . 2009-02-14 12:00 1,664 --ah-c--- C:\IPH.PH
2009-02-14 11:20 . 2009-02-15 12:18 925 --a------ c:\windows\Active Setup Log.BAK
2009-02-13 19:18 . 2009-02-13 19:18 0 --a------ c:\windows\nsreg.dat
2009-02-13 18:35 . 2009-02-13 19:03 <DIR> d----c--- C:\08a8f798d77c1cd918
2009-02-13 18:09 . 2008-12-20 18:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-02-13 18:09 . 2007-04-17 04:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-13 18:09 . 2007-03-08 00:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-13 18:09 . 2008-12-20 18:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-02-13 18:09 . 2008-12-20 18:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-13 18:09 . 2008-12-20 18:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-02-13 18:09 . 2008-12-20 18:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-02-13 18:09 . 2008-12-20 18:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-13 18:09 . 2008-12-19 04:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-13 18:04 . 2007-08-13 18:54 33,792 --a------ c:\windows\system32\dllcache\custsat.dll
2009-01-27 09:20 . 2009-01-27 09:20 <DIR> d-------- c:\documents and settings\TEST\Application Data\PureEdge

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 23:08 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-19 22:14 --------- dc----w c:\documents and settings\All Users\Application Data\PureEdge
2009-01-19 22:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 22:14 --------- d-----w c:\program files\PureEdge
2009-01-19 22:14 --------- d-----w c:\documents and settings\Mike\Application Data\PureEdge
2009-01-19 07:09 --------- d-----w c:\documents and settings\TEST\Application Data\gtk-2.0
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-07 23:32 --------- d-----w c:\program files\LEGO Company
2009-01-07 23:32 --------- d-----w c:\documents and settings\Mike\Application Data\LEGO Company
2008-12-26 03:39 73,216 -c--a-w c:\windows\ST6UNST.EXE
2008-12-26 03:39 249,856 -c----w c:\windows\Setup1.exe
2008-12-26 03:00 --------- d-----w c:\documents and settings\Mike\Application Data\BluEdit
2008-12-26 02:45 --------- d-----w c:\program files\ComfileTools
2008-12-25 04:24 --------- d-----w c:\program files\GIMP-2.0
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 11:57 333,184 ------w c:\windows\system32\dllcache\srv.sys
2008-12-08 02:30 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-05-05 01:41 68,136 ----a-w c:\documents and settings\Mike\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2008-04-04 1193984]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2008-04-04 394240]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2008-04-04 1879552]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-11 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-21 509784]
"nwiz"="nwiz.exe" [2006-08-18 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2007-07-06 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=

R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-02-21 64160]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1002000.007\SYMEFA.SYS [2009-02-22 309296]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-02-22 255536]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\ccHPx86.sys [2009-02-22 362544]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090217.002\IDSxpx86.sys [2009-01-29 276344]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-02-21 950096]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-02-22 115560]
S2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-04-04 868864]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-22 99376]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - Arp1394
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BHDrvx86
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - ccHP
*Deregistered* - Compbatt
*Deregistered* - COMSysApp
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - eabfiltr
*Deregistered* - eeCtrl
*Deregistered* - ehRecvr
*Deregistered* - ehSched
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - hpqwmiex
*Deregistered* - HTTP
*Deregistered* - i2omgmt
*Deregistered* - IDSxpx86
*Deregistered* - IpNat
*Deregistered* - iPod Service
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - Lavasoft Ad-Aware Service
*Deregistered* - Lbd
*Deregistered* - LightScribeService
*Deregistered* - LmHosts
*Deregistered* - McrdSvc
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MQAC
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - MSDTC
*Deregistered* - Msfs
*Deregistered* - MSMQ
*Deregistered* - MSMQTriggers
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Norton Internet Security
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - NtLmSsp
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RMCAST
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - Sentinel
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - SRTSP
*Deregistered* - SRTSPX
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - SYMDNS
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SymIMMP
*Deregistered* - SYMNDIS
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TivoBeacon2
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e5f9df-897d-11dd-a4c1-001636d7ab77}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-02-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-21 19:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.live.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 11:15:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???`\??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-02-25 11:17:14
ComboFix-quarantined-files.txt 2009-02-25 16:17:11

