Jump to content


Photo

Browser Hijack that won't go away


  • Please log in to reply
15 replies to this topic

#1 Dimple Lover

Dimple Lover

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 10 June 2004 - 10:16 AM

My browser got hijacked by CSW (Searchx is what it's called). Ad-Aware and CWShredder removes these files but they come back up. Everytime I try to remove them it sets my homepage to the default microsoft/msn page. But I like my homepage to be about:blank. Once I change it, my about:blank page shows the website. Please help me, I have great amount of faith in this board, you have helped me before with my browser hijack about a year ago. Thanks in advance.

Logfile of HijackThis v1.97.7
Scan saved at 10:20:00 AM, on 6/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Documents and Settings\En\My Documents\Downloads Etc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hmc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\hmc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\hmc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hmc.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\hmc.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\hmc.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1837FBA4-E421-4D88-996F-CD95EFDC68B7} - C:\WINDOWS\System32\hmc.dll
O2 - BHO: (no name) - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\System32\smiehlp.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [lt08w69xr3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jv91cx66ag] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gg847k2y9z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hk6u5muox9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rsawped2ub] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hd65m7ng3s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f947oov4un] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [d930y4uajp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ac6fw0vc8e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ap5xl9fc4o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0lvzwrl0lk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dgemsio6ky] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4624hd03e8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9h3p3gmhur] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [au28tre9o0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [apaz9gezo6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2b12fr2uu1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4i2p3bnxre] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7za5sw98wt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5v071dgxlo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dbi0jzx55p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bf92lgvtwl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zg56xn154e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9b74vyugli] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9wh65uazyd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [746y5d1mbj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0g4f3nul7u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3oc3r8eo48] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jpb4i98olh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kyado99xox] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dizt4vl60b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ir96yo8bez] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i7dz4fs7vk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3s1nju4g6z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [84b15xzvdg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [681b7exj3c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gwdank6dxc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ao8096b336] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bt7pz83vrg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [d975vtx6wu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ikhshwjlbb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9u6jgna8oh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8233gf2n2n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2a3r40mz72] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [aucten3hjy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [929ceeu4x3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z60enwttn0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2r7sar6vgn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ceirixnpam] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5z77yb0yl1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5v7z610ft7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [83feuuuspk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [675g4btfgh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u82k79yrx9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [74e8c91xnm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y7czxo6alj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w4a1755z3g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [px6rtj9oha] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v88cemw3os] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yg8s3fp6ux] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wk6u4xovku] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pt6i1h96h7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ud5nmcw89v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sh3pntux0s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xldbaxgbf9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s5cgwrve7x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [teap2rvm2c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wli5pbgy7r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xy9wnd8pv0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vrgoyt73t2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gw3vbgc3sr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ofdxu4slbm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [osbejekkzw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sndchodx90] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hr6j30ky6e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nka71ljrxy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jk7b4to25p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ip4vc9g7r2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eaa944vre5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c2algj1fhs] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cf6el0t2xi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [er6a9venvr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hrfsg3fgc0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dfdms0lasy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [esbcpadan8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cnaerscy54] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5d7me3oooo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9x5s1p2ihc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8h7ujli918] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c1ez58wbuw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8ybvo525au] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6u9wru8t0p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xy0fb9efym] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5h9huxlx9i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xb48orytde] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v72azfwg4a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pf2pm0pj1o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zbahvppa8u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lczl6xwlpm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kh5weemiap] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v4gwmk4lwo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nx5k2zgu73] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vlcxkbnhcb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n61k8p0pop] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n294fn08nv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l67eh57wdr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oe7u5pt7j5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w3e6w30vgc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mnaotwj9ps] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ck0rvdhxfo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lg993brefu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mo7i9biwi9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h9ewvxwyax] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nxe07abcdo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ee2iw6l1e0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jlbmr7h6tm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b775n0sk23] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l7hlu92ejc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [734szxyei1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ab4fwhspne] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9gar37im8r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [e4avncy1bi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6p54c5gfky] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bof976ckyl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4h4ymknl90] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8ubdx3amhz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b6bacpwgf7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5cb0bssc1t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rm2pvxfyo8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wy4bg02dvp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v39mxp2ig2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jp5tgw3lom] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m659dgoxl1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [shfvzjjb0i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tldcou33wt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sranxb38h4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nn8ig789x2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tzh43bvocj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rv86csuc2f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lb8m1knfzu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h0dhkhuhns] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kgdx82ekk5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mndlwm8npj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dd0blpjksu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lyg7btryw7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gy5jnswa5z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6u3lohvyvv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2r098d1sjt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6bzev0eubg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ev9f5nvknc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [44684fl01i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dv2jipegtp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8nwpa3be3z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dz63x6yuhg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eb4tugrt5r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dg242xhpp2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1lxy3671u4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6xzcp92g9m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3uw7968iok] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8h4bujmorc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7m1l10eucf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6e0fbflzah] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9m0vz06afv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1fxjmeijr9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6szx8h5zyr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b38ivk0dc9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7n7ogfdg5x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8s6eeh6717] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [txtkj52fzv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sosd2k9lxx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s1pvsm2ck7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2g1v8tbfe6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tyym8k22sc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w5z2w5w5or] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1h8oi8ik48] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [417u43wmxw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3645bjvsh7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r719nrt4z0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xz02xy09n2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mvy4zmyyey] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y77b3xsrrh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rb51t7kher] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vw46e2yk7f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fotm2gatiu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sk4az7cz97] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lhrgcv9zgv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pg2c0obm03] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w53fk2r12v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hdxbwse1wt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fuxf7xu7zk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c3sto3s0at] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mr4sya924s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [py4flvv616] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [if1mh67wjp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eyy3cbn8x1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5evnb2fma7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [d23ejsfdhc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4j06jj6swi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [94ylbekbim] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7rvjso0g8f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ef77yh7ry4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [68wndwj09i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0otv074ps2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ao3j7f5j9b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [692ptaim20] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5dz10saimb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [366ua7hokd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wrvaykuyws] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [12wwkngk39] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7r40w1vrd1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6v2a4iuwzc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uwzefps875] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z7012kenlm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mcwv3tczpo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [t9srtya992] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0o3adbz0yn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mp0egiwc6g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zu0lk1p5a0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [muxpozvhss] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uezr7m383n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xl7fv7xb81] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [o6om4ug3o0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wr4p2xngud] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x33f0zg7hm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pk5p3pskto] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [no4s57r8ik] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n60tayi4s6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [iup7ovnpko] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lyyekdhip8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gixj68vkhw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eevlgp298s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [frub6rl0w2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nb4dof2r7y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [84t141ezrc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [88xlhi6d73] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6dvnjz51yz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g16ms6e4jz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [co4ib2kxzx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ea1h7c55pm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c6zjhubufi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7ryo3opw8y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [501bimgyel] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1kzg4hu079] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zoyi6ysoy5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4sz4s2eb4n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xkwt7frcn2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zhekrsc7w4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yrb4pj3v9a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s23156nf7i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ms7pzh1nkh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r8emtan7kb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ysgn3yvpx7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z4e510nok8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2ceupkhtpm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m4b9c7t111] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [poafzt64to] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nk8h0i5sjk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [txa3mls7z3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y8bg9heu5k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n5aia6liwg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l98tknk6lc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [md7aapcx9m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [so8wxtzkn4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [odh0g6errw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ia46umizxk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nlejgp5ec2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i6co2kig5p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nhebon5wb8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mrb3newjye] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ozhk0ep9n9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [inetnr206t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [do3xzo7bel] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [flix5m0ag6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dp8ze4zy73] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gaf41zk10r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [42484xhcgi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f2dyadj6ys] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [iaedyyd9v6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [czh20ahh86] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4k5cp31whl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4x42n5um5w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [74chbyeya9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0g27907oyj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5tckv3u4c1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [81c9jnmfhf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1l1ozazotu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5xabtdl48b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [319dvvksr7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8dbrhy775p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6afvzudho3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xv2cwnowpi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [03atk8i7vx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7id45u6zji] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5raw4lxdxo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yc5mze991k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y71vuohvkt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r27xb5kmcl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j00540g94r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [obair3bni9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s067jfgwx8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h93sj67aae] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nobv3bloc6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g12ktleo0g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i9a0p60s5u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mu86b1luyi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cy7gdikine] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [teh1341r7f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ie7jxnzxr6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [808w2w9yk3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hw8eiuifs9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9dcffk2b8v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9pb5dmu3w5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eoe22norfc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7l17f4tzl1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6rcl38jisu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b3ezob6y6b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3s8yk6hb32] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [849j794rij] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9cgtc9x7dz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zpawjimsbg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1ybb838vhv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z29d9s7r7r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1e6cduszpg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vv4k16cp80] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vscb94c7g6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [03dow7zmvn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [twadbkbv62] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u0138m3muc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wg9jxfxyzp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w0bkf35gbl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z8j83nzsgz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tc6egc3sef] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3sheoicu8f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0x8gr0bhzb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wgelcvoksz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s1dryhaekm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oyct8y932j] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wpamidgg0k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m38yp37dlx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n76nn50c86] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kb5pply1z3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rr5t9zdf1v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l7d8xjzi68] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nx9xrwbpk8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sdglkgyak1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [o1dh4c340z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8357phz8tz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fneuhke52x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kbex2ytj4o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dw3lhc5jg3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2xzzra3dsa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f0ilwa6iin] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f9emttper9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zjz4dykjj9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8f7vlwl9if] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1j5djyd1ep] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2sclp66h95] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xg3832jvun] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [40cadr0kei] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wk0jbjizfz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [68bijps29y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zo8r724tsi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sh5emggt3x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5dgus7jzua] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yy5i7lv75o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ow5k9360vw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s4a2l3sykr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vo987y50df] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [01buu1sfsx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kk8a9f4o3b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [na3z3rgnha] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pp4ezbazeo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [padf9zihyk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oebrgohmjw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c17o3vrgo1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [824sf2nt5u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gl6upp4iho] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ep4wz7377l] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b65zbchdac] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ci3o9macxm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ae2ra381ni] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [frb5x73f21] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dv277n24tx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k2drjapvhi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [73avvgnfpa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [drayfl2l02] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f47xawm2is] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [d06zcdlp9n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5t8hf6yddj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [81854rroay] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x24idxh9l5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0z0ze9ugz5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7ja1oxa7b1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5za492odlt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wj5lzv0sm8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xx44w5tsii] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uc5yaaeopv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y93uu7ki6t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3c47ga76ka] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8net3duk0s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sl8tph5zwa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2da9wp7tdj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [65gvtpsf0u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w2exu7r4rp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [utiuvb0oy8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [slhfcrz2wa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s2dgairz4w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gf7jhr9ibd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kjfrl93bfx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x86xa4ghda] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n33ak3afft] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9vcs7idb4d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fof8t8plpa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zo5uw3n5s0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uw9mgkc41h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uu2drh11lm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2ecf1dhs5h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0ibh2vgfne] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [th81hdc6bg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rl63subutc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wx8gdyy98v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gh55tb9hj9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [erh7dlv2vi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8g6e8yfte2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2e6w71cx0n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6b8uzc9c92] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z45impllkg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r39nbfohxd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fl1apdy7h6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kxancgtlwo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [64sphsdg89] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1spcwoi1us] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7okumz0js8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2o96yy6w80] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [71ijk1tbei] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4ygf4xzc3g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1ueh6mx1tc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pbfapg90aj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eu7o4erp3c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j5g2rhdc9v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cy5revpdk9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [371sbm9h2v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8ib5yp4xgc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dvcrttrcnu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gjg8l54j1u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6nfanl27sp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b0gnapom67] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0gekyx2lan] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6wenh2g0cf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xvkk1rjev4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3o8pt4hta7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0y95hhf8ex] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [369te21cca] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mbbzvlrhui] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7c0t5npazm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5gxisj66ve] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s4zav5emtt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yf227t2w98] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bmx7pdx6r0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7t5ezkg2dm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rp4rice3mh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [p353nkx4ge] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fkzo3in6m2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hxzlsd90ka] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m75mrdarkn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zy5omg187i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [smrzz1wbpb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0d1h0cai2n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uu15nxwl02] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rbsj3mdajw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ecz3ixd569] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1fstbv5vj0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2czeemz1j7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nvrisg9esd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4nslig3ay7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bxgl4xadux] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9akxf9wgy0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u3hkvw8p9e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kminupgitc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pzmregy230] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [iji7uua3ee] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cujky3t7yf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3flx3jb80d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1bbzc1axi9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y7jgil4ver] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7chb1h3l4o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [t5hmjk37mn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [trh7u1ehj1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dtj4ja459m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yn4slm2535] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vo9clzg07d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kwfd145y8c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [arcrj47viw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zmdrsx8kby] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bl8xa92vsp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u55nfojknp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fnavgoucod] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h4aic9fnur] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0f71hxwdp0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nn4nzdtutb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wmt2klvv0b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [22thgsddaw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [06sjp8k21s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pfl65f3b7f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [expy92fx4d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h5plxm909r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dii9mazp6a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ivsv8dlddt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wohhj8ni98] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [t5tsah5yl6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [e3jjb2lidd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [df1pg9wvsf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f07gkag3h5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k4836e3ixm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8g4x7mtu1o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g1eypa9kck] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gxehy8h2kr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [etcj0pgpam] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6r6imtjw7c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7m7avisdei] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [e6gbde84rd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cafdfw7sga] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5v4uvaj1to] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [a75fhd6fz6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5sanrmj5kb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1t6suloh13] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4xfzz4aa5m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [75fmmo4da1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [59doo6211x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yu254teacb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8hd4kzwcya] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2a926c1u45] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7lbfsgn9jm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [06847uziv1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [auj3g0gko0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y76xh96nt2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3i8a3ctb7k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2ndlbuk8tw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rs1fk2ijxy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3nc3hukonb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s08oi2a0sd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pxf6xw4zfn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m2bbes29y1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [de7kcklnzh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mbfcjil57m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cdco3io3h6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3557xiwump] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [33590tzmby] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8zgx4j1s2b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w24k8a2wwk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1d56veoa22] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5pfjphbyhk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yud9fj4pdu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pr012m739k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1i9r8v8xru] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lbyen9k528] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pdzulvidyx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vpfanc5e6w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hu3vrd29ei] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kyc2mww2j2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mb9ti6gaas] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g068eht1kc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dw5agz0ob8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [e99vufj2rz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hh9ih8cewd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7p62hs4taj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hud3vpxsc4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jkaggj6p6h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2wysgvsx45] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hgdney8a9h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8ka7mez6uu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [82e8j6rb3f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6y4aumpztb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [53al1cgwem] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [aebznf3jt4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rd1bjh4h13] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ztb4a3upkw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [phyvsz4mm6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [044skplvfx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [01catnmcm2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ib0mts8rlh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0vc4bwyuj7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tf1kra93vl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yrb6ddwi23] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wfb9yibxcv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jj63zr18gx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s485hngrst] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n05stjmj8r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oc4irl7j40] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rp9gmwsslp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k51m2tcvkt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vtclbrly6s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uy9xiglvr4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sygptvt8o5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j66oizci5a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j1cc9veev4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jn8sv5v16d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gcgwfiafg5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b069tfn02m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [du79u8s41y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i69mgbejfg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gfchw95ll3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [287ehw9bsy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9sazujok9d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b4fypl9t03] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6oe3bgnwsr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xd1u1j6sl1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ty00m6jvep] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1v6taijzec] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uf39pxw0pr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4fdzw5xt70] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z33da2aesi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ut723dnl6h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xxf98wh6i1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w54t7n8ux7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zd4gv8uxul] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pg4oniufuf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1geeurv9bp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mp0axgj8yn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nm8u5esp5t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s21nikenc5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uaf6vjzda1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yvejgedf3o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [in30wtooe3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [js1pu2hn2c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tfcp21riwc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l815hm2r7r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rjbs4ry6d8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j407j49fom] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [of1t67wu44] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ht0b49ou0e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pc9cm5wcba] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gx5ubzfrkr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tja0appngn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9d22zasgwa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j151fh9jp9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hx43hz87f6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rucmpogomb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9izd6sslgl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jr53iscbeh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [902mii3zsn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [isbxy6cy7z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4oybbvgy6m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [89xhygu1za] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fo8ti3h0nw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zp0i38d57x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9dc9bevz1w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [261yrt78ca] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9v8ah6ew9h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7r6cimdj0d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c38y5r07ew] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5f6f3ssy25] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0f3s6zpaiy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b759d7z407] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x40fpwvczw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rtw4j78bcv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w56h6avrsd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u9wj7sumh9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0p4ns58tjt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s23dp71sf2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yp3g2cf7hu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5169e83gza] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wm2ib2ev8r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xz08136lw0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3a9vu6li5y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x34teky0bs] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yc32ktrg67] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tjbp9dcjbl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [md7murg9hf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [khxo48ny8b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [llw7ui7owl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [td68c6nffg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yp7uz9avmz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g6vcf5usn9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s642llvk5i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fi0wnukw9k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [km199x7bo3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pybvw02z3k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nzagdf14tl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [enx6vbc1vx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nb5p39ki22] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tn7bpc7ygj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dfwsdrj7ty] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dsuh3sbyf8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n76hbzk198] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9c1nomo18w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hw3o7a5rts] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m8catds6z9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ptbgf859sx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bpyltx98zl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jl7d0mar6s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7lwh4tfaej] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b6umpftd77] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ip4o839ws3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n2e2v7wayk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fm1js8fx71] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jzbyeb2cmi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7r02hazo3b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c39n4du39t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f39e9ahydo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ec66928lzv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mw87spg4br] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c45zrh7sox] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l1dizfg9x3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b53k1xexmz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [650xcvc93r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [729gktkz3x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5yzimajmtt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5ay8jkbeo3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [434tu0ije4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7758ya4cin] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0z2odwgl22] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [amdnm3yfn2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [aw9oslhcxn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3k6xfy22f7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1g4zge0r64] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9060zb8ghz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z93szuz445] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2p9a3utuu1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0m7c4jsijx] C:\WINDO

#2 Guest_splintercell990_*

Guest_splintercell990_*
  • Guests

Posted 10 June 2004 - 10:19 AM

Just so that you know you are not being ignored - I will handle this case for you but I need to ask for your patience while I review the log. Please keep an eye on this message for a resolution shortly :)

#3 Guest_splintercell990_*

Guest_splintercell990_*
  • Guests

Posted 10 June 2004 - 10:25 AM

Hello Dimple Lover,

It seems we are dealing with the new CWS strain :( For now, lets try this:

Download this zip:
http://downloads.sub....org/dllfix.exe

Please unzip and install it to the desktop. It will not work if you run it from inside the zip. Navigate to the new folder and open it. Double click on the start.bat. A DOS window will open. Please select option 1, by typing 1 and then pressing enter. Once the search is complete a ".txt" file should pop up with the name "Output.txt" (it can also be found in the dllfix folder), please post this log into this thread, along with the windows.txt logfile, which can also be found in the dllfix folder. Please attach the windows.txt logfile, as it is in binary, do NOT post it as a reply.

Good Luck :)

#4 Dimple Lover

Dimple Lover

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 10 June 2004 - 05:53 PM

I was a bit confused when you told me to attach the windows.txt logfile, and not post it as a reply. May you please verify that? May you please tell me how to attach a file? I don't see an "attach file", "upload" button here.




--==***@@@ FIND-ALL' VERSION MODIFIED -6/05 @@@***==--
--==***@@@ ORIGINAL BY FREEATLAST @@@***==--

Thu 06/10/2004
06:31 PM

System Info:

Microsoft Windows XP [Version 5.1.2600]
C: "xp" (3059:7CF2) - FS:NTFS clusters:4k
Total: 52 427 898 880 [49G] - Free: 47 213 940 736 [44G]


*IE version and Service packs:
6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe
*Notepad version :
5.1.2600.0 C:\WINDOWS\system32\notepad.exe
5.1.2600.0 C:\WINDOWS\notepad.exe
*Media Player version :
9.0.0.2980 C:\Program Files\Windows Media Player\wmplayer.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;SP1;Q832894;Q330994;



Locked or 'Suspect' file(s) found...
\\?\C:\WINDOWS\System32\LOGJKC.DLL +++ File read error
\\?\C:\WINDOWS\System32\LOGJKC.DLL +++ File read error


Scanning for main Hijacker:
File found was C:\WINDOWS\System32\IIGNFD.DLL
Md5 tested As C87354D67A8B9828F483C6F90C496972


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
@="SpywareGuard Download Protection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8921298D-7863-4135-8116-0ED061E2059A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A491D208-B353-490F-B81A-A8A3DC97042D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{3AB4AD4B-CE78-489C-8BBE-77EC4D41FC8C}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{3AB4AD4B-CE78-489C-8BBE-77EC4D41FC8C}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"


! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_Dlls REG_SZ

*Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM




Edited by Dimple Lover, 10 June 2004 - 05:58 PM.


#5 Guest_splintercell990_*

Guest_splintercell990_*
  • Guests

Posted 10 June 2004 - 06:49 PM

Hello Dimple Lover,

At the bottom of your posting windows you should see something like the attached image that I have provided. Make sure you hit add reply, and not preview post otherwise it will clear the attachment :). If this confuses you, just post the windows.txt as it is, and don't worry about attaching it :weee:

Attached Thumbnails

  • attaching.JPG


#6 Dimple Lover

Dimple Lover

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 10 June 2004 - 07:38 PM

I am terribly sorry, but I honestly can't see the attachment area.

Here's the what I see

Here's the windows.txt Thanks a lot for your time, if I'm missing the upload area because I'm blind please make a picture of the whole webpage to exactly pin point where it is. I see Post Options and Post icons beneath the posting window and that's it.
------------------------------------------------------------------------------------------------



regf       "GW V 0 F?@%MaV V- L"FXV A1=9@D$I[V#*;B>V 7k6tDF5q?HEH+4 +  V IHLMG.8 + 0 8tTT2h?
@ |*Vm_[9s?8u9v"DS `@˨ hbin  nk, \{K  @ x 0 > p a  Windows sk x x        
     !
   !      #
   #  ?    
     ?   
    ?    
        vk >    fAppInit_DLLs?GC : \ W I N D O W S \ S y s t e m 3 2 \ l o g j k c . d l l ?   vk  X   UDeviceNotSelectedTimeout1 5  @ 9 0  ?| vk  '   zGDIProcessHandleQuota"vk     Spooler2y e s n   ( x   vk    =pswapdiskvk  h   RTransmissionRetryTimeout ( x    ` vk  '   c USERProcessHandleQuotao p

#7 Guest_splintercell990_*

Guest_splintercell990_*
  • Guests

Posted 11 June 2004 - 07:43 AM

Hello Dimple Lover,

Its no problem...I saw what I needed to see, so lets proceed with the fix :)

Run the start.bat again, but this time, run option 2 and then choose option 1 in the submenu. At the prompt, please type in: LOGJKC.DLL, and let it complete the fix. Once its done, reboot once more and proceed as follows:

Download the latest version of CWShredder by Merijn Bellekom, the creator of Hijack This. Run it, press 'Fix', and allow it to fix all it finds.

Now download Ad-Aware at http://www.lavasoftu...pport/download/
After installing AAW, and before running the program, you NEED to FIRST update the reference file following these instructions.

Now do the following:

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload Recognized Processes During Scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows Remove Files In Use After Reboot."

Press "Scan Now"

- Check option "Use Custom Scanning Options"
- Check option "Activate In-Depth Scan"
- Press "Select Drives\Folders To Scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives... It will find a number of "bad" files and registry keys. Click 'Next' again. Right-click in that pane and choose "select all". If it finds "bad" files and registry keys, press "Next" again. It will ask you whether you'd like to remove all checked items. Click OK. Finally, close Ad-Aware, and reboot. Then, when in Windows again, please navigate to the dllfix folder, and find the files called logs.txt, windows.txt and output.txt. Please post logs.txt and output.txt, and a fresh HijackThis logfile in this thread, and as ususal post windows.txt. There will be more to do!

#8 Dimple Lover

Dimple Lover

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 11 June 2004 - 06:13 PM

Hello SplinterCell

I downloaded CWShredder again. I already have AAW version 6 and I downloaded the reference file manually about a week ago. I wonder if that's fine, considering I downloaded the most recent reference file just a week ago or less. Here are my tedious logs :zipped:


------------------------------------------------------------------------------------------------
logs.txt

CWSDLL/Searchx Appinit Fix By Shadowwar
Version 3.01 060504
Please Do not mirror Without Permission!
I can be contacted at spywaresubmit at aol.com
Fri 06/11/2004
06:31 PM

Backing up Registry Hive

The operation completed successfully

Deleting Windows Key

The operation completed successfully

Adding Test Windows Key

The operation completed successfully

Restoring temp Values Key

The operation completed successfully

Deleting Bad Appinit Value

The operation completed successfully


Backup of Modified Hiv

The operation completed successfully

Deleting test Windows key

The operation completed successfully

Deleting Filter text
Running from C:\Documents and Settings\En\Desktop\dllfix
Scanning for Locked File
Unlocking Locked File

C:\WINDOWS\System32\LOGJKC.DLL
Scanning For main hijacker.
Found Main Hijacker Dll:C:\WINDOWS\System32\IIGNFD.DLL
Md5 tested As C87354D67A8B9828F483C6F90C496972
MD5 Matched known Baddie
Deleting Hijacker Dll: C:\WINDOWS\System32\IIGNFD.DLL
Succesfully Deleted
Scanning For main hijacker.
Found Main Hijacker Dll:C:\WINDOWS\System32\HMC.DLL
Md5 tested As 4E24A18F3A557AF479219E47E27B8B59
Processing File Manually
C:\WINDOWS\system32\LOGJKC.DLL
Md5 Check of C:\WINDOWS\system32\LOGJKC.DLL

Md5 tested As C185B36F9969D3A6D2122BA7CBC02249
Md5 matched known baddies.
Processing and Deleting File.
Processing ACL of: <\\?\C:\WINDOWS\system32\LOGJKC.DLL>

SetACL finished successfully.

File was successfully Deleted.
Please Run Hijackthis or Cwshredder to finish cleanup.


Adding Back Windows Key

The operation completed successfully

Restoring Registry Hive

The operation completed successfully


Restoring Cleaned Appinit Value

The operation completed successfully

------------------------------------------------------------------------------------------------
output.txt

--==***@@@ FIND-ALL' VERSION MODIFIED -6/05 @@@***==--
--==***@@@ ORIGINAL BY FREEATLAST @@@***==--

Thu 06/10/2004
06:31 PM

System Info:

Microsoft Windows XP [Version 5.1.2600]
C: "xp" (3059:7CF2) - FS:NTFS clusters:4k
Total: 52 427 898 880 [49G] - Free: 47 213 940 736 [44G]


*IE version and Service packs:
6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe
*Notepad version :
5.1.2600.0 C:\WINDOWS\system32\notepad.exe
5.1.2600.0 C:\WINDOWS\notepad.exe
*Media Player version :
9.0.0.2980 C:\Program Files\Windows Media Player\wmplayer.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;SP1;Q832894;Q330994;



Locked or 'Suspect' file(s) found...
\\?\C:\WINDOWS\System32\LOGJKC.DLL +++ File read error
\\?\C:\WINDOWS\System32\LOGJKC.DLL +++ File read error


Scanning for main Hijacker:
File found was C:\WINDOWS\System32\IIGNFD.DLL
Md5 tested As C87354D67A8B9828F483C6F90C496972


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
@="SpywareGuard Download Protection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8921298D-7863-4135-8116-0ED061E2059A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A491D208-B353-490F-B81A-A8A3DC97042D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{3AB4AD4B-CE78-489C-8BBE-77EC4D41FC8C}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{3AB4AD4B-CE78-489C-8BBE-77EC4D41FC8C}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"


! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_Dlls REG_SZ

*Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read BUILTIN\Users
(IO) ALLOW Read BUILTIN\Users
(NI) ALLOW Read BUILTIN\Power Users
(IO) ALLOW Read BUILTIN\Power Users
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access BUILTIN\Administrators
(IO) ALLOW Full access CREATOR OWNER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access BUILTIN\Administrators
Full access NT AUTHORITY\SYSTEM





------------------------------------------------------------------------------------------------
Windows.txt

regf       "GW V 0 F?@%MaV V- L"FXV A1=9@D$I[V#*;B>V 7k6tDF5q?HEH+4 +  V IHLMG.8 + 0 8tTT2h?
@ |*Vm_[9s?8u9v"DS `@˨ hbin  nk, \{K  @ x 0 > p a  Windows sk x x        
     !
   !      #
   #  ?    
     ?   
    ?    
        vk >    fAppInit_DLLs?GC : \ W I N D O W S \ S y s t e m 3 2 \ l o g j k c . d l l ?   vk  X   UDeviceNotSelectedTimeout1 5  @ 9 0  ?| vk  '   zGDIProcessHandleQuota"vk     Spooler2y e s n   ( x   vk    =pswapdiskvk  h   RTransmissionRetryTimeout ( x    ` vk  '   c USERProcessHandleQuotao p

Edited by Dimple Lover, 11 June 2004 - 06:20 PM.


#9 Dimple Lover

Dimple Lover

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 11 June 2004 - 06:20 PM

------------------------------------------------------------------------------------------------
Hijackthis

Logfile of HijackThis v1.97.7
Scan saved at 7:11:05 PM, on 6/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\En\My Documents\Downloads Etc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\System32\smiehlp.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [lt08w69xr3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jv91cx66ag] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gg847k2y9z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hk6u5muox9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rsawped2ub] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hd65m7ng3s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f947oov4un] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [d930y4uajp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ac6fw0vc8e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ap5xl9fc4o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0lvzwrl0lk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dgemsio6ky] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4624hd03e8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9h3p3gmhur] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [au28tre9o0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [apaz9gezo6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2b12fr2uu1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4i2p3bnxre] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7za5sw98wt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5v071dgxlo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dbi0jzx55p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bf92lgvtwl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zg56xn154e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9b74vyugli] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9wh65uazyd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [746y5d1mbj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0g4f3nul7u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3oc3r8eo48] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jpb4i98olh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kyado99xox] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dizt4vl60b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ir96yo8bez] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i7dz4fs7vk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3s1nju4g6z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [84b15xzvdg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [681b7exj3c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gwdank6dxc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ao8096b336] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bt7pz83vrg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [d975vtx6wu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ikhshwjlbb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9u6jgna8oh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8233gf2n2n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2a3r40mz72] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [aucten3hjy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [929ceeu4x3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z60enwttn0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2r7sar6vgn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ceirixnpam] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5z77yb0yl1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5v7z610ft7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [83feuuuspk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [675g4btfgh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u82k79yrx9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [74e8c91xnm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y7czxo6alj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w4a1755z3g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [px6rtj9oha] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v88cemw3os] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yg8s3fp6ux] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wk6u4xovku] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pt6i1h96h7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ud5nmcw89v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sh3pntux0s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xldbaxgbf9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s5cgwrve7x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [teap2rvm2c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wli5pbgy7r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xy9wnd8pv0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vrgoyt73t2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gw3vbgc3sr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ofdxu4slbm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [osbejekkzw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sndchodx90] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hr6j30ky6e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nka71ljrxy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jk7b4to25p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ip4vc9g7r2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eaa944vre5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c2algj1fhs] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cf6el0t2xi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [er6a9venvr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hrfsg3fgc0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dfdms0lasy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [esbcpadan8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cnaerscy54] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5d7me3oooo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9x5s1p2ihc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8h7ujli918] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c1ez58wbuw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8ybvo525au] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6u9wru8t0p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xy0fb9efym] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5h9huxlx9i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xb48orytde] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v72azfwg4a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pf2pm0pj1o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zbahvppa8u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lczl6xwlpm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kh5weemiap] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v4gwmk4lwo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nx5k2zgu73] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vlcxkbnhcb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n61k8p0pop] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n294fn08nv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l67eh57wdr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oe7u5pt7j5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w3e6w30vgc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mnaotwj9ps] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ck0rvdhxfo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lg993brefu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mo7i9biwi9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h9ewvxwyax] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nxe07abcdo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ee2iw6l1e0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jlbmr7h6tm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b775n0sk23] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l7hlu92ejc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [734szxyei1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ab4fwhspne] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9gar37im8r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [e4avncy1bi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6p54c5gfky] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bof976ckyl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4h4ymknl90] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8ubdx3amhz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b6bacpwgf7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5cb0bssc1t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rm2pvxfyo8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wy4bg02dvp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v39mxp2ig2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jp5tgw3lom] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m659dgoxl1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [shfvzjjb0i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tldcou33wt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sranxb38h4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nn8ig789x2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tzh43bvocj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rv86csuc2f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lb8m1knfzu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h0dhkhuhns] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kgdx82ekk5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mndlwm8npj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dd0blpjksu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lyg7btryw7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gy5jnswa5z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6u3lohvyvv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2r098d1sjt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6bzev0eubg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ev9f5nvknc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [44684fl01i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dv2jipegtp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8nwpa3be3z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dz63x6yuhg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eb4tugrt5r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dg242xhpp2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1lxy3671u4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6xzcp92g9m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3uw7968iok] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8h4bujmorc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7m1l10eucf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6e0fbflzah] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9m0vz06afv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1fxjmeijr9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6szx8h5zyr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b38ivk0dc9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7n7ogfdg5x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8s6eeh6717] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [txtkj52fzv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sosd2k9lxx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s1pvsm2ck7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2g1v8tbfe6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tyym8k22sc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w5z2w5w5or] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1h8oi8ik48] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [417u43wmxw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3645bjvsh7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r719nrt4z0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xz02xy09n2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mvy4zmyyey] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y77b3xsrrh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rb51t7kher] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vw46e2yk7f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fotm2gatiu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sk4az7cz97] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lhrgcv9zgv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pg2c0obm03] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w53fk2r12v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hdxbwse1wt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fuxf7xu7zk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c3sto3s0at] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mr4sya924s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [py4flvv616] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [if1mh67wjp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eyy3cbn8x1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5evnb2fma7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [d23ejsfdhc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4j06jj6swi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [94ylbekbim] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7rvjso0g8f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ef77yh7ry4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [68wndwj09i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0otv074ps2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ao3j7f5j9b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [692ptaim20] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5dz10saimb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [366ua7hokd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wrvaykuyws] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [12wwkngk39] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7r40w1vrd1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6v2a4iuwzc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uwzefps875] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z7012kenlm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mcwv3tczpo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [t9srtya992] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0o3adbz0yn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mp0egiwc6g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zu0lk1p5a0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [muxpozvhss] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uezr7m383n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xl7fv7xb81] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [o6om4ug3o0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wr4p2xngud] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x33f0zg7hm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pk5p3pskto] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [no4s57r8ik] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n60tayi4s6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [iup7ovnpko] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lyyekdhip8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gixj68vkhw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eevlgp298s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [frub6rl0w2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nb4dof2r7y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [84t141ezrc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [88xlhi6d73] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6dvnjz51yz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g16ms6e4jz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [co4ib2kxzx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ea1h7c55pm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c6zjhubufi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7ryo3opw8y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [501bimgyel] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1kzg4hu079] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zoyi6ysoy5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4sz4s2eb4n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xkwt7frcn2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zhekrsc7w4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yrb4pj3v9a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s23156nf7i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ms7pzh1nkh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r8emtan7kb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ysgn3yvpx7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z4e510nok8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2ceupkhtpm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m4b9c7t111] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [poafzt64to] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nk8h0i5sjk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [txa3mls7z3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y8bg9heu5k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n5aia6liwg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l98tknk6lc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [md7aapcx9m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [so8wxtzkn4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [odh0g6errw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ia46umizxk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nlejgp5ec2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i6co2kig5p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nhebon5wb8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mrb3newjye] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ozhk0ep9n9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [inetnr206t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [do3xzo7bel] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [flix5m0ag6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dp8ze4zy73] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gaf41zk10r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [42484xhcgi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f2dyadj6ys] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [iaedyyd9v6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [czh20ahh86] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4k5cp31whl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4x42n5um5w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [74chbyeya9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0g27907oyj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5tckv3u4c1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [81c9jnmfhf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1l1ozazotu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5xabtdl48b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [319dvvksr7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8dbrhy775p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6afvzudho3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xv2cwnowpi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [03atk8i7vx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7id45u6zji] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5raw4lxdxo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yc5mze991k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y71vuohvkt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r27xb5kmcl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j00540g94r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [obair3bni9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s067jfgwx8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h93sj67aae] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nobv3bloc6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g12ktleo0g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i9a0p60s5u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mu86b1luyi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cy7gdikine] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [teh1341r7f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ie7jxnzxr6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [808w2w9yk3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hw8eiuifs9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9dcffk2b8v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9pb5dmu3w5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eoe22norfc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7l17f4tzl1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6rcl38jisu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b3ezob6y6b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3s8yk6hb32] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [849j794rij] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9cgtc9x7dz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zpawjimsbg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1ybb838vhv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z29d9s7r7r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1e6cduszpg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vv4k16cp80] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vscb94c7g6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [03dow7zmvn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [twadbkbv62] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u0138m3muc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wg9jxfxyzp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w0bkf35gbl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z8j83nzsgz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tc6egc3sef] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3sheoicu8f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0x8gr0bhzb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wgelcvoksz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s1dryhaekm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oyct8y932j] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wpamidgg0k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m38yp37dlx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n76nn50c86] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kb5pply1z3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rr5t9zdf1v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l7d8xjzi68] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nx9xrwbpk8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sdglkgyak1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [o1dh4c340z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8357phz8tz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fneuhke52x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kbex2ytj4o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dw3lhc5jg3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2xzzra3dsa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f0ilwa6iin] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f9emttper9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zjz4dykjj9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8f7vlwl9if] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1j5djyd1ep] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2sclp66h95] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xg3832jvun] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [40cadr0kei] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wk0jbjizfz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [68bijps29y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zo8r724tsi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sh5emggt3x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5dgus7jzua] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yy5i7lv75o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ow5k9360vw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s4a2l3sykr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vo987y50df] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [01buu1sfsx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kk8a9f4o3b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [na3z3rgnha] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pp4ezbazeo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [padf9zihyk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oebrgohmjw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c17o3vrgo1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [824sf2nt5u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gl6upp4iho] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ep4wz7377l] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b65zbchdac] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ci3o9macxm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ae2ra381ni] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [frb5x73f21] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dv277n24tx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k2drjapvhi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [73avvgnfpa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [drayfl2l02] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f47xawm2is] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [d06zcdlp9n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5t8hf6yddj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [81854rroay] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x24idxh9l5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0z0ze9ugz5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7ja1oxa7b1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5za492odlt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wj5lzv0sm8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xx44w5tsii] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uc5yaaeopv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y93uu7ki6t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3c47ga76ka] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8net3duk0s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sl8tph5zwa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2da9wp7tdj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [65gvtpsf0u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w2exu7r4rp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [utiuvb0oy8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [slhfcrz2wa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s2dgairz4w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gf7jhr9ibd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kjfrl93bfx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x86xa4ghda] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n33ak3afft] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9vcs7idb4d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fof8t8plpa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zo5uw3n5s0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uw9mgkc41h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uu2drh11lm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2ecf1dhs5h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0ibh2vgfne] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [th81hdc6bg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rl63subutc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wx8gdyy98v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gh55tb9hj9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [erh7dlv2vi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8g6e8yfte2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2e6w71cx0n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6b8uzc9c92] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z45impllkg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r39nbfohxd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fl1apdy7h6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kxancgtlwo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [64sphsdg89] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1spcwoi1us] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7okumz0js8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2o96yy6w80] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [71ijk1tbei] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4ygf4xzc3g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1ueh6mx1tc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pbfapg90aj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eu7o4erp3c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j5g2rhdc9v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cy5revpdk9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [371sbm9h2v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8ib5yp4xgc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dvcrttrcnu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gjg8l54j1u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6nfanl27sp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b0gnapom67] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0gekyx2lan] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6wenh2g0cf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xvkk1rjev4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3o8pt4hta7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0y95hhf8ex] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [369te21cca] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mbbzvlrhui] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7c0t5npazm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5gxisj66ve] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s4zav5emtt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yf227t2w98] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bmx7pdx6r0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7t5ezkg2dm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rp4rice3mh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [p353nkx4ge] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fkzo3in6m2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hxzlsd90ka] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m75mrdarkn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zy5omg187i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [smrzz1wbpb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0d1h0cai2n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uu15nxwl02] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rbsj3mdajw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ecz3ixd569] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1fstbv5vj0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2czeemz1j7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nvrisg9esd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4nslig3ay7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bxgl4xadux] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9akxf9wgy0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u3hkvw8p9e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kminupgitc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pzmregy230] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [iji7uua3ee] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cujky3t7yf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3flx3jb80d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1bbzc1axi9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y7jgil4ver] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7chb1h3l4o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [t5hmjk37mn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [trh7u1ehj1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dtj4ja459m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yn4slm2535] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vo9clzg07d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kwfd145y8c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [arcrj47viw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zmdrsx8kby] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bl8xa92vsp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u55nfojknp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fnavgoucod] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h4aic9fnur] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0f71hxwdp0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nn4nzdtutb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wmt2klvv0b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [22thgsddaw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [06sjp8k21s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pfl65f3b7f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [expy92fx4d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h5plxm909r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dii9mazp6a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ivsv8dlddt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wohhj8ni98] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [t5tsah5yl6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [e3jjb2lidd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [df1pg9wvsf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f07gkag3h5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k4836e3ixm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8g4x7mtu1o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g1eypa9kck] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gxehy8h2kr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [etcj0pgpam] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6r6imtjw7c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7m7avisdei] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [e6gbde84rd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cafdfw7sga] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5v4uvaj1to] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [a75fhd6fz6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5sanrmj5kb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1t6suloh13] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4xfzz4aa5m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [75fmmo4da1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [59doo6211x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yu254teacb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8hd4kzwcya] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2a926c1u45] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7lbfsgn9jm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [06847uziv1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [auj3g0gko0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y76xh96nt2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3i8a3ctb7k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2ndlbuk8tw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rs1fk2ijxy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3nc3hukonb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s08oi2a0sd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pxf6xw4zfn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m2bbes29y1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [de7kcklnzh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mbfcjil57m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cdco3io3h6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3557xiwump] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [33590tzmby] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8zgx4j1s2b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w24k8a2wwk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1d56veoa22] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5pfjphbyhk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yud9fj4pdu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pr012m739k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1i9r8v8xru] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lbyen9k528] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pdzulvidyx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vpfanc5e6w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hu3vrd29ei] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kyc2mww2j2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mb9ti6gaas] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g068eht1kc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dw5agz0ob8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [e99vufj2rz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hh9ih8cewd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7p62hs4taj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hud3vpxsc4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jkaggj6p6h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2wysgvsx45] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hgdney8a9h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8ka7mez6uu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [82e8j6rb3f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6y4aumpztb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [53al1cgwem] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [aebznf3jt4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rd1bjh4h13] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ztb4a3upkw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [phyvsz4mm6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [044skplvfx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [01catnmcm2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ib0mts8rlh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0vc4bwyuj7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tf1kra93vl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yrb6ddwi23] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wfb9yibxcv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jj63zr18gx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s485hngrst] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n05stjmj8r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oc4irl7j40] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rp9gmwsslp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k51m2tcvkt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vtclbrly6s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uy9xiglvr4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sygptvt8o5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j66oizci5a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j1cc9veev4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jn8sv5v16d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gcgwfiafg5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b069tfn02m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [du79u8s41y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i69mgbejfg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gfchw95ll3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [287ehw9bsy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9sazujok9d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b4fypl9t03] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6oe3bgnwsr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xd1u1j6sl1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ty00m6jvep] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1v6taijzec] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uf39pxw0pr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4fdzw5xt70] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z33da2aesi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ut723dnl6h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xxf98wh6i1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w54t7n8ux7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zd4gv8uxul] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pg4oniufuf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1geeurv9bp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mp0axgj8yn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nm8u5esp5t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s21nikenc5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uaf6vjzda1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yvejgedf3o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [in30wtooe3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [js1pu2hn2c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tfcp21riwc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l815hm2r7r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rjbs4ry6d8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j407j49fom] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [of1t67wu44] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ht0b49ou0e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pc9cm5wcba] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gx5ubzfrkr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tja0appngn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9d22zasgwa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j151fh9jp9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hx43hz87f6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rucmpogomb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9izd6sslgl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jr53iscbeh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [902mii3zsn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [isbxy6cy7z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4oybbvgy6m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [89xhygu1za] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fo8ti3h0nw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zp0i38d57x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9dc9bevz1w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [261yrt78ca] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9v8ah6ew9h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7r6cimdj0d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c38y5r07ew] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5f6f3ssy25] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0f3s6zpaiy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b759d7z407] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x40fpwvczw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rtw4j78bcv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w56h6avrsd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u9wj7sumh9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0p4ns58tjt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s23dp71sf2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yp3g2cf7hu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5169e83gza] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wm2ib2ev8r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xz08136lw0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3a9vu6li5y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x34teky0bs] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yc32ktrg67] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tjbp9dcjbl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [md7murg9hf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [khxo48ny8b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [llw7ui7owl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [td68c6nffg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yp7uz9avmz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g6vcf5usn9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s642llvk5i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fi0wnukw9k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [km199x7bo3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pybvw02z3k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nzagdf14tl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [enx6vbc1vx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nb5p39ki22] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tn7bpc7ygj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dfwsdrj7ty] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dsuh3sbyf8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n76hbzk198] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9c1nomo18w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hw3o7a5rts] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m8catds6z9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ptbgf859sx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bpyltx98zl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jl7d0mar6s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7lwh4tfaej] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b6umpftd77] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ip4o839ws3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n2e2v7wayk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fm1js8fx71] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jzbyeb2cmi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7r02hazo3b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c39n4du39t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f39e9ahydo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ec66928lzv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mw87spg4br] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c45zrh7sox] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l1dizfg9x3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b53k1xexmz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [650xcvc93r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [729gktkz3x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5yzimajmtt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5ay8jkbeo3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [434tu0ije4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7758ya4cin] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0z2odwgl22] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [amdnm3yfn2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [aw9oslhcxn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3k6xfy22f7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1g4zge0r64] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9060zb8ghz] C:\WINDOWS\ro9xsmy354.exe
O4 - H

Edited by Dimple Lover, 11 June 2004 - 06:23 PM.


#10 Dimple Lover

Dimple Lover

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 11 June 2004 - 06:24 PM

O4 - HKLM\..\Run: [yv71f17kyl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uw45r05xed] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oxzbal2vfn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n2wvp3101z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [so81guboxx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vd4ha6gwax] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nl6w0rhicv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mp37878ny6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fn4f1bcayc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i98n3kpzah] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lcal1vibkl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fi41kifsmo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ab0yx5katj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4j9uyu8wvi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1n5nz2y7zk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6061u5tme3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xk2iiz41ni] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rsvp9j5vph] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [px01g8w0at] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [o2ybopnxw4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [slwpak9zot] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tv3ygk2gj8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vv27ejuxmn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kkv0ju588f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uw7a2zub75] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mt0ivup66a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eewskm9k7r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [o27sturf1p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j24w50ns9i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s5awhxkldt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c6vl22gr5t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kz4mcyw9hn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dit3sc0ht2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ir38m5vmfp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [agx7h86tbf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fs7t4cu7ry] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f93u13cczj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dd1wbkb0pf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9yzbvepbdi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9z4djuhy50] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c6ct7ea13e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8715id8lj6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3s0a47uncu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [839orbg3rc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4luu01ybfp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3l0wffxy8z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4i8mnd5f84] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x2x33shoji] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [za5rzc3sox] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3m5yvvxktg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1v2hvlnzfm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4326i6hbc0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [onzu6kujne] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z55cake9la] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uc50650cin] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tl2j6wr0wu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [th2beuzh3z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vyzi26b8mj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [099wn96n11] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nmwrohwz53] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j7vwb491ys] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rr5xuspjam] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vb33fm3l2a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f4srv1fveo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pj3r37ox8o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ib0fiu1yj3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nn2t5owlyk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tzc6rsi052] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [koy6mvl61t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ow92bxnut0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [diz5nnpi04] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [la97yc61k0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oi9mu5zchd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ciyzy3xoy5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cmwgwdoflf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dzv6kf9ehp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nm662lr93o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bn3a5kntjh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jj3tdixbrm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c40h1x8j21] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [msbh93hen1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cn2jbto2ex] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [icamwy4ggo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bwzbabfps3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b8xt8l0gnd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gkzevov42v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [75unki5i3b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7o4p36l1n6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ax4drr7ckk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5l3s4nko63] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [434vpu37f6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9f68cxpvln] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3w3gz9al57] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3816xa3c0h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9w19hnhr39] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3czh5suhlt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w1wot468wd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1d5ae71mbv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z544xm0t9x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [321r8i6vov] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w60h6tylc4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pvxou5acvo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tfvufrxenc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ys5f2vju3u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [o4tpzn28ca] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uy467x8esv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ua2w5z05f5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [evrcklcerj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h2z086yhwx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [me1ev9k53e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nm8v09cd6v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gfwbfmomh9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rv8bou6g38] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oz6dya5dt4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mwxf0041j1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hf3klmp4co] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pz5lwaylnk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jo2usmic74] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c8rh78ulii] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [goye1t85ic] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [duwg3afu98] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k17tnw3kxu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [clvakpdzy9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jt6l5b2rmv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ae2wv5kdwb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g22zfa0jz3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ge0o4jsild] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bm1414dlrr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [czzvz66ke1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [if7yajksot] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kv7l7463l6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b4456wxh0c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hj59i1cwa4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [850rfuvbbk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6t0u07apdc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6y4e5o2324] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9i3jrif6uj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2bs8exse6y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cy37n319sx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0r0br26t8p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yvzd1s5hyl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xw4gg654i3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x11snnw04e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5xaiwd4ibk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ruxo910ri8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u2x4yluufm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r6w6zbth6i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [whxsuefxk0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [t05sel0tzf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pw4tf3zgpb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v7d726lw4t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oxamyi6mfd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r98dukiv53] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [njgao59s57] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jj5e04e3d0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hg3g2uds3w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [d02lngruwj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h6bttsor8e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dweit3u7gu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [398lsbcsfb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1d7n21bf57] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [aaenfrce8t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wnxvr60an3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w11m4mjw3l] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uuea2grol5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hgx50gzw6t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3n383jilnb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hf563xrpg9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3ox732m893] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k23nzz0okp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pd51l2vc07] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [iyup0o6kbl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n933mst0h3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tl5o9vffxk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [le25o9sn8z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jas7yrrcyw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7vyyvrge11] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [a2ylibah6e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vuremlhmvo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5h2e4tzggo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3e0g5ay46k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5u14tvjf3z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [peokggvomd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [udykn70sg9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sm07b5rumx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k7ovrs32yb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [piz9dvphdt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6ynsre00u4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2gt8ljgb76] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tou59z3mxg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3c54i6corg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gam7t36cfr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [90ohxurprs] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [99ti2lalzd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n8rwk6d83z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zpsh6gwji5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9hwfdcr10w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b6rnuj9pgi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x9xx58s9ut] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g9rv6zto0l] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0bzvjwizio] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [svtfhzymbs] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fvv4v6t522] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ulja9n1h02] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [svm4olsj6p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x6niaoe7l7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wczwyt5pz0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xnl8e3kzxy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uflkiizwsk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [27crirbj41] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5ece6b5m9e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [a3khroj1b6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vn9y62wamk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z4gv0mhune] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5sgyk0x0p6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zkcw5e1pw0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v5a1s8fton] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [p67537c45f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0ua5bduzrf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1y9v9fmymp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zlhylt1coh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [um62xsyo59] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [26g47fe7h5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wmdb3sry0o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rn7hldww1z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mo4lybughr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ogeb4tvaz0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kh3f7r1l7t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [t1dgpe84sn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [du2x51kd32] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mla7louk9d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f67w135lls] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kh8hn6080a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ir61mxsndf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jzcatxj5gw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fjbnejy79j] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dba9xz4dzl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [en8zm9o4vv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j8edev3niz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bkc3c5me58] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h9c7na2t70] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [au1nbxe2je] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [adbolkut3a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [apaejmmjrk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b2849wejmu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gdaiw01ytc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5i5c58r9xe] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5edvdyrs4j] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [028vfs8026] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1sa5iijdd8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xc9a55xf6w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m22van8ztf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lu9ojve4rg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jrzrukdtgd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ur9f0tfmym] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kz60sk69bt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tver8aesjy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rbevjnuylp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fm8r26ei9f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cn4cbccblm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hveh6588za] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bjbouhjziv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7lc4r3hemj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0e1t6gumyy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6rafyj9j7v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9ya3m4um59] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [th4ntfhayc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z6csckwo04] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v61wgsu1hw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oe1jccm4ea] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [urbxzf9rts] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z2cikiw689] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sm9z0x8fjn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0eb0itoxvj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tz0oy7166y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ya92kanllf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w784mslhcc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n02vpky5g7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r82bd5rgdl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n18y50xs0o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uuclvu4jr8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [erzs8h0jpw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kf73tmfysn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pr9ger2d76] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [chymt7apc5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ibfczgg5n6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6p89n46vcp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tz1exumb93] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zm1hhz2pcv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2h5ds33eth] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2raodhwage] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y5bk25k8dy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [syyanjppjj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0h8by75gwf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zm5v6w5dgs] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ls0aocuuiv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n459kle29k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l04bm3lrzg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gk2g8yzts5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [od9k6166xh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ki5679490j] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k277pxc0cf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nifweh6bhu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c017d0nd96] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8wy3xxu7x3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b4yrkhfauh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7o5w7ctcm5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [e86xp093z1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6t27etsh8h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bl2jr8yeb3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gkcwk2ubor] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cl10o8rn6i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c5a27w7ehe] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cz5k2pi1la] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dvdcanjruf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4j0uzi2nvp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z4z0ldfine] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c0amh4ines] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cc9cfean21] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1d5poc1gd9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5ubmrxm0d3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yd036jz1oh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2u7014klga] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0z622kj976] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [us1znznzd1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ysap0fi9yp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rc7eftua94] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ogxgha1yr0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z48fpha1k0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2c93la44pd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vx5j1ngc2s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0875nr3089] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tx4cb3eiru] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ou18v0kkfs] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [va9bf50zhj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pu8h1zdta7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mr54cwjvp5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [o333gy43gv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jn992sh59i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [o0bvowckn0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n88enm3826] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [po82c7obzk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nk74donzog] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h14c918p80] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sofbh7hs20] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i6bcny1oal] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g29eof7c1h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c3yi1m5o9a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [km8jbaleu5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f288zv6irj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hs4ot6jp4i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [801gsya5po] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b81wniwgm3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j49nw84yv8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [756s0f29b1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [85505eui6g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [e64unu1wwi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3azno3rz0k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [br987o77sl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4i6xv2jg30] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w02ysubcbl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1c3bexysr3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6fdx1skf5k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zk03egof49] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xh474cmpmm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2t6lpf95u5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [255bfp24p6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zu26zm8y54] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [46bklpvdkl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r60oxn0x1e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sizemyjono] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n3yj9kyrgc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n7w16vph4l] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wz63gi68oh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m83vgaxw2n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i94aenm36d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xuc56ra07a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lv8ifx0tji] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [o3863huwow] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hwxmrw540a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m778dzsjes] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [si8l02e7la] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pf7n1jlvb6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i8wcg6y4mk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m37rlx19ey] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [528l1ud8un] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7h89oe6br1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cuhnbitr5i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8egtxc7uy6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [um2o833ts5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zrc2v6p87m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z873sx94f8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2n8snh3fkm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7sh5akpvs4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uxbsl9mbu8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vh9ioa7jjy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zygfjvk4br] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s2e6h5d371] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [viel5p764f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vsamagr2l1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m49c0ia28a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mkcd69uypw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i5bis4f1hk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gd02rn6fwr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u9jpne9lm4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ha8uzl7x3w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ngdwd72fo2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lrfrt6thvp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kvd21mkmg1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i4fwgtaomo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6e8txi04b2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [d6au778mwy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [73bb1abhn4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4jbeknrnpw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [35crpw1ojt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ud1apesc5z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [31c96l97rz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rn97t0i1w4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pa8llntora] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h02c9i4vn0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u3d05970ed] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sm7h2alagi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bo612u9210] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kk6kashj06] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cx4a8u9awf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kheciph18b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i89ufixbig] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hu26jrfcbd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [iv8fpz8l6t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8z7hsf7hxp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jgbg9ftgp0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dad8b8xtob] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [eeby1igjcl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4nejfg7ui9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ancdywezga] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1x95ym5eug] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3892d9r8so] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6ka99sktw8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rr6i8m0b40] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [u76y47tn1d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s3506nsbs9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xf7lsser7s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2rgzev95l9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f43jlzs66n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hu70fax5jn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ltaw440tbv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1033nbs2pg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c1b10sl425] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4l7bpl5r3l] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ch7uyb58ar] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1ibffh3tlz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uo4n8k7nd5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yd7d0x44lb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [za75glclth] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xaezp1bsri] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vjgk5822y6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tg7m7o9pf2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rc5og68d6z] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fjzczm1g2u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9d1c0n5k15] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bh2azy7wa8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8w7i11opvp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4o4md7l2bh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s2xauvbs01] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vaxyif435e] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n4zps8974p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3jaa4vxytb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ji5oobyjtr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [om72aek709] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oz5t8gcywi] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jl1b5atyzp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [e60grx60rd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fay6o7ysen] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [422wpb0kle] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7a2jdwunss] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3677xtzp7p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6rz3dnka5y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3170802z43] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4x8jgybg38] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1x62hp9nvz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tmxwk0cfby] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rb6z5drulp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mc1kebpmpy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v59ocex0ua] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oy4dy11h85] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lz0z7z0bjc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [raacu2mpru] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k06tnezy4u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lc4jloso04] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j43cvvrup5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lg8bz5b2fv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ox8rmp5dd9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kh7x8kig5x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5vy4js6ck7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [a70pdvts0o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fi930yffe6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [744uvrr2i2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [502wxgpp9y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8g2bt1j16c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9g9kr1ca1s] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5ecirchza7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8l64zh3fm3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vr1jh60wo7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [032x49mb3p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3n646i81gv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yt1soyxhiy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [thz63va23g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vuw5y5vau6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1e50r8i733] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pj0usg7a76] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vrazv9vflt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lc68jbduv9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oj6n7w7x0m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j8waltchl5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wk5hpb62po] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3mwirr22w3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yp97dvtmgb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lpaodrtva8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9y76jdd74r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jli6skm1yp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bfcomdyx2l] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6485gobwfl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [69cyu6viwc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ti6ux4shrb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4ifj9clj20] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [thazutm5v7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yuckgw9tao] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sig1a8msno] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [nj55d6j44g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j43a7156x4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gdb72mnvw9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ce0b6ltf41] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [da93ejuxc7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ay416p30cs] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6d6wk3hxj4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yb5xwdsy8b] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xt1yt4bupx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [001epoxxmb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8kbf0cdn66] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z56oxew27m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8xf7d251my] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tv8g6x1ne4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w38wvpvzjh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xgcn86edz9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mt1oz05a59] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jk11bfb78w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k23be6wkcx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pd5x19i0re] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gz16z31e0v] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [el7kspb2m9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9a31l2o109] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ceb8hkau5t] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fmcw554xa6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j7a2rrh03u] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [c07pedu8e8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [67763ymcbm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9x3mw9sjol] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b5hc89k9mh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6o378o6gs8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8ecphfa2po] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ya3sjx9pgl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6vdt2kpg1g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ys7too1mx7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [44fnhsgi74] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x98wamk5y2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pv2e5fn12x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [om45zfvj7h] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uy5jlip7e0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [o08pd5n5n9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ms6jvjubdb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hy61leie8w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hbat04atnn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mmc6l7x835] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ib925339i3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [p7bc7uaawt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ddc8xh08jc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4f9l7g25uw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [046grd8ziu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6t6k3imdkl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [w13439etys] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3lbzvcto8o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7a9ue9zrnm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xn3xlhpbv4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [x01fbs92ie] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2b316v4pyw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [s7138c3dnt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vt6b9dgv1y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j61xam6650] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0lbp18mex1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pb4iyrxyit] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m49xpcb96w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n486wc3p9c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [md5yw4v5mh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cl2hvvls1n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g61vghzvtc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mp9h9kmr39] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [py96xd8u8n] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8mxnm9ir2y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gj5fv7r893] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [lv7tgadnok] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jndmrpkulm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gjbhalrv2k] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [94zyp034dz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [et81a5hafr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5x5khu8f12] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7d2s56k6jm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5e1lfdsbhn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [8i9tjwl4m7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2fwzxjr4kw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5wwek4b7pa] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y0v4ie47dj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1k7ckfhwzo] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [849dv4xeak] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [697f4tw21g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yoyel5fkol] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6x9p6j4bd7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vdv952ld5a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0l5e0vgasy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [te2vf9tj3c] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [z76rd3sblw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0fd0j3stgb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [t02nzo410p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ix0p063phl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [t17re4wok7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [he1ulcl8ro] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ir0bjeezez] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n22x6h1mug] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oj4799csxh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rne57je46l] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cx0tah231j] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j83lm5pcp0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b2xchz28lw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [h97gk0o58j] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ir9rni9ick] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9b51ljjxl0] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [78v2m1rkbx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ex2f56yg84] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zoz3ttagji] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2xzjgdwspw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [518ycwpcuf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4659kcohfs] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xzup8r1rr6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0i1vuletiu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yz176ruzul] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7v9pmouptr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4zzsn5tdjm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uwyupmz19j] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1j5ef06o6r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6w585ymhfu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [b87ls19wvc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4y943kt9yd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0p68errle5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3baggt4a0a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1f9ihh2yh7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [us69djm68w] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wg3o9w7xrg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1cf46ma3iu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [y8d6749r8p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wdb8hu8ezl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0hkedc2835] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [wzb1t1jxnz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [of20id36b3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xcfl6iba3r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j54pho8mji] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sxersdodwe] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fi5lzcykg2] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [iaf35lzeyb] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gna6cupyxu] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9c7d052ofd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [bo4c47mxy3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f5b9y09hyw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f1js6p9z52] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ebemlw09bp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [80i3e7c8po] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4177i6atyh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5d5xgg2jus] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xh4meimag1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zk5k41nmr5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [6rgz0xee4y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2af4ls0gxl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1fcfu9sdiy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [r558ps2xch] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [o13a081l3d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [mp3dcdf055] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kg21xbp6ke] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pnc5s4k362] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m6bj6u2srv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [shd5txo75d] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [g0btdvzdkm] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ckayzhcfda] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7p4li59xfe] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [3m1821fpvc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zj46udk63r] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4hedzoi4fl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rm8ticfk9p] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oj6vkue8zl] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zj8jraf2gw] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0n71gc82c5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v3fpcxu59j] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [xbf50pm8ex] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [l7abtwnjeh] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cw3wpezv8a] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fg29b1kx1y] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n0cbuxtndt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gk0s9a4wo7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gcatszke93] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [hdh2pydw4i] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [a66rdco4fx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [fh740fbjuf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5ga0hw5lha] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7kbyge6yzd] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [050ew1i7as] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7oaf6ozomn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [2u4vo4w6os] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vjzd1w7jst] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [107gc9myuk] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [v67yb4itoy] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [tzbl9yhl7g] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kja8nowwk1] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [as71mfmj77] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [cgx8ij79ps] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [9x5bvxmnsj] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [epgt2ysl84] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [d7bu8obigp] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [0l29o4svrf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [5x3wb7ea6x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [zpztwlr0cr] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [4286iodfr9] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [yv4442i5x3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1z4b8kcp2m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [7mdetyr5ce] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [pc059u216o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [37bjek4752] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ws08u7gggg] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ld1k7fz9ad] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [sf5gx1y1tx] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [n72k884l9o] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [etwwdgem3m] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j55a7j12h4] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [m9dg42vmvn] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dy17kxdjny] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [i92kf0073f] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [oybxrdfd57] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ldb0biusfz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [he84mps3ns] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f76pxxