Random letters.exe using up all virtual memory

[jillybov]

Hi,
I can't tell if you can rcv the new email I'm writing in regards to this issue. So instead of going into the old thread, I have copied our last convo into this email. I downloaded the link you sent and did a system scan. The last two times I have tried to copy and paste the log into this page, the email has not gone through....I think it is because the log is SO HUGE. So I have copied and pasted it into several emails.
I know I have to delete all the bad stuff in system 32 folder, but is there a way to do it such that I don't have to check EVERY SINGLE BOX next to a each system 32 bad file?
Pls help me
THANK YOU!

jillybov
Junior Member Join Date: Feb 2005
Posts: 3
Experience: Beginner

random letters.exe using up all virtual memory

--------------------------------------------------------------------------------

Hi,
Each and every time I boot up my computer it advises me that my virtual memory is low. I open up task manager and 100% of my CPU is being used. It is becuase there are about 50 or more combos of random letters .exe using up about 4000 K each. They look liek aanoir.exe, riwatoji.exe, vhaweiun.exe........I'm just making those up, but it's really just a random jumble of letters with .exe after it. I have used adaware and spybot and norton and cwshredder and they still come back everytime I reboot my computer. I downloaded Hijack this in february....do I need an updated version or should I just run it and send you the log?
Thanks for your help, my computer is a mess
-Jill



jillybov
View Public Profile
Send a private message to jillybov
Find all posts by jillybov
Add jillybov to Your Buddy List
#2 30-May-2005, 05:12 PM
Cheeseball81
Distinguished Member Join Date: Mar 2004
Location: New York
Posts: 12,898
Experience: Nerd

Let's see a log.

This is the latest version of Hijack This: http://thespykiller.co.uk/files/hijackthis_sfx.exe

Let it extract to Program Files

Close out any open browsers
Launch the program
Hit "do a system scan only"
When that finishes, hit "save log"
The log will open in Notepad
Copy & paste that log into this thread

Do not fix anything yet
__________________
Peter: Oh my god Brian, there's a message in my Alpha-Bits. It says, 'Oooooo.'
Brian: Peter, those are Cheerios.

If we've helped you, please donate to TSG: http://www.techguy.org/donate.html

 

[jillybov]

Logfile of HijackThis v1.99.1
Scan saved at 7:41:50 PM, on 6/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\WINDOWS\System32\vkkkau.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\yscdkg\cdvuymto.exe
c:\windows\system32\wpweduq.exe
C:\Documents and Settings\Jill Lebov\My Documents\downloads\hijackthis_sfx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [qnjjy] C:\WINDOWS\System32\weryaan\qnjjy.exe
O4 - HKLM\..\Run: [uqjthond] C:\WINDOWS\System32\dhxqhpqs\uqjthond.exe
O4 - HKLM\..\Run: [dihl] C:\WINDOWS\System32\llxpw\dihl.exe
O4 - HKLM\..\Run: [dglixi] C:\WINDOWS\System32\qwpdchm\dglixi.exe
O4 - HKLM\..\Run: [yfahlqvl] C:\WINDOWS\System32\frefvx\yfahlqvl.exe
O4 - HKLM\..\Run: [ilywgckw] C:\WINDOWS\System32\dkld\ilywgckw.exe
O4 - HKLM\..\Run: [subcli] C:\WINDOWS\System32\skvwat\subcli.exe
O4 - HKLM\..\Run: [iylyev] C:\WINDOWS\System32\pvaaips\iylyev.exe
O4 - HKLM\..\Run: [yqedje] C:\WINDOWS\System32\jbhxtq\yqedje.exe
O4 - HKLM\..\Run: [uwrgvu] C:\WINDOWS\System32\sjdgpqw\uwrgvu.exe
O4 - HKLM\..\Run: [bsgnytsh] C:\WINDOWS\System32\xxgulswy\bsgnytsh.exe
O4 - HKLM\..\Run: [itcm] C:\WINDOWS\System32\ksump\itcm.exe
O4 - HKLM\..\Run: [ajsyn] C:\WINDOWS\System32\jcmlgokf\ajsyn.exe
O4 - HKLM\..\Run: [mthdjxxq] C:\WINDOWS\System32\qbmlojok\mthdjxxq.exe
O4 - HKLM\..\Run: [xexb] C:\WINDOWS\System32\owisbh\xexb.exe
O4 - HKLM\..\Run: [yanswssi] C:\WINDOWS\System32\yalbid\yanswssi.exe
O4 - HKLM\..\Run: [nuin] C:\WINDOWS\System32\ivtx\nuin.exe
O4 - HKLM\..\Run: [wmts] C:\WINDOWS\System32\pklpxymd\wmts.exe
O4 - HKLM\..\Run: [ueevcem] C:\WINDOWS\System32\ferl\ueevcem.exe
O4 - HKLM\..\Run: [hjbeoksf] C:\WINDOWS\System32\wctsy\hjbeoksf.exe
O4 - HKLM\..\Run: [pjxku] C:\WINDOWS\System32\vtlgw\pjxku.exe
O4 - HKLM\..\Run: [bdps] C:\WINDOWS\System32\manqtew\bdps.exe
O4 - HKLM\..\Run: [nrxge] C:\WINDOWS\System32\ukyfrde\nrxge.exe
O4 - HKLM\..\Run: [otye] C:\WINDOWS\System32\sbkcmoom\otye.exe
O4 - HKLM\..\Run: [fsih] C:\WINDOWS\System32\uxmljph\fsih.exe
O4 - HKLM\..\Run: [crnwo] C:\WINDOWS\System32\mmcbpdy\crnwo.exe
O4 - HKLM\..\Run: [xavyipv] C:\WINDOWS\System32\jepnjfny\xavyipv.exe
O4 - HKLM\..\Run: [mvfwl] C:\WINDOWS\System32\whquqh\mvfwl.exe
O4 - HKLM\..\Run: [dbta] C:\WINDOWS\System32\brhce\dbta.exe
O4 - HKLM\..\Run: [icxhk] C:\WINDOWS\System32\nxnq\icxhk.exe
O4 - HKLM\..\Run: [fidibb] C:\WINDOWS\System32\dssbc\fidibb.exe
O4 - HKLM\..\Run: [slpb] C:\WINDOWS\System32\nawhur\slpb.exe
O4 - HKLM\..\Run: [tumvoehf] C:\WINDOWS\System32\haojvii\tumvoehf.exe
O4 - HKLM\..\Run: [hrsptfj] C:\WINDOWS\System32\qcslpure\hrsptfj.exe
O4 - HKLM\..\Run: [cwhbw] C:\WINDOWS\System32\yfix\cwhbw.exe
O4 - HKLM\..\Run: [crkxrva] C:\WINDOWS\System32\xuwssvda\crkxrva.exe
O4 - HKLM\..\Run: [wlyc] C:\WINDOWS\System32\ygxmo\wlyc.exe
O4 - HKLM\..\Run: [pywchtpr] C:\WINDOWS\System32\gblj\pywchtpr.exe
O4 - HKLM\..\Run: [hlfh] C:\WINDOWS\System32\hnfbfsx\hlfh.exe
O4 - HKLM\..\Run: [gwauwlrf] C:\WINDOWS\System32\gaosrof\gwauwlrf.exe
O4 - HKLM\..\Run: [jrfcwnc] C:\WINDOWS\System32\glayggyt\jrfcwnc.exe
O4 - HKLM\..\Run: [aomvutq] C:\WINDOWS\System32\dmbgks\aomvutq.exe
O4 - HKLM\..\Run: [xkhwpl] C:\WINDOWS\System32\twsm\xkhwpl.exe
O4 - HKLM\..\Run: [eihph] C:\WINDOWS\System32\bupwvofy\eihph.exe
O4 - HKLM\..\Run: [oabunwro] C:\WINDOWS\System32\yajmh\oabunwro.exe
O4 - HKLM\..\Run: [wkmpowr] C:\WINDOWS\System32\ofkm\wkmpowr.exe
O4 - HKLM\..\Run: [ocdcr] C:\WINDOWS\System32\kvxgoun\ocdcr.exe
O4 - HKLM\..\Run: [hjpap] C:\WINDOWS\System32\mffytxuf\hjpap.exe
O4 - HKLM\..\Run: [hngcgejh] C:\WINDOWS\System32\fyhlyu\hngcgejh.exe
O4 - HKLM\..\Run: [dgeaugar] C:\WINDOWS\System32\arvgfi\dgeaugar.exe
O4 - HKLM\..\Run: [xlpgdu] C:\WINDOWS\System32\njobqth\xlpgdu.exe
O4 - HKLM\..\Run: [qdtr] C:\WINDOWS\System32\rwwqxfh\qdtr.exe
O4 - HKLM\..\Run: [hplftim] C:\WINDOWS\System32\joih\hplftim.exe
O4 - HKLM\..\Run: [ppesix] C:\WINDOWS\System32\qssrleti\ppesix.exe
O4 - HKLM\..\Run: [klpitnv] C:\WINDOWS\System32\osoqa\klpitnv.exe
O4 - HKLM\..\Run: [tpqwjh] C:\WINDOWS\System32\hwpdcff\tpqwjh.exe
O4 - HKLM\..\Run: [wvsoxq] C:\WINDOWS\System32\askiigi\wvsoxq.exe
O4 - HKLM\..\Run: [amtuuljp] C:\WINDOWS\System32\pkrosoc\amtuuljp.exe
O4 - HKLM\..\Run: [dqhv] C:\WINDOWS\System32\saknf\dqhv.exe
O4 - HKLM\..\Run: [gkyjbw] C:\WINDOWS\System32\rnksjmti\gkyjbw.exe
O4 - HKLM\..\Run: [eigil] C:\WINDOWS\System32\oiheeyq\eigil.exe
O4 - HKLM\..\Run: [jtja] C:\WINDOWS\System32\cldsynv\jtja.exe
O4 - HKLM\..\Run: [nmej] C:\WINDOWS\System32\ibjyfwrl\nmej.exe
O4 - HKLM\..\Run: [kggp] C:\WINDOWS\System32\ihhlccoi\kggp.exe
O4 - HKLM\..\Run: [mgfcfv] C:\WINDOWS\System32\icxtiulp\mgfcfv.exe
O4 - HKLM\..\Run: [rmjv] C:\WINDOWS\System32\knidumym\rmjv.exe

 

[jillybov]

O4 - HKLM\..\Run: [umenmfxm] C:\WINDOWS\System32\jqie\umenmfxm.exe
O4 - HKLM\..\Run: [hkwf] C:\WINDOWS\System32\rqoxe\hkwf.exe
O4 - HKLM\..\Run: [gdse] C:\WINDOWS\System32\cfrwlhwu\gdse.exe
O4 - HKLM\..\Run: [bihsdakp] C:\WINDOWS\System32\exgl\bihsdakp.exe
O4 - HKLM\..\Run: [qdrboyuv] C:\WINDOWS\System32\vtgh\qdrboyuv.exe
O4 - HKLM\..\Run: [wachcqd] C:\WINDOWS\System32\kjnpmwl\wachcqd.exe
O4 - HKLM\..\Run: [anwtgcvd] C:\WINDOWS\System32\ljeanh\anwtgcvd.exe
O4 - HKLM\..\Run: [rvlhudq] C:\WINDOWS\System32\jrndr\rvlhudq.exe
O4 - HKLM\..\Run: [brpau] C:\WINDOWS\System32\chbjpxo\brpau.exe
O4 - HKLM\..\Run: [bqua] C:\WINDOWS\System32\mvgqete\bqua.exe
O4 - HKLM\..\Run: [nnvwwf] C:\WINDOWS\System32\pdfm\nnvwwf.exe
O4 - HKLM\..\Run: [ouoaanhs] C:\WINDOWS\System32\rixicjl\ouoaanhs.exe
O4 - HKLM\..\Run: [dqoa] C:\WINDOWS\System32\toxdlrd\dqoa.exe
O4 - HKLM\..\Run: [idsrf] C:\WINDOWS\System32\aklr\idsrf.exe
O4 - HKLM\..\Run: [orvogsuw] C:\WINDOWS\System32\tfhu\orvogsuw.exe
O4 - HKLM\..\Run: [cmwbamc] C:\WINDOWS\System32\ynuqcnj\cmwbamc.exe
O4 - HKLM\..\Run: [ifxkngq] C:\WINDOWS\System32\sbrgjjc\ifxkngq.exe
O4 - HKLM\..\Run: [gudf] C:\WINDOWS\System32\xxphica\gudf.exe
O4 - HKLM\..\Run: [uymw] C:\WINDOWS\System32\sduow\uymw.exe
O4 - HKLM\..\Run: [jqtt] C:\WINDOWS\System32\gdferyhs\jqtt.exe
O4 - HKLM\..\Run: [pugooq] C:\WINDOWS\System32\sxmgsam\pugooq.exe
O4 - HKLM\..\Run: [sakkkat] C:\WINDOWS\System32\cshklpb\sakkkat.exe
O4 - HKLM\..\Run: [hbqjp] C:\WINDOWS\System32\xfww\hbqjp.exe
O4 - HKLM\..\Run: [kdubokyy] C:\WINDOWS\System32\rxjg\kdubokyy.exe
O4 - HKLM\..\Run: [lpoymhtn] C:\WINDOWS\System32\welnqtax\lpoymhtn.exe
O4 - HKLM\..\Run: [qsaudcvo] C:\WINDOWS\System32\kxfc\qsaudcvo.exe
O4 - HKLM\..\Run: [okbiehx] C:\WINDOWS\System32\ipccn\okbiehx.exe
O4 - HKLM\..\Run: [krua] C:\WINDOWS\System32\tfsrxy\krua.exe
O4 - HKLM\..\Run: [udtk] C:\WINDOWS\System32\waux\udtk.exe
O4 - HKLM\..\Run: [hhgolc] C:\WINDOWS\System32\ggcvw\hhgolc.exe
O4 - HKLM\..\Run: [ynuw] C:\WINDOWS\System32\bgopfvd\ynuw.exe
O4 - HKLM\..\Run: [pikvv] C:\WINDOWS\System32\deybs\pikvv.exe
O4 - HKLM\..\Run: [vulg] C:\WINDOWS\System32\oncgbd\vulg.exe
O4 - HKLM\..\Run: [lykxtxa] C:\WINDOWS\System32\wdrxjuu\lykxtxa.exe
O4 - HKLM\..\Run: [yxyo] C:\WINDOWS\System32\whqx\yxyo.exe
O4 - HKLM\..\Run: [hslaot] C:\WINDOWS\System32\gkylg\hslaot.exe
O4 - HKLM\..\Run: [fmaqix] C:\WINDOWS\System32\dsbivfwr\fmaqix.exe
O4 - HKLM\..\Run: [erfmqoh] C:\WINDOWS\System32\fnynbtpd\erfmqoh.exe
O4 - HKLM\..\Run: [jdohu] C:\WINDOWS\System32\fyuiwy\jdohu.exe
O4 - HKLM\..\Run: [vposs] C:\WINDOWS\System32\qcfsjxe\vposs.exe
O4 - HKLM\..\Run: [qnpyyeh] C:\WINDOWS\System32\cpvqu\qnpyyeh.exe
O4 - HKLM\..\Run: [inhifa] C:\WINDOWS\System32\aeqiyxbb\inhifa.exe
O4 - HKLM\..\Run: [jqyhbr] C:\WINDOWS\System32\mesvleo\jqyhbr.exe
O4 - HKLM\..\Run: [isxmm] C:\WINDOWS\System32\vgkw\isxmm.exe
O4 - HKLM\..\Run: [tryrga] C:\WINDOWS\System32\mwss\tryrga.exe
O4 - HKLM\..\Run: [foxsucfl] C:\WINDOWS\System32\nenty\foxsucfl.exe
O4 - HKLM\..\Run: [vhpdg] C:\WINDOWS\System32\ylcxhkv\vhpdg.exe
O4 - HKLM\..\Run: [sbxbehl] C:\WINDOWS\System32\pejeq\sbxbehl.exe
O4 - HKLM\..\Run: [mqqbc] C:\WINDOWS\System32\griufop\mqqbc.exe
O4 - HKLM\..\Run: [flyowq] C:\WINDOWS\System32\ftdg\flyowq.exe
O4 - HKLM\..\Run: [tokx] C:\WINDOWS\System32\wnrk\tokx.exe
O4 - HKLM\..\Run: [smdnjyr] C:\WINDOWS\System32\eyqj\smdnjyr.exe
O4 - HKLM\..\Run: [axth] C:\WINDOWS\System32\gpbwdrvg\axth.exe
O4 - HKLM\..\Run: [vfyqu] C:\WINDOWS\System32\hhlqw\vfyqu.exe
O4 - HKLM\..\Run: [sflkly] C:\WINDOWS\System32\ydylskh\sflkly.exe
O4 - HKLM\..\Run: [sbxbgvdk] C:\WINDOWS\System32\griwpwy\sbxbgvdk.exe
O4 - HKLM\..\Run: [ohox] C:\WINDOWS\System32\ckurwswn\ohox.exe
O4 - HKLM\..\Run: [uqxenrnj] C:\WINDOWS\System32\vnhdpujl\uqxenrnj.exe
O4 - HKLM\..\Run: [sqpfwhn] C:\WINDOWS\System32\lqfptrm\sqpfwhn.exe
O4 - HKLM\..\Run: [aavlq] C:\WINDOWS\System32\jlet\aavlq.exe
O4 - HKLM\..\Run: [wero] C:\WINDOWS\System32\ggqxwddo\wero.exe
O4 - HKLM\..\Run: [jvelmm] C:\WINDOWS\System32\nsiux\jvelmm.exe
O4 - HKLM\..\Run: [mwwgdr] C:\WINDOWS\System32\gcmlxcaw\mwwgdr.exe
O4 - HKLM\..\Run: [sftl] C:\WINDOWS\System32\jwanhvne\sftl.exe
O4 - HKLM\..\Run: [ncbhruf] C:\WINDOWS\System32\hywv\ncbhruf.exe
O4 - HKLM\..\Run: [krhmpy] C:\WINDOWS\System32\kdtx\krhmpy.exe
O4 - HKLM\..\Run: [jnlbwpp] C:\WINDOWS\System32\wswv\jnlbwpp.exe
O4 - HKLM\..\Run: [sfywuwft] C:\WINDOWS\System32\oyvqdu\sfywuwft.exe
O4 - HKLM\..\Run: [kcejn] C:\WINDOWS\System32\mpjkhqw\kcejn.exe
O4 - HKLM\..\Run: [ahhxii] C:\WINDOWS\System32\qesglpg\ahhxii.exe
O4 - HKLM\..\Run: [nlqnpys] C:\WINDOWS\System32\yndbidkf\nlqnpys.exe
O4 - HKLM\..\Run: [rhjecemm] C:\WINDOWS\System32\bhqyloq\rhjecemm.exe
O4 - HKLM\..\Run: [tcgr] C:\WINDOWS\System32\jlxk\tcgr.exe
O4 - HKLM\..\Run: [vnyaun] C:\WINDOWS\System32\lmeersg\vnyaun.exe
O4 - HKLM\..\Run: [evoiecwn] C:\WINDOWS\System32\usbqqt\evoiecwn.exe
O4 - HKLM\..\Run: [bgdwi] C:\WINDOWS\System32\oghfqd\bgdwi.exe
O4 - HKLM\..\Run: [ukry] C:\WINDOWS\System32\gdopc\ukry.exe
O4 - HKLM\..\Run: [hwbe] C:\WINDOWS\System32\xlosj\hwbe.exe
O4 - HKLM\..\Run: [hwhssjg] C:\WINDOWS\System32\durmxnh\hwhssjg.exe
O4 - HKLM\..\Run: [iammj] C:\WINDOWS\System32\dmqfyyrn\iammj.exe
O4 - HKLM\..\Run: [kaohhgmk] C:\WINDOWS\System32\eotc\kaohhgmk.exe
O4 - HKLM\..\Run: [bdqwvk] C:\WINDOWS\System32\flshi\bdqwvk.exe
O4 - HKLM\..\Run: [tdufxdx] C:\WINDOWS\System32\uspi\tdufxdx.exe
O4 - HKLM\..\Run: [ivubtfa] C:\WINDOWS\System32\lmik\ivubtfa.exe
O4 - HKLM\..\Run: [llyvajdq] C:\WINDOWS\System32\iukwy\llyvajdq.exe
O4 - HKLM\..\Run: [lgqqwop] C:\WINDOWS\System32\atbsqha\lgqqwop.exe
O4 - HKLM\..\Run: [kolh] C:\WINDOWS\System32\rtvjmxbq\kolh.exe
O4 - HKLM\..\Run: [fmlgwag] C:\WINDOWS\System32\mnqar\fmlgwag.exe
O4 - HKLM\..\Run: [qppic] C:\WINDOWS\System32\dfgox\qppic.exe
O4 - HKLM\..\Run: [bkmetc] C:\WINDOWS\System32\ewtq\bkmetc.exe
O4 - HKLM\..\Run: [rbtoue] C:\WINDOWS\System32\kvlkg\rbtoue.exe
O4 - HKLM\..\Run: [gseohbcl] C:\WINDOWS\System32\ekjh\gseohbcl.exe
O4 - HKLM\..\Run: [kjflnbkc] C:\WINDOWS\System32\soinj\kjflnbkc.exe
O4 - HKLM\..\Run: [dwbba] C:\WINDOWS\System32\tlerf\dwbba.exe
O4 - HKLM\..\Run: [kmir] C:\WINDOWS\System32\ixyl\kmir.exe
O4 - HKLM\..\Run: [ifgegdhu] C:\WINDOWS\System32\qemvm\ifgegdhu.exe
O4 - HKLM\..\Run: [ccrytkiv] C:\WINDOWS\System32\xhbfrvur\ccrytkiv.exe
O4 - HKLM\..\Run: [xcjcxpik] C:\WINDOWS\System32\wlabkd\xcjcxpik.exe
O4 - HKLM\..\Run: [ikrvki] C:\WINDOWS\System32\yuki\ikrvki.exe
O4 - HKLM\..\Run: [nddvrikw] C:\WINDOWS\System32\hnlugh\nddvrikw.exe
O4 - HKLM\..\Run: [ujign] C:\WINDOWS\System32\wjfq\ujign.exe
O4 - HKLM\..\Run: [mksq] C:\WINDOWS\System32\hkdk\mksq.exe
O4 - HKLM\..\Run: [joqpxixp] C:\WINDOWS\System32\qqivnqpw\joqpxixp.exe
O4 - HKLM\..\Run: [vnaaf] C:\WINDOWS\System32\mvrt\vnaaf.exe
O4 - HKLM\..\Run: [glfug] C:\WINDOWS\System32\ffplxn\glfug.exe
O4 - HKLM\..\Run: [fvuu] C:\WINDOWS\System32\ctnhjuai\fvuu.exe
O4 - HKLM\..\Run: [dnttrn] C:\WINDOWS\System32\gouwjn\dnttrn.exe
O4 - HKLM\..\Run: [qpxgv] C:\WINDOWS\System32\ogsf\qpxgv.exe
O4 - HKLM\..\Run: [xwpsgxi] C:\WINDOWS\System32\sgrpswsm\xwpsgxi.exe
O4 - HKLM\..\Run: [vrxtbhah] C:\WINDOWS\System32\aolkbas\vrxtbhah.exe
O4 - HKLM\..\Run: [ybpid] C:\WINDOWS\System32\fnjoh\ybpid.exe
O4 - HKLM\..\Run: [kjxugep] C:\WINDOWS\System32\ahuc\kjxugep.exe
O4 - HKLM\..\Run: [bdexfkyt] C:\WINDOWS\System32\djidxmu\bdexfkyt.exe
O4 - HKLM\..\Run: [xioojbjm] C:\WINDOWS\System32\vdyglelv\xioojbjm.exe
O4 - HKLM\..\Run: [hrbd] C:\WINDOWS\System32\ljhmxy\hrbd.exe
O4 - HKLM\..\Run: [lawwu] C:\WINDOWS\System32\xllshe\lawwu.exe
O4 - HKLM\..\Run: [smumnkj] C:\WINDOWS\System32\kkajjqlk\smumnkj.exe
O4 - HKLM\..\Run: [vjxmrxvk] C:\WINDOWS\System32\hpse\vjxmrxvk.exe
O4 - HKLM\..\Run: [udraauam] C:\WINDOWS\System32\ewdxwgl\udraauam.exe
O4 - HKLM\..\Run: [ekmj] C:\WINDOWS\System32\vpruolra\ekmj.exe
O4 - HKLM\..\Run: [mdkrcvm] C:\WINDOWS\System32\wqinqjg\mdkrcvm.exe
O4 - HKLM\..\Run: [wtpar] C:\WINDOWS\System32\cbwxexb\wtpar.exe
O4 - HKLM\..\Run: [dxsldm] C:\WINDOWS\System32\ymcuo\dxsldm.exe
O4 - HKLM\..\Run: [cvfmrtrb] C:\WINDOWS\System32\mhtdqcjn\cvfmrtrb.exe
O4 - HKLM\..\Run: [dothenue] C:\WINDOWS\System32\ohufroej\dothenue.exe
O4 - HKLM\..\Run: [ysbnqfl] C:\WINDOWS\System32\xpuujvfh\ysbnqfl.exe
O4 - HKLM\..\Run: [ylrldd] C:\WINDOWS\System32\yonevv\ylrldd.exe
O4 - HKLM\..\Run: [furioyps] C:\WINDOWS\System32\bumxfjb\furioyps.exe
O4 - HKLM\..\Run: [xdusgpma] C:\WINDOWS\System32\tasbc\xdusgpma.exe
O4 - HKLM\..\Run: [obxln] C:\WINDOWS\System32\eqndsqan\obxln.exe
O4 - HKLM\..\Run: [pbabquk] C:\WINDOWS\System32\wdsweq\pbabquk.exe
O4 - HKLM\..\Run: [kfkbu] C:\WINDOWS\System32\lakoqnrn\kfkbu.exe
O4 - HKLM\..\Run: [ecndfvby] C:\WINDOWS\System32\hincnig\ecndfvby.exe
O4 - HKLM\..\Run: [smmed] C:\WINDOWS\System32\nrflhxf\smmed.exe
O4 - HKLM\..\Run: [wcbu] C:\WINDOWS\System32\hmogooli\wcbu.exe
O4 - HKLM\..\Run: [suerhe] C:\WINDOWS\System32\mtpcq\suerhe.exe
O4 - HKLM\..\Run: [pqefutum] C:\WINDOWS\System32\mmyu\pqefutum.exe
O4 - HKLM\..\Run: [jxbjhs] C:\WINDOWS\System32\jyrffxe\jxbjhs.exe
O4 - HKLM\..\Run: [twjj] C:\WINDOWS\System32\ifwfv\twjj.exe
O4 - HKLM\..\Run: [wxwmn] C:\WINDOWS\System32\uugmebnv\wxwmn.exe
O4 - HKLM\..\Run: [bscq] C:\WINDOWS\System32\kcjer\bscq.exe
O4 - HKLM\..\Run: [arwe] C:\WINDOWS\System32\nvsoos\arwe.exe
O4 - HKLM\..\Run: [fmbsr] C:\WINDOWS\System32\rvlbllqk\fmbsr.exe
O4 - HKLM\..\Run: [hdaj] C:\WINDOWS\System32\ldsjwd\hdaj.exe
O4 - HKLM\..\Run: [bmxtm] C:\WINDOWS\System32\iobe\bmxtm.exe
O4 - HKLM\..\Run: [mvrd] C:\WINDOWS\System32\qjme\mvrd.exe
O4 - HKLM\..\Run: [maws] C:\WINDOWS\System32\ktquhmbc\maws.exe
O4 - HKLM\..\Run: [taapm] C:\WINDOWS\System32\lprso\taapm.exe
O4 - HKLM\..\Run: [kjucfxi] C:\WINDOWS\System32\wcergqnc\kjucfxi.exe
O4 - HKLM\..\Run: [ejjcsulj] C:\WINDOWS\System32\qairsrto\ejjcsulj.exe
O4 - HKLM\..\Run: [cqqoadvb] C:\WINDOWS\System32\ynpp\cqqoadvb.exe
O4 - HKLM\..\Run: [ndcaxd] C:\WINDOWS\System32\isbybtmo\ndcaxd.exe
O4 - HKLM\..\Run: [ihwey] C:\WINDOWS\System32\jxfseh\ihwey.exe
O4 - HKLM\..\Run: [cwgeq] C:\WINDOWS\System32\xbiluo\cwgeq.exe
O4 - HKLM\..\Run: [nnojk] C:\WINDOWS\System32\jiurbgy\nnojk.exe
O4 - HKLM\..\Run: [uehrfe] C:\WINDOWS\System32\nletwx\uehrfe.exe
O4 - HKLM\..\Run: [fitjo] C:\WINDOWS\System32\cupsxa\fitjo.exe
O4 - HKLM\..\Run: [lsvggon] C:\WINDOWS\System32\hnicpgr\lsvggon.exe
O4 - HKLM\..\Run: [yjyuolg] C:\WINDOWS\System32\wljeyhwq\yjyuolg.exe
O4 - HKLM\..\Run: [tayqnpal] C:\WINDOWS\System32\enqf\tayqnpal.exe
O4 - HKLM\..\Run: [sokkbkn] C:\WINDOWS\System32\syqoatyl\sokkbkn.exe
O4 - HKLM\..\Run: [cbhvhb] C:\WINDOWS\System32\rihwgpi\cbhvhb.exe
O4 - HKLM\..\Run: [vkgiif] C:\WINDOWS\System32\qccpb\vkgiif.exe
O4 - HKLM\..\Run: [qvbq] C:\WINDOWS\System32\mbgwkg\qvbq.exe
O4 - HKLM\..\Run: [gxmcm] C:\WINDOWS\System32\pksg\gxmcm.exe
O4 - HKLM\..\Run: [ieiepsm] C:\WINDOWS\System32\daqgcq\ieiepsm.exe
O4 - HKLM\..\Run: [klosku] C:\WINDOWS\System32\lbwnsyc\klosku.exe
O4 - HKLM\..\Run: [syjcryhy] C:\WINDOWS\System32\buadlp\syjcryhy.exe
O4 - HKLM\..\Run: [viuwj] C:\WINDOWS\System32\fqspfkrw\viuwj.exe
O4 - HKLM\..\Run: [upwufe] C:\WINDOWS\System32\ertwodi\upwufe.exe
O4 - HKLM\..\Run: [oovju] C:\WINDOWS\System32\tqri\oovju.exe
O4 - HKLM\..\Run: [rgpkkja] C:\WINDOWS\System32\hiwqet\rgpkkja.exe
O4 - HKLM\..\Run: [kwxcddv] C:\WINDOWS\System32\oamnvku\kwxcddv.exe
O4 - HKLM\..\Run: [posk] C:\WINDOWS\System32\awiw\posk.exe
O4 - HKLM\..\Run: [oolsh] C:\WINDOWS\System32\dbpwn\oolsh.exe
O4 - HKLM\..\Run: [sfaoqcus] C:\WINDOWS\System32\pvtqpdd\sfaoqcus.exe
O4 - HKLM\..\Run: [wsyyfe] C:\WINDOWS\System32\cnal\wsyyfe.exe
O4 - HKLM\..\Run: [lyieg] C:\WINDOWS\System32\mfufmgy\lyieg.exe
O4 - HKLM\..\Run: [hpwmevwj] C:\WINDOWS\System32\joetk\hpwmevwj.exe
O4 - HKLM\..\Run: [cjori] C:\WINDOWS\System32\cupsxa\cjori.exe
O4 - HKLM\..\Run: [mmghjea] C:\WINDOWS\System32\crdgvmue\mmghjea.exe
O4 - HKLM\..\Run: [ojloh] C:\WINDOWS\System32\rtrbukb\ojloh.exe
O4 - HKLM\..\Run: [hsmmxobb] C:\WINDOWS\System32\qqic\hsmmxobb.exe
O4 - HKLM\..\Run: [kwiky] C:\WINDOWS\System32\vfxbho\kwiky.exe
O4 - HKLM\..\Run: [ivympqb] C:\WINDOWS\System32\unus\ivympqb.exe
O4 - HKLM\..\Run: [qrwtncih] C:\WINDOWS\System32\akhdxq\qrwtncih.exe
O4 - HKLM\..\Run: [oylf] C:\WINDOWS\System32\ognomms\oylf.exe
O4 - HKLM\..\Run: [dkjvp] C:\WINDOWS\System32\bxmmieq\dkjvp.exe
O4 - HKLM\..\Run: [dckb] C:\WINDOWS\System32\fshbnkt\dckb.exe
O4 - HKLM\..\Run: [wmoef] C:\WINDOWS\System32\kcgpqj\wmoef.exe
O4 - HKLM\..\Run: [inijcf] C:\WINDOWS\System32\qxix\inijcf.exe
O4 - HKLM\..\Run: [kybuflpg] C:\WINDOWS\System32\sxfwxu\kybuflpg.exe
O4 - HKLM\..\Run: [hnrlabi] C:\WINDOWS\System32\hbccaap\hnrlabi.exe
O4 - HKLM\..\Run: [svvgkno] C:\WINDOWS\System32\yfeljtv\svvgkno.exe
O4 - HKLM\..\Run: [uovib] C:\WINDOWS\System32\npobpnxo\uovib.exe
O4 - HKLM\..\Run: [bbkii] C:\WINDOWS\System32\heqsuuwt\bbkii.exe
O4 - HKLM\..\Run: [juvk] C:\WINDOWS\System32\vcirqibt\juvk.exe
O4 - HKLM\..\Run: [jodyk] C:\WINDOWS\System32\tdrj\jodyk.exe
O4 - HKLM\..\Run: [ahxnoq] C:\WINDOWS\System32\aevhxr\ahxnoq.exe
O4 - HKLM\..\Run: [okkdhy] C:\WINDOWS\System32\hnjrijf\okkdhy.exe
O4 - HKLM\..\Run: [nbja] C:\WINDOWS\System32\xumglea\nbja.exe
O4 - HKLM\..\Run: [snvpmafb] C:\WINDOWS\System32\ogyf\snvpmafb.exe
O4 - HKLM\..\Run: [wlpjcigs] C:\WINDOWS\System32\sgqqg\wlpjcigs.exe
O4 - HKLM\..\Run: [clpd] C:\WINDOWS\System32\irmqquqm\clpd.exe
O4 - HKLM\..\Run: [aetpwpl] C:\WINDOWS\System32\lmtyk\aetpwpl.exe
O4 - HKLM\..\Run: [nakbdry] C:\WINDOWS\System32\eqyvffyd\nakbdry.exe
O4 - HKLM\..\Run: [xwaqrmr] C:\WINDOWS\System32\vwhjftdj\xwaqrmr.exe
O4 - HKLM\..\Run: [kpfklch] C:\WINDOWS\System32\rokxk\kpfklch.exe
O4 - HKLM\..\Run: [nxvpppvn] C:\WINDOWS\System32\aafvgojq\nxvpppvn.exe
O4 - HKLM\..\Run: [fbnqoo] C:\WINDOWS\System32\ngsb\fbnqoo.exe
O4 - HKLM\..\Run: [bvtoe] C:\WINDOWS\System32\mepwc\bvtoe.exe
O4 - HKLM\..\Run: [ryusppy] C:\WINDOWS\System32\bhrsowh\ryusppy.exe
O4 - HKLM\..\Run: [hjclcxv] C:\WINDOWS\System32\dgymnea\hjclcxv.exe
O4 - HKLM\..\Run: [ftomm] C:\WINDOWS\System32\miclrjib\ftomm.exe
O4 - HKLM\..\Run: [htlfme] C:\WINDOWS\System32\sjye\htlfme.exe
O4 - HKLM\..\Run: [iqhr] C:\WINDOWS\System32\colbj\iqhr.exe
O4 - HKLM\..\Run: [oigrx] C:\WINDOWS\System32\jnhwk\oigrx.exe
O4 - HKLM\..\Run: [tpyuci] C:\WINDOWS\System32\xywbmg\tpyuci.exe
O4 - HKLM\..\Run: [jxbiyad] C:\WINDOWS\System32\srta\jxbiyad.exe
O4 - HKLM\..\Run: [cxvbe] C:\WINDOWS\System32\ofiucgqd\cxvbe.exe
O4 - HKLM\..\Run: [vwgni] C:\WINDOWS\System32\trrrmvl\vwgni.exe
O4 - HKLM\..\Run: [yltlj] C:\WINDOWS\System32\jsjc\yltlj.exe
O4 - HKLM\..\Run: [xhetfhl] C:\WINDOWS\System32\qmxg\xhetfhl.exe
O4 - HKLM\..\Run: [sknroa] C:\WINDOWS\System32\hrmi\sknroa.exe
O4 - HKLM\..\Run: [vbpq] C:\WINDOWS\System32\psqmnm\vbpq.exe
O4 - HKLM\..\Run: [iqnn] C:\WINDOWS\System32\suqj\iqnn.exe
O4 - HKLM\..\Run: [ntxvi] C:\WINDOWS\System32\bacbun\ntxvi.exe
O4 - HKLM\..\Run: [qoqyoxsl] C:\WINDOWS\System32\enae\qoqyoxsl.exe
O4 - HKLM\..\Run: [hdyjsqt] C:\WINDOWS\System32\sbgyfm\hdyjsqt.exe
O4 - HKLM\..\Run: [xvlvcolq] C:\WINDOWS\System32\xxxuu\xvlvcolq.exe
O4 - HKLM\..\Run: [nsqbb] C:\WINDOWS\System32\ghdneb\nsqbb.exe
O4 - HKLM\..\Run: [sdfnbe] C:\WINDOWS\System32\njgovshj\sdfnbe.exe
O4 - HKLM\..\Run: [owjixoll] C:\WINDOWS\System32\bouh\owjixoll.exe
O4 - HKLM\..\Run: [fkywd] C:\WINDOWS\System32\hjpku\fkywd.exe
O4 - HKLM\..\Run: [doslrtrc] C:\WINDOWS\System32\saskx\doslrtrc.exe
O4 - HKLM\..\Run: [uenp] C:\WINDOWS\System32\uanuvlm\uenp.exe
O4 - HKLM\..\Run: [phqovl] C:\WINDOWS\System32\lofc\phqovl.exe
O4 - HKLM\..\Run: [wanvnide] C:\WINDOWS\System32\qrpk\wanvnide.exe
O4 - HKLM\..\Run: [qwgrbru] C:\WINDOWS\System32\hdibsf\qwgrbru.exe
O4 - HKLM\..\Run: [gshalxph] C:\WINDOWS\System32\hdmgr\gshalxph.exe
O4 - HKLM\..\Run: [rrakf] C:\WINDOWS\System32\gitis\rrakf.exe
O4 - HKLM\..\Run: [jlnumx] C:\WINDOWS\System32\hmkdnc\jlnumx.exe
O4 - HKLM\..\Run: [mujjtpq] C:\WINDOWS\System32\ltnwc\mujjtpq.exe
O4 - HKLM\..\Run: [dhnfbua] C:\WINDOWS\System32\efuioft\dhnfbua.exe
O4 - HKLM\..\Run: [phnrlpsq] C:\WINDOWS\System32\yexua\phnrlpsq.exe
O4 - HKLM\..\Run: [rsvstb] C:\WINDOWS\System32\hkxqgwlj\rsvstb.exe
O4 - HKLM\..\Run: [knehx] C:\WINDOWS\System32\vlphru\knehx.exe
O4 - HKLM\..\Run: [uftvhrf] C:\WINDOWS\System32\bspnic\uftvhrf.exe
O4 - HKLM\..\Run: [efkxbbd] C:\WINDOWS\System32\wnudl\efkxbbd.exe
O4 - HKLM\..\Run: [qagdgb] C:\WINDOWS\System32\ngurhas\qagdgb.exe
O4 - HKLM\..\Run: [sibphb] C:\WINDOWS\System32\fiqyqkod\sibphb.exe
O4 - HKLM\..\Run: [oxra] C:\WINDOWS\System32\ylry\oxra.exe
O4 - HKLM\..\Run: [gnpry] C:\WINDOWS\System32\jckhjh\gnpry.exe
O4 - HKLM\..\Run: [woug] C:\WINDOWS\System32\unrsqv\woug.exe
O4 - HKLM\..\Run: [qobuwyu] C:\WINDOWS\System32\xpitetu\qobuwyu.exe
O4 - HKLM\..\Run: [jagunsic] C:\WINDOWS\System32\ijvpje\jagunsic.exe
O4 - HKLM\..\Run: [klmter] C:\WINDOWS\System32\otvhqpei\klmter.exe
O4 - HKLM\..\Run: [lfyiuhl] C:\WINDOWS\System32\uuldcld\lfyiuhl.exe
O4 - HKLM\..\Run: [pkdqnnn] C:\WINDOWS\System32\chvirvev\pkdqnnn.exe
O4 - HKLM\..\Run: [itgyv] C:\WINDOWS\System32\ljtaeeic\itgyv.exe
O4 - HKLM\..\Run: [cfoulbf] C:\WINDOWS\System32\nnafne\cfoulbf.exe
O4 - HKLM\..\Run: [cutrayqq] C:\WINDOWS\System32\bmby\cutrayqq.exe
O4 - HKLM\..\Run: [hqfgpq] C:\WINDOWS\System32\oocyo\hqfgpq.exe
O4 - HKLM\..\Run: [wakd] C:\WINDOWS\System32\bjqd\wakd.exe
O4 - HKLM\..\Run: [trrqlfhe] C:\WINDOWS\System32\gejhjjvk\trrqlfhe.exe
O4 - HKLM\..\Run: [jefugi] C:\WINDOWS\System32\dtrsiqjc\jefugi.exe
O4 - HKLM\..\Run: [xwojuf] C:\WINDOWS\System32\usftycs\xwojuf.exe
O4 - HKLM\..\Run: [ehnhrcgh] C:\WINDOWS\System32\yairwct\ehnhrcgh.exe
O4 - HKLM\..\Run: [skscoxd] C:\WINDOWS\System32\vonqaaur\skscoxd.exe
O4 - HKLM\..\Run: [oqgtny] C:\WINDOWS\System32\qcupv\oqgtny.exe
O4 - HKLM\..\Run: [uvmtdyad] C:\WINDOWS\System32\myrbrjbx\uvmtdyad.exe
O4 - HKLM\..\Run: [tunu] C:\WINDOWS\System32\khvhkel\tunu.exe
O4 - HKLM\..\Run: [vbhqi] C:\WINDOWS\System32\tyakapta\vbhqi.exe
O4 - HKLM\..\Run: [weltoy] C:\WINDOWS\System32\tnmkri\weltoy.exe
O4 - HKLM\..\Run: [yytbvecu] C:\WINDOWS\System32\pnkln\yytbvecu.exe
O4 - HKLM\..\Run: [xujbeibx] C:\WINDOWS\System32\imufilb\xujbeibx.exe
O4 - HKLM\..\Run: [vrudn] C:\WINDOWS\System32\rxtoclh\vrudn.exe
O4 - HKLM\..\Run: [ykjeca] C:\WINDOWS\System32\bgiayenv\ykjeca.exe
O4 - HKLM\..\Run: [ofpecvht] C:\WINDOWS\System32\tncwa\ofpecvht.exe
O4 - HKLM\..\Run: [lfud] C:\WINDOWS\System32\hdql\lfud.exe
O4 - HKLM\..\Run: [wumoi] C:\WINDOWS\System32\jjshph\wumoi.exe
O4 - HKLM\..\Run: [vjcflaq] C:\WINDOWS\System32\pavfeqc\vjcflaq.exe
O4 - HKLM\..\Run: [osghp] C:\WINDOWS\System32\yqrigbrk\osghp.exe
O4 - HKLM\..\Run: [qyjxyouc] C:\WINDOWS\System32\gmnns\qyjxyouc.exe
O4 - HKLM\..\Run: [kvkilm] C:\WINDOWS\System32\rguotkh\kvkilm.exe
O4 - HKLM\..\Run: [jolxadiv] C:\WINDOWS\System32\ruyifyv\jolxadiv.exe
O4 - HKLM\..\Run: [mwxpg] C:\WINDOWS\System32\yxnv\mwxpg.exe
O4 - HKLM\..\Run: [tnij] C:\WINDOWS\System32\lxrm\tnij.exe
O4 - HKLM\..\Run: [bmld] C:\WINDOWS\System32\xkqjlj\bmld.exe
O4 - HKLM\..\Run: [idniqa] C:\WINDOWS\System32\vbuqlwi\idniqa.exe
O4 - HKLM\..\Run: [ryoqdms] C:\WINDOWS\System32\asfrgph\ryoqdms.exe
O4 - HKLM\..\Run: [mjsnt] C:\WINDOWS\System32\qfrkt\mjsnt.exe
O4 - HKLM\..\Run: [xdluwao] C:\WINDOWS\System32\sfynrsnx\xdluwao.exe
O4 - HKLM\..\Run: [fsmleqxx] C:\WINDOWS\System32\riqxuhse\fsmleqxx.exe
O4 - HKLM\..\Run: [lrvixn] C:\WINDOWS\System32\xdwras\lrvixn.exe
O4 - HKLM\..\Run: [klagfe] C:\WINDOWS\System32\yaleq\klagfe.exe
O4 - HKLM\..\Run: [yeomi] C:\WINDOWS\System32\odof\yeomi.exe
O4 - HKLM\..\Run: [qgtte] C:\WINDOWS\System32\upiucy\qgtte.exe
O4 - HKLM\..\Run: [qwad] C:\WINDOWS\System32\lohrpxa\qwad.exe
O4 - HKLM\..\Run: [evcgbrwa] C:\WINDOWS\System32\yahibxm\evcgbrwa.exe
O4 - HKLM\..\Run: [kdir] C:\WINDOWS\System32\ucolo\kdir.exe
O4 - HKLM\..\Run: [vntjpn] C:\WINDOWS\System32\wfdc\vntjpn.exe
O4 - HKLM\..\Run: [ucskjg] C:\WINDOWS\System32\ouxcfif\ucskjg.exe
O4 - HKLM\..\Run: [thkgusnx] C:\WINDOWS\System32\miex\thkgusnx.exe
O4 - HKLM\..\Run: [kefvhim] C:\WINDOWS\System32\wqptkmq\kefvhim.exe
O4 - HKLM\..\Run: [tbycsv] C:\WINDOWS\System32\eylyg\tbycsv.exe
O4 - HKLM\..\Run: [wcrfwxm] C:\WINDOWS\System32\ucvtd\wcrfwxm.exe
O4 - HKLM\..\Run: [hrix] C:\WINDOWS\System32\erobcqi\hrix.exe
O4 - HKLM\..\Run: [tholik] C:\WINDOWS\System32\rpqavdnk\tholik.exe
O4 - HKLM\..\Run: [jiex] C:\WINDOWS\System32\laovfb\jiex.exe
O4 - HKLM\..\Run: [pxcqku] C:\WINDOWS\System32\ewmjqyoo\pxcqku.exe
O4 - HKLM\..\Run: [eiqoc] C:\WINDOWS\System32\yljenju\eiqoc.exe
O4 - HKLM\..\Run: [dicaekw] C:\WINDOWS\System32\akffrple\dicaekw.exe
O4 - HKLM\..\Run: [mntpuwo] C:\WINDOWS\System32\dumpmcoj\mntpuwo.exe
O4 - HKLM\..\Run: [kosj] C:\WINDOWS\System32\pxxj\kosj.exe
O4 - HKLM\..\Run: [xtkobi] C:\WINDOWS\System32\pscgvs\xtkobi.exe
O4 - HKLM\..\Run: [lbnctmi] C:\WINDOWS\System32\tuqv\lbnctmi.exe
O4 - HKLM\..\Run: [ckdj] C:\WINDOWS\System32\hrhgltlg\ckdj.exe
O4 - HKLM\..\Run: [biphmhl] C:\WINDOWS\System32\oavg\biphmhl.exe
O4 - HKLM\..\Run: [nbacmfh] C:\WINDOWS\System32\tfbbny\nbacmfh.exe
O4 - HKLM\..\Run: [uhonxq] C:\WINDOWS\System32\ryxhd\uhonxq.exe
O4 - HKLM\..\Run: [mqop] C:\WINDOWS\System32\qbfeptwj\mqop.exe
O4 - HKLM\..\Run: [eqqksa] C:\WINDOWS\System32\kpvk\eqqksa.exe
O4 - HKLM\..\Run: [enaxwcvb] C:\WINDOWS\System32\dhcu\enaxwcvb.exe
O4 - HKLM\..\Run: [tqbtfcw] C:\WINDOWS\System32\sxdtowpi\tqbtfcw.exe
O4 - HKLM\..\Run: [wvnkpfqy] C:\WINDOWS\System32\igru\wvnkpfqy.exe
O4 - HKLM\..\Run: [fbkr] C:\WINDOWS\System32\xpupkws\fbkr.exe
O4 - HKLM\..\Run: [ikgcfbdy] C:\WINDOWS\System32\bvlexx\ikgcfbdy.exe
O4 - HKLM\..\Run: [vlytg] C:\WINDOWS\System32\trri\vlytg.exe
O4 - HKLM\..\Run: [qmhltd] C:\WINDOWS\System32\cbeaovt\qmhltd.exe
O4 - HKLM\..\Run: [nqvrfws] C:\WINDOWS\System32\hgxc\nqvrfws.exe
O4 - HKLM\..\Run: [ryycb] C:\WINDOWS\System32\auqfkv\ryycb.exe
O4 - HKLM\..\Run: [nfqcly] C:\WINDOWS\System32\ktdrxpt\nfqcly.exe
O4 - HKLM\..\Run: [mugjxv] C:\WINDOWS\System32\yncnncl\mugjxv.exe
O4 - HKLM\..\Run: [wuaqvcmh] C:\WINDOWS\System32\ytkr\wuaqvcmh.exe
O4 - HKLM\..\Run: [xyoue] C:\WINDOWS\System32\ufxy\xyoue.exe
O4 - HKLM\..\Run: [nogt] C:\WINDOWS\System32\xkmsovpm\nogt.exe
O4 - HKLM\..\Run: [rlhof] C:\WINDOWS\System32\kxak\rlhof.exe
O4 - HKLM\..\Run: [pkwl] C:\WINDOWS\System32\ebys\pkwl.exe
O4 - HKLM\..\Run: [persud] C:\WINDOWS\System32\jdviijrt\persud.exe
O4 - HKLM\..\Run: [tcqkasyu] C:\WINDOWS\System32\bbcncix\tcqkasyu.exe
O4 - HKLM\..\Run: [treeuh] C:\WINDOWS\System32\kkryi\treeuh.exe
O4 - HKLM\..\Run: [wuhta] C:\WINDOWS\System32\fmydfvo\wuhta.exe
O4 - HKLM\..\Run: [aayatsx] C:\WINDOWS\System32\bagqtsww\aayatsx.exe
O4 - HKLM\..\Run: [sipg] C:\WINDOWS\System32\nmvtp\sipg.exe
O4 - HKLM\..\Run: [sqcaxn] C:\WINDOWS\System32\ouxys\sqcaxn.exe
O4 - HKLM\..\Run: [ixgpchg] C:\WINDOWS\System32\dpnkmle\ixgpchg.exe
O4 - HKLM\..\Run: [axdl] C:\WINDOWS\System32\mraawt\axdl.exe
O4 - HKLM\..\Run: [ofucch] C:\WINDOWS\System32\rmwusqv\ofucch.exe
O4 - HKLM\..\Run: [rcvat] C:\WINDOWS\System32\sbjmqin\rcvat.exe
O4 - HKLM\..\Run: [oihfnlbu] C:\WINDOWS\System32\rraf\oihfnlbu.exe
O4 - HKLM\..\Run: [wlakd] C:\WINDOWS\System32\hojd\wlakd.exe
O4 - HKLM\..\Run: [iasxjhnh] C:\WINDOWS\System32\uvgu\iasxjhnh.exe
O4 - HKLM\..\Run: [ucum] C:\WINDOWS\System32\hfmse\ucum.exe
O4 - HKLM\..\Run: [yxrgga] C:\WINDOWS\System32\oxlxuqp\yxrgga.exe
O4 - HKLM\..\Run: [ttbq] C:\WINDOWS\System32\fsbbpolp\ttbq.exe
O4 - HKLM\..\Run: [ptxdc] C:\WINDOWS\System32\qwehysw\ptxdc.exe
O4 - HKLM\..\Run: [bqld] C:\WINDOWS\System32\jcwxp\bqld.exe
O4 - HKLM\..\Run: [ijsni] C:\WINDOWS\System32\qbxadrw\ijsni.exe
O4 - HKLM\..\Run: [bvomd] C:\WINDOWS\System32\owwa\bvomd.exe
O4 - HKLM\..\Run: [ndcbg] C:\WINDOWS\System32\nbupkx\ndcbg.exe
O4 - HKLM\..\Run: [vbmq] C:\WINDOWS\System32\njjfim\vbmq.exe
O4 - HKLM\..\Run: [mihhd] C:\WINDOWS\System32\uajlpi\mihhd.exe
O4 - HKLM\..\Run: [fuqa] C:\WINDOWS\System32\swerel\fuqa.exe
O4 - HKLM\..\Run: [vpxijek] C:\WINDOWS\System32\etqnjk\vpxijek.exe
O4 - HKLM\..\Run: [mgti] C:\WINDOWS\System32\rflvfdh\mgti.exe
O4 - HKLM\..\Run: [rjai] C:\WINDOWS\System32\bpads\rjai.exe
O4 - HKLM\..\Run: [gtmiun] C:\WINDOWS\System32\usnvy\gtmiun.exe
O4 - HKLM\..\Run: [kduvplvo] C:\WINDOWS\System32\givbx\kduvplvo.exe
O4 - HKLM\..\Run: [esgdjvc] C:\WINDOWS\System32\tpbd\esgdjvc.exe
O4 - HKLM\..\Run: [ypwyiv] C:\WINDOWS\System32\ouaioey\ypwyiv.exe
O4 - HKLM\..\Run: [idkcrr] C:\WINDOWS\System32\riiip\idkcrr.exe
O4 - HKLM\..\Run: [lxoaknr] C:\WINDOWS\System32\taitwof\lxoaknr.exe
O4 - HKLM\..\Run: [bnjm] C:\WINDOWS\System32\mqbgddkv\bnjm.exe
O4 - HKLM\..\Run: [vjaqyl] C:\WINDOWS\System32\gvwefh\vjaqyl.exe
O4 - HKLM\..\Run: [fvxmwl] C:\WINDOWS\System32\bowsma\fvxmwl.exe
O4 - HKLM\..\Run: [tolcbw] C:\WINDOWS\System32\ecxqj\tolcbw.exe
O4 - HKLM\..\Run: [xewraw] C:\WINDOWS\System32\jdhihka\xewraw.exe
O4 - HKLM\..\Run: [crrcrqb] C:\WINDOWS\System32\xovosp\crrcrqb.exe

 

[Flrman1]

* Download the trial version of Ewido Security Suite here.

• Install ewido.
• During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• Launch ewido
• It will prompt you to update click the OK button and it will go to the main screen
• On the left side of the main screen click update
• Click on Start and let it update.
• DO NOT run a scan yet. You will do that later in safe mode.

* Go here to download CCleaner.

• Install CCleaner
• Launch CCleaner and look in the upper right corner and click on the "Options" button.
• Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
• Click OK
• Do not run CCleaner yet. You will run it later in safe mode.

* Also Click here to download Nailfix.zip.
Unzip it to the desktop but please do NOT run it yet.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.


* Now run Ewido:

• Click on scanner
• Put a check by the following before you scan:
  • Binder
    [*]Crypter
    [*]Archives
• Click the Start Scan button to start the scan.
• During the scan it will prompt you to clean files, click OK
• When the scan is finished, look at the bottom of the screen and click the Save report button.
• Save the report to your desktop

* Start Ccleaner and click Run Cleaner


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Go here and download Ad-Aware SE.

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.



* Go here and download Microsoft Antispyware Beta. First in the top menu click File then Check for updates to download the definitons updates.

After updating look in the right side of the main window under "Run Quick Scan Now" and click Spyware scan options. In that window put a tick by Run a full system scan and then put a check by all three options below that then click Run Scan now.

When the scan is finished, let it fix anything that it finds (have it quarantine the items that have that option rather than delete just in case. It is a beta program and there may be false positives)

Restart your computer.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!


* Come back here and post a new HijackThis log, as well as the log from the Ewido scan and Activescan.

 

[jillybov]

ok....so from the last two parts of the log file you get the point...there are about 20 more emails worth of c:\windows\system32\randomletters.exe
I can send the rest if you want...but I skipped most of them and sent you the end of the log. Everything in between is in system 32. What am I going to do?
Oh, and I know at somepoint you'll probably have me restart my comp. But just so you know, everytime I start my comp I have to go through about 20 minutes of waiting for all the **** to fill into my registry, and then I have to open up taskmanager (which doesn't always work) and then I have to delete all the randomletters.exe things that are running and using up my virtual memory.
THanks again for your help.

O4 - HKLM\..\Run: [pwjlyyya] C:\WINDOWS\System32\lcbvh\pwjlyyya.exe
O4 - HKLM\..\Run: [nloj] C:\WINDOWS\System32\xrdrk\nloj.exe
O4 - HKLM\..\Run: [lraoxs] C:\WINDOWS\System32\nhmpbma\lraoxs.exe
O4 - HKLM\..\Run: [orfwyit] C:\WINDOWS\System32\foaxnvxd\orfwyit.exe
O4 - HKLM\..\Run: [hajt] C:\WINDOWS\System32\ctwf\hajt.exe
O4 - HKLM\..\Run: [wcidnm] C:\WINDOWS\System32\xpnop\wcidnm.exe
O4 - HKLM\..\Run: [mjsd] C:\WINDOWS\System32\cqtgbxrt\mjsd.exe
O4 - HKLM\..\Run: [juayior] C:\WINDOWS\System32\qbcxwpdx\juayior.exe
O4 - HKLM\..\Run: [bbuxhjy] C:\WINDOWS\System32\pyweu\bbuxhjy.exe
O4 - HKLM\..\Run: [ebaormk] C:\WINDOWS\System32\xuqa\ebaormk.exe
O4 - HKLM\..\Run: [wyjfa] C:\WINDOWS\System32\tbdifp\wyjfa.exe
O4 - HKLM\..\Run: [sylfpc] C:\WINDOWS\System32\bwmjlma\sylfpc.exe
O4 - HKLM\..\Run: [ekduldq] C:\WINDOWS\System32\lllwnsvw\ekduldq.exe
O4 - HKLM\..\Run: [tlyn] C:\WINDOWS\System32\mbojr\tlyn.exe
O4 - HKLM\..\Run: [cdvuymto] C:\WINDOWS\System32\yscdkg\cdvuymto.exe
O4 - HKLM\..\Run: [gnek] C:\WINDOWS\System32\vtoc\gnek.exe
O4 - HKLM\..\Run: [ugtt] C:\WINDOWS\System32\fmscuub\ugtt.exe
O4 - HKLM\..\Run: [taxpss] C:\WINDOWS\System32\bewvi\taxpss.exe
O4 - HKLM\..\Run: [cbeibe] C:\WINDOWS\System32\mamxqt\cbeibe.exe
O4 - HKLM\..\Run: [fflog] C:\WINDOWS\System32\ecwvv\fflog.exe
O4 - HKLM\..\Run: [dgcbje] C:\WINDOWS\System32\dcau\dgcbje.exe
O4 - HKLM\..\Run: [hvhubtb] C:\WINDOWS\System32\jypbb\hvhubtb.exe
O4 - HKLM\..\Run: [skvfyou] C:\WINDOWS\System32\fvibgfjn\skvfyou.exe
O4 - HKLM\..\Run: [jygd] C:\WINDOWS\System32\knppt\jygd.exe
O4 - HKLM\..\Run: [eohjqp] C:\WINDOWS\System32\fysjxl\eohjqp.exe
O4 - HKLM\..\Run: [tbudlni] C:\WINDOWS\System32\tuvifulo\tbudlni.exe
O4 - HKLM\..\Run: [oqdgepqt] C:\WINDOWS\System32\wdidqdlc\oqdgepqt.exe
O4 - HKLM\..\Run: [aava] C:\WINDOWS\System32\ytovkrff\aava.exe
O4 - HKLM\..\Run: [gotqg] C:\WINDOWS\System32\atxtkdq\gotqg.exe
O4 - HKLM\..\Run: [reupfhx] C:\WINDOWS\System32\lqywlbmw\reupfhx.exe
O4 - HKLM\..\Run: [qgmsfw] C:\WINDOWS\System32\hffwbpik\qgmsfw.exe
O4 - HKLM\..\Run: [xaoawyw] C:\WINDOWS\System32\wtyihjvl\xaoawyw.exe
O4 - HKLM\..\Run: [jjxhw] C:\WINDOWS\System32\bevsde\jjxhw.exe
O4 - HKLM\..\Run: [jllji] C:\WINDOWS\System32\hfdmi\jllji.exe
O4 - HKLM\..\Run: [axoa] C:\WINDOWS\System32\elfcgh\axoa.exe
O4 - HKLM\..\Run: [lwld] C:\WINDOWS\System32\uaum\lwld.exe
O4 - HKLM\..\Run: [pjha] C:\WINDOWS\System32\fskf\pjha.exe
O4 - HKLM\..\Run: [nmja] C:\WINDOWS\System32\qbpb\nmja.exe
O4 - HKLM\..\Run: [gfjt] C:\WINDOWS\System32\isayyqg\gfjt.exe
O4 - HKLM\..\Run: [jseiuuq] C:\WINDOWS\System32\vulb\jseiuuq.exe
O4 - HKLM\..\Run: [atigmxg] C:\WINDOWS\System32\lvimidd\atigmxg.exe
O4 - HKLM\..\Run: [xgqrfu] C:\WINDOWS\System32\kiio\xgqrfu.exe
O4 - HKLM\..\Run: [oniunkaw] C:\WINDOWS\System32\nngq\oniunkaw.exe
O4 - HKLM\..\Run: [solb] C:\WINDOWS\System32\wtdw\solb.exe
O4 - HKLM\..\Run: [otgdloph] C:\WINDOWS\System32\unbgrx\otgdloph.exe
O4 - HKLM\..\Run: [aqswci] C:\WINDOWS\System32\xbncpgd\aqswci.exe
O4 - HKLM\..\Run: [cidps] C:\WINDOWS\System32\ukpmimqs\cidps.exe
O4 - HKLM\..\Run: [jxmhlxuu] C:\WINDOWS\System32\lohxie\jxmhlxuu.exe
O4 - HKLM\..\Run: [bhtftqog] C:\WINDOWS\System32\ugbdtyx\bhtftqog.exe
O4 - HKLM\..\Run: [evsgobs] C:\WINDOWS\System32\bcnkr\evsgobs.exe
O4 - HKLM\..\Run: [jcvspbmr] C:\WINDOWS\System32\npwyy\jcvspbmr.exe
O4 - HKLM\..\Run: [tsrky] C:\WINDOWS\System32\ssmeof\tsrky.exe
O4 - HKLM\..\Run: [tlhggu] C:\WINDOWS\System32\feiaylyo\tlhggu.exe
O4 - HKLM\..\Run: [smipkw] C:\WINDOWS\System32\vwxxowi\smipkw.exe
O4 - HKLM\..\Run: [dbfmpaf] C:\WINDOWS\System32\hfpmvkkf\dbfmpaf.exe
O4 - HKLM\..\Run: [vggstkj] C:\WINDOWS\System32\iexsse\vggstkj.exe
O4 - HKLM\..\Run: [lxwxrnws] C:\WINDOWS\System32\tfat\lxwxrnws.exe
O4 - HKLM\..\Run: [tmssps] C:\WINDOWS\System32\ksxfvlq\tmssps.exe
O4 - HKLM\..\Run: [uhutid] C:\WINDOWS\System32\qikb\uhutid.exe
O4 - HKLM\..\Run: [bevij] C:\WINDOWS\System32\oiwyymw\bevij.exe
O4 - HKLM\..\Run: [krqs] C:\WINDOWS\System32\skgiql\krqs.exe
O4 - HKLM\..\Run: [tueukxxf] C:\WINDOWS\System32\kmunnh\tueukxxf.exe
O4 - HKLM\..\Run: [lxukjrfe] C:\WINDOWS\System32\taqyh\lxukjrfe.exe
O4 - HKLM\..\Run: [Rmghvv] c:\Program Files\Klol\Lelnzt.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\vkkkau.exe reg_run
O4 - HKLM\..\Run: [buds] C:\WINDOWS\System32\lqqqnhn\buds.exe
O4 - HKLM\..\Run: [hixasda] c:\windows\system32\wpweduq.exe r
O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Zgdmmp] C:\WINDOWS\System32\??xplore.exe
O4 - HKCU\..\Run: [ezsERgb4e] bs5orier.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\Temp\180SA3013.exe"
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: cdvuymtoyscdkg - Unknown owner - C:\WINDOWS\System32\yscdkg\cdvuymto.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: wifslkflqavj - Unknown owner - C:\WINDOWS\System32\lkflqavj\wifs.exe

 

[jillybov]

ok, I see your above advice and I"m going to take it. But is there anything I can do about the fact that it literally takes me 20 minutes to get hold of my computer (if I'm lucky) every single time I restart my computer?
thanks

 

[jillybov]

Hi,
I downloaded all the things you told me to in your last email. I have been trying to run ewido in safe mode as you suggested. At first I literally sat there and pressed ok every single time the security message came up. Then I realized I could check the box that says "perform this function on all" so I just let it clean everything up. But every time it gets to 95% done, one of those microsoft error messages pops up and I have to shut it down. Plus, my computer is such a mess in normal mode that I no longer have access to the internet ( I am writing from a different computer) so I can no longer update any of the programs you had me download....what should I do now?
greatly appreciate your help,
jill