Pre-Run: 54,331,813,888 bytes free
Post-Run: 55,358,935,040 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

324 --- E O F --- 2009-02-25 03:50:21
fuzzyspoon
Active Member
 
Posts: 14
Joined: February 25th, 2009, 12:30 pm

Re: URGENT HELP! Win32Tr\.\erAgent

Unread postby fuzzyspoon » February 25th, 2009, 5:48 pm

and here are the other logs

DDS.txt
DDS (Ver_09-02-01.01) - NTFSx86
Run by Mike at 16:19:25.81 on Wed 02/25/2009
Internet Explorer: 7.0.5730.13

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.live.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TivoTransfer] "c:\program files\common files\tivo shared\transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.5\masqform.exe -RunOnce
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\vongot~1.lnk - c:\program files\vongo\Tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/sho ... wflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-02-25 16:11 1,434 ac--h--- C:\aaw7boot.cmd
2009-02-25 15:00 <DIR> --d----- c:\program files\Trend Micro
2009-02-25 11:10 <DIR> acdshr-- C:\cmdcons
2009-02-25 11:08 161,792 a------- c:\windows\SWREG.exe
2009-02-25 11:08 98,816 a------- c:\windows\sed.exe
2009-02-25 10:16 <DIR> --d----- c:\docume~1\mike\applic~1\Malwarebytes
2009-02-25 10:16 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-25 10:15 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 10:15 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-25 10:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 22:18 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-02-24 22:04 <DIR> --d----- c:\windows\pss
2009-02-22 18:17 <DIR> --d----- c:\program files\Norton Support
2009-02-22 18:08 23,503 a------- c:\windows\system32\AAWService_2009_02_22_18_08_22.dmp
2009-02-22 18:06 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-02-22 18:06 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-22 18:06 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-22 18:06 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-22 18:06 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-22 18:06 <DIR> --d----- c:\program files\Symantec
2009-02-22 18:06 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-02-22 18:06 <DIR> --d----- c:\program files\Norton Internet Security
2009-02-22 18:05 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Norton
2009-02-22 18:05 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-02-22 18:05 <DIR> --d----- c:\program files\NortonInstaller
2009-02-22 17:39 25,613 a------- c:\windows\system32\AAWService_2009_02_22_17_39_24.dmp
2009-02-21 22:52 <DIR> -cd----- c:\documents and settings\all users\Symantec Temporary Files
2009-02-21 22:18 25,613 a------- c:\windows\system32\AAWService_2009_02_21_22_18_34.dmp
2009-02-21 21:59 25,605 a------- c:\windows\system32\AAWService_2009_02_21_21_59_46.dmp
2009-02-21 21:58 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-21 19:46 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-21 19:43 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-21 19:43 <DIR> --d----- c:\program files\Lavasoft
2009-02-18 22:31 <DIR> --d----- c:\program files\Microsoft User Agent String Utility
2009-02-18 22:02 <DIR> --d----- c:\program files\WOT
2009-02-18 21:58 <DIR> -cd----- C:\6d7c73ee5a114a3818da18a02674
2009-02-14 12:57 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-14 12:38 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-14 12:38 208,744 a------- c:\windows\system32\muweb.dll
2009-02-14 12:38 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-14 11:59 1,664 ac--h--- C:\IPH.PH
2009-02-14 11:59 <DIR> -cd-h--- C:\TEMP
2009-02-14 11:20 925 a------- c:\windows\Active Setup Log.BAK
2009-02-13 18:35 <DIR> -cd----- C:\08a8f798d77c1cd918
2009-02-13 18:04 <DIR> --d----- c:\windows\network diagnostic
2009-02-13 18:04 33,792 a------- c:\windows\system32\dllcache\custsat.dll

==================== Find3M ====================

2009-02-24 19:48 236,236 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-25 22:39 249,856 -c------ c:\windows\Setup1.exe
2008-12-25 22:39 73,216 ac------ c:\windows\ST6UNST.EXE
2008-12-19 04:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 06:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-12-07 21:30 98,304 a------- c:\windows\system32\CmdLineExt.dll
2008-05-04 20:41 68,136 a------- c:\docume~1\mike\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 16:19:43.42 ===============

