Flic1 Posted May 17, 2005 Report Share Posted May 17, 2005 Something attacked my system over the weekend and my browser is defaulting to w-find.com. I ran HijackThis numerous times but it keeps returning. I have also tried About:Buster with no luck. I'm also getting somwthing called Win Min shutting down when I turn off the computer. Never saw it before getting hijacked. Any help appreciated!!! BTW_ I finally downloaded Mozilla Firefox and will be using that from now on....Logfile of HijackThis v1.99.1Scan saved at 7:55:16 PM, on 5/16/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exeC:\WINDOWS\BCMSMMSG.exeC:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exeC:\windows\xmkulwm.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\System32\wuauclt.exeC:\Documents and Settings\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htmR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htmR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exeO4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exeO4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exeO4 - HKCU\..\Run: [neppwef] c:\windows\xmkulwm.exeO4 - HKCU\..\Run: [racxiso] c:\windows\xmkulwm.exeO4 - HKCU\..\Run: [voacxmu] c:\windows\xmkulwm.exeO4 - HKCU\..\Run: [ymxgjwv] c:\windows\xmkulwm.exeO4 - HKCU\..\Run: [hnxwypc] c:\windows\xmkulwm.exeO4 - HKCU\..\Run: [hfbmbge] c:\windows\xmkulwm.exeO4 - HKCU\..\Run: [rubmdwi] c:\windows\xmkulwm.exeO4 - HKCU\..\Run: [lyalevf] c:\windows\xmkulwm.exeO4 - HKCU\..\Run: [nfbsopr] c:\windows\xmkulwm.exeO4 - HKCU\..\Run: [shvfofl] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [wrfgqun] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [rsekaec] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [tcsofdb] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [ptedmlc] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [lorirpn] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [owtvlxu] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [vcfajfm] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [xujfgnb] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [nufafsd] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [nuoebgy] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [tfridgw] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [ahfprim] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [mqiavsk] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [ixcxnwh] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [rdrklcd] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [aqioovi] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [krdchod] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [tleaheb] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [gofynde] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [ccixwkb] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [mhkspqm] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [vlddnmh] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [uoujkdy] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [buuyjxx] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [mugrydd] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [myrwahp] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [esoecuk] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [teyvvyp] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [gngyvae] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [wmsdiib] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [tfvtjuh] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [nuwnrah] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [ydkeojb] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [vskuiue] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [gdjgxyd] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [pahklpo] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [vrwmpnl] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [jfapqsv] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [wpbyajg] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [otnvwqk] c:\windows\sxgioxf.exeO4 - HKCU\..\Run: [plcqbet] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [prbsfgo] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [qdtvsio] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [whtdlrf] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ndhnjjy] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [bxdbvhr] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [usboojm] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [qegfvju] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [hypyswx] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [wngikfb] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [xlqlyci] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ncniftj] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [qmyffwv] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [npvyijr] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [xwfivnl] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [omhdxpg] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [eelwkmf] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [jxxjybm] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [amnltft] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [tyirakj] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [heeipkh] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [uwuawjr] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ymedetk] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [jgvcdry] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [rmwcegx] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [rlreahp] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [iueymbj] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [yblvyqe] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [hsohmdg] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [gekcwpk] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [natnkbh] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [udpejfv] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ocjgiuh] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [oabrrrr] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [deaocua] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ygorncc] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [tiypxpq] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [kjuvpqi] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [bxoqdij] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [lwuqcma] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [xrobghj] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [tymuwcx] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [oiglcoy] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [jlwlmdn] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [guiqbxk] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [vthsddq] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [txufkjo] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [gaccait] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [esifgcj] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [falbiky] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ojrfqic] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ejaoarc] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [oqxwali] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [eaaxgvg] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [uumgvvc] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [wymidhn] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [yfsmxbi] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ufisnuk] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ukwbmxo] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [brasmjq] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [uyeweyf] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [fcbltur] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [cofotip] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [mcplumc] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [lucotkf] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [pcmawoi] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [xrdpved] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [gxjyrjh] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [mnqbuqt] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [rnnyeag] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ihjgxgj] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [wojvsug] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ywvgmub] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [qofsobr] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [irjdorw] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ondlspf] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [lqfxkat] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ndkbvry] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [cebbtay] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [joidwqe] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [gjqgtft] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ewrmrub] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [fwiidbm] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ksqsapv] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [skxbmcu] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [rctwagl] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [uqyefvm] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [xciercd] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [jwkkkbf] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [lrgsbos] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [rbhjmqy] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ruvpjmw] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [wnyypem] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [gbkoqde] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [qgqjuvl] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [aareswq] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [qqgmjdf] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [sbxpjcr] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [qaibhvu] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [aubctbf] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [pftfmak] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [iaiwqbf] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [tofwsbu] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [sdhmbjl] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [uokimoo] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [nlxadjp] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [trhprvy] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [lsamssv] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [dmbjvtb] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ciijrti] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ylomrjb] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [scjwyok] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [vdjsxaa] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [hrgrrny] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [qgquksw] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [skakyqc] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [txobmwv] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [wuejgfb] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [auilxqa] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [gmqhddr] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [fowpsif] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [oaxbgtt] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [pynatnk] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [drtqmlj] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [jukvkih] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [yppyrkp] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ktsnimc] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [duhxoio] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [npttcau] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [aayjunx] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [xgvxsev] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [mejitok] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [bxujmkq] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [wjjafpw] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [nntdioa] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [tjwgndo] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [tsfdirl] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ksgpehw] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [opfwria] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [gjkulya] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [evghvti] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [cxbesdm] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [pleayic] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [ckobqbl] c:\windows\cwmrrte.exeO4 - HKCU\..\Run: [kefdfsd] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wafcydg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wbrijdx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vuvvddn] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [npybwgf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vkcwxfx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [msadpev] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [gnifkmi] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [tpfqvuo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [eyojjpe] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [clysxxa] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [chugqgw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fdhioqh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wyvwfnu] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ndcektq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [gkhsdxj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fjpuuys] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vjvdhrq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [bdfjxpw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ssbwxvb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kegajcv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [eifbcvq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [tsstsmx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jwuhppk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fotywff] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fruxjhc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nltmfth] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [lwypvli] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ncpxkpg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [chrfxcw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [osjflux] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jnttdtk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nheabfm] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ljfnctn] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [cdpdbgk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [itkulmb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [efcitaq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [cgnlrpo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [byxuume] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fgksapn] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dskabmv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [snnsndm] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [voghgdq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [aqnnwnn] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [eapwnax] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [onawelg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [yubtnmm] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [oehfumy] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [eybqrhl] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dyannud] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [sotuyvs] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [lyuoqbi] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nuapqwx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ueavrae] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vduducb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jqgciox] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [agwurpe] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [rlwbnte] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [invmvau] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [eoyeipy] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kcjwdwg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dwkukgc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wgxuguk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dkotogu] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [errxtgu] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [mjdovmx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xitxbnh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [cmfkusc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [gitnuvh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [thvifsh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ybsryli] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [sisgrta] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [mojrmty] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kvnnjyg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nhiscow] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [obxvcaj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [rwitqmj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wqscnks] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [sycmmbb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nqqhcla] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xauimkd] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kxrkstp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wkygyps] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nuyvlaq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [mhiejfn] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qclcqux] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kwkvuya] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ivlfjrk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ohchiim] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jgdygvb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jaqufie] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fpjggiu] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [tbbruht] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dlcfmax] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dgsgisa] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [lpsaiuw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wrhnlie] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [cidayuf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [cdxqrry] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ippqgps] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qqysqqu] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kjprqnk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [marcyhh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [oyhhxee] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kkqihac] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [iltnprf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [weawtxf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [edlffll] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qpmbnbf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [lfttnlo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [yplsdqf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xdijlfb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xsjlity] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [uoaopcv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [gdnmhof] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hwxtgnc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ileueyj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [gcfxejf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [rbthnhq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [cricfgk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kavyvsk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hmqmecn] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [klwhojt] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wsouolv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [osrmbso] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ryjrgkt] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [luavlus] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [djdbvtg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [bmmjeuu] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hthocic] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [iewehjv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [muamqyx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kbsctiv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [pmnuhdd] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [uwbkqdw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qhxkffp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hntnori] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [mrjlxvc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [otarpvx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [cqknfrs] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [bybwupc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wdsdjrx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [yukuglw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [pseyhyp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qmhrgtd] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kjdtxkp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nihkgkp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dwdhakq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ybpqoca] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fcxpltg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vqfuvfx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kirghol] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xrsoiha] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [npqhbbi] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fjjvgvy] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [pnxwftd] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [uygkmef] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jiwmymu] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dxaandj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [awqjqlk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [emtdaet] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hbvbynk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [iykhegj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vuvybou] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [librvvb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [yofxhou] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dscaueb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [snnaadv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [oigwifv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [cbmcbas] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [iqexybm] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qfguanh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vsdkadr] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [rjgkhdf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wqhdrpa] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kqcpddf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nocqivs] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hsdqifr] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kpaxeth] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jnxltli] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jxpufne] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dyglraj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dtxtoxr] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [gxnfdxa] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ppfqxkm] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ebfephf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jjwhpkf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qtvlecr] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [lnunqmk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [sliuvii] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [isbdixw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [yggledv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ryrldvg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [bqwcibx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [tbgwrbv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [thlbjhi] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [rgarleb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [cnihvvr] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qqdfipq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [svbqsgk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [taqcsau] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dxhdrsw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wjfnfeg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [gokdpud] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [btqrtmp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nvyvlwo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xehciik] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ecbtkxj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [bghxqlw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [mdgbocu] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [pllwkkr] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hmsfjme] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [mvgjqem] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [osvqddu] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [smhpoqw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [isrjdqq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xewurmy] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jgnunjb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [rxenatw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kdulkfo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kgjadqt] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [lhhxdxq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hgjmsje] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [tsstvdd] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [cfuvmgk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [typnwkj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kbfwflt] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nvhrovm] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [eqpeddn] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [mindgca] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [pqjlaqp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kkitvxt] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ixmqvni] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [rtwionh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wlyipxq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fifjygg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nvsvqqo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ynpscxj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jksayua] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [sevwprq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qwkdjau] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [eypriou] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wkjdhyf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hkxnwif] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [irnnmyo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [chilagu] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vumoqnj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ovcitbw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jogrqbp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dpsboun] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vqbjtoj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dgcywys] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qwxxmny] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [asldxly] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fmgnoqc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hmcvest] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [unoahuj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [lkdbheo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ylbcabl] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ohsypdj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [uivgmsd] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [uvlrpib] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fudbrkv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qjhwwjm] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [rkfgsfp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xammkat] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dmdfnyc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vfcpass] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [huibfoe] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [phsgkjv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ilwglfs] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wdlnern] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vsyxmxp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [krihjfk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wdondcf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ryxmfsl] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [temihvc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [injcmjs] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [stwdqsb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [tmpmnkg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hetxyln] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ooynjek] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ndfsenc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [guexndg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [eiokkeq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [btloovq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ioypqxo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ireeogg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ihoonyh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fmpkivh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [cunkmqj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [dedulwy] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [octbdwm] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qbtffqd] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [rdqkgcg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [gavmfyd] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [islnmls] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wcegwrc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ganbhax] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [mvmttan] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hkmjbcc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ybarqgh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ciafprl] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ocsenin] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [benwdql] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fsopipk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ibuyhnc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [twdainw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vedxqsr] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wkputpu] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [omqpklv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [tvekubg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ggbcrdw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [uokbrbo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nvnmqil] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [amkiimd] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [whgpjkl] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ehxnffx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [unubvkm] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [umwfnae] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [brhcjdi] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [doeiqbh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [oslsxuv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [pgygcxi] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ksjrqmh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nudygam] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [etgvlwr] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ckwcjad] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [seqbfrw] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qjdlsdy] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [yoxrgrp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [masxdxs] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [mlfxugx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ruchypx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vdjgglb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nhogfuf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [skopkqm] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [tlmjygp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [yuvicwh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [yuxcfnp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [llmkeob] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hvswcxg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [oadjuvq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jcqoehk] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [rdovxnv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wbehfyr] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ljsmlpu] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [uagegwj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [uqboaea] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wgohbob] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wjbgygt] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [lccmmiy] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ncgfusq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hcypaii] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [brovrhi] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ifpglcl] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [icsionc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ceddxok] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [yreteyb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ythetsb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ibjkajf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hjnspwg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [bscatsn] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ehfycgi] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wuowawj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jlqgqnc] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [uvhshqm] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [pvxiplb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [iuptjgv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [cjgiysr] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [mxmlwwe] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nksstnq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [pupxkht] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ethnrll] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xjoupej] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [mkylykg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [bdvutco] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wklcrmn] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [chopybo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [yablgdb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [weymxla] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wnybhbh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [tgxpvqi] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ertmylf] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [euanagi] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [umfydff] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hirrdtg] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [prkumdi] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fxvanxq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xxlamie] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [gysognh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [thafwnl] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [osciwwv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xllxinq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ebuvcua] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wkkypui] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [jfohgac] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nwivuab] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [eoyamnp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [raqwfpp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [iqeycyr] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [hwyfbqn] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [pymfbfe] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vkxxajx] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [gcloyun] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [bdbysfo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wpghrnv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [wxamsri] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [unlogff] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xcidtdy] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [devrmke] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vefehye] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [bqalqdb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [rdubfpy] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [qdslita] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ultrjrl] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [kdbsbbp] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [sfycqgr] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xenbnww] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [tjvwexb] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ccswcon] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [odtvbja] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [frdnnsh] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [gdvrequ] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [xkkiary] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [pccsnpa] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [bcvdqoo] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ybqxqkt] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [ymehdmq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [vcthsfa] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [djsmsei] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [nxpjnoj] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [fhvtrfe] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [lkuuylv] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [amqmunq] c:\windows\fmnmgdv.exeO4 - HKCU\..\Run: [orrjkem] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [pifqsqu] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [jsjtcyt] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [daqgnid] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [ndynnba] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [woyiret] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [qlvumbc] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [prsbxgn] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [bbmiuxb] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [evsmfni] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [yregese] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [qirphws] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [mxvwpeo] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [cykkgkh] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [dntwyos] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [cjifons] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [jwxuvkr] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [gtjwmpw] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [dxboyll] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [jiucpbl] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [nkwhkmk] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [ledttym] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [hwvqsjr] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [ruiojrc] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [dhswafe] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [xdghyhg] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [ocdjjjf] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [jftqbge] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [eswsspo] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [njsqkgv] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [scvjwms] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [sxnnkuy] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [jccaang] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [spvhbid] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [idkbfsu] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [qfatutg] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [oxxluug] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [ehxkmvs] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [fcmcmah] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [jylcmvd] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [taqsyea] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [lpvjivb] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [jmttdyh] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [bvolrun] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [kasydbv] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [qjtghyn] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [mhmofdn] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [pdhtvry] c:\windows\pkgbrvp.exeO4 - HKCU\..\Run: [hffewgk] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [aediawo] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [mqkfuhf] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [uwavhoy] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [xotjvoi] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [otyjmug] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [nwaxshs] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [jvefepn] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [vyfqhsm] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [ibpduve] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [nqslvff] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [gtxebdf] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [ristlmp] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [hcegvvd] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [kejaodb] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [qtqrwqg] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [jdcqonf] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [nfsjrhp] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [fsfamyy] c:\windows\rsawkrs.exeO4 - HKCU\..\Run: [rlyfaen] c:\windows\llcyggs.exeO4 - Startup: PowerReg Scheduler V3.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: PowerReg Scheduler.exeO8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG1O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Microsoft AntiSpyware helper - {FB782343-52C8-419F-8DA6-D9D21B672DBF} - (no file) (HKCU)O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FB782343-52C8-419F-8DA6-D9D21B672DBF} - (no file) (HKCU)O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cabO16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/Ter...stallPlugIn.cabO16 - DPF: {3B8D1843-D291-65D0-EA0D-6AE21B24E66D} - http://69.50.182.94/1/gdnUS1882.exeO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cabO16 - DPF: {695D02ED-EDBF-045C-5353-685E7149FC85} - http://69.50.182.94/1/gdnUS1882.exeO16 - DPF: {7D238D05-8CAB-4C2C-9C07-717FA529DDFF} (BatchDownloader Class) - http://photos.msn.com/resources/neutral/co....cab?10,0,910,0O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp...23/cpbrkpie.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cabO16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cabO23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeO23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exeO23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeO23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exeO23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXEO23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe Link to post Share on other sites
John L Posted May 19, 2005 Report Share Posted May 19, 2005 Well bud your loaded for bear Unfortunately, not my forum can't help sorry Link to post Share on other sites
Dragon Posted May 20, 2005 Report Share Posted May 20, 2005 hi sorry for the delayed response, had to do a little research on the fix for your particular infection.Please run Notepad and paste the following text into a new file:REGEDIT4[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry. Next post a fresh Hijack this adn we will clean up whats left over Link to post Share on other sites
Recommended Posts