Attach.txt
=== Installed Programs ======================


5 Card Slingo from Hewlett-Packard Laptops (remove only)
Ad-Aware
Adobe Flash Player ActiveX
Adobe Reader 7.0.5
Apple Mobile Device Support
Apple Software Update
ASA - Prepware! COMMERCIAL
AutoUpdate
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bonjour
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
BufferChm
CCScore
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Civilization III
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Crystal Maze from Hewlett-Packard Laptops (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DivX
Empire Earth II
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
FATE from Hewlett-Packard Laptops (remove only)
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
FullDPAppQFolder
GemMaster Mystic
GIMP 2.6.3
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Rhapsody
HP Update
HP User Guides 0032
HP Wireless Assistant 2.00 G2
HpSdpAppCoreApp
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
InstantShareDevices
IRONCAD 7.0
iTunes
J2SE Runtime Environment 5.0 Update 6
Jewel Quest from Hewlett-Packard Laptops (remove only)
kgcbase
Kodak EasyShare software
LEGO Digital Designer
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LightScribe 1.4.97.1
Live Search Maps Add-In for Microsoft Office Outlook
Macromedia Flash Player 8
Macromedia Shockwave Player
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes' Anti-Malware
MediaCoder 0.6.1
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft Streets & Trips 2008
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
netbrdg
NetWaiting
Norton Internet Security
NVIDIA Drivers
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
OfotoXMI
OptionalContentQFolder
Otto
Photo Viewer
PhotoGallery
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
PureEdge Viewer 6.5
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quicken 2006
QuickTime
RandMap
Revo Uninstaller 1.50
Safecracker
SAPI Wrapper
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SFR
SHASTA
SimCity 4 Deluxe
skin0001
SkinsHP1
SKINXSDK
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
Snowboard SuperJam
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
staticcr
Super Granny from Hewlett-Packard Laptops (remove only)
Synaptics Pointing Device Driver
TiVo Desktop 2.6.1
tooltips
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
TTS Wrapper
Unload
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
User Agent String Utility
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebFldrs XP
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
WIRELESS
Wireless Home Network Setup
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
Zuma Deluxe from Hewlett-Packard Laptops (remove only)

==== End Of File ===========================

Gmer log

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-25 16:44:50
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 85B1AD50 ZwAlertResumeThread
SSDT 85547778 ZwAlertThread
SSDT 8544F928 ZwAllocateVirtualMemory
SSDT 84F48350 ZwAssignProcessToJobObject
SSDT 85A10008 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEB111020]
SSDT 8540A728 ZwCreateMutant
SSDT 85441628 ZwCreateSymbolicLinkObject
SSDT 85B99008 ZwCreateThread
SSDT 85C5ECD0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEB1112A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEB111800]
SSDT 854048E0 ZwDuplicateObject
SSDT 85B11C68 ZwFreeVirtualMemory
SSDT 853A16F8 ZwImpersonateAnonymousToken
SSDT 853DA738 ZwImpersonateThread
SSDT 85A50BF8 ZwLoadDriver
SSDT 8568A750 ZwMapViewOfSection
SSDT 84F18B78 ZwOpenEvent
SSDT 85401968 ZwOpenProcess
SSDT 85AAD298 ZwOpenProcessToken
SSDT 85AFDD10 ZwOpenSection
SSDT 854049A8 ZwOpenThread
SSDT 8544C728 ZwProtectVirtualMemory
SSDT 851E37C0 ZwResumeThread
SSDT 85426778 ZwSetContextThread
SSDT 85B1C7F8 ZwSetInformationProcess
SSDT 85A11080 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEB111A50]
SSDT 85A3B118 ZwSuspendProcess
SSDT 854E7778 ZwSuspendThread
SSDT 8500A0B8 ZwTerminateProcess
SSDT 853D2778 ZwTerminateThread
SSDT 85B0E660 ZwUnmapViewOfSection
SSDT 85509968 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.14 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs B412C400

---- EOF - GMER 1.0.14 ----

I'm glad you can make sense of all of this!!
fuzzyspoon
Active Member
 
Posts: 14
Joined: February 25th, 2009, 12:30 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 342 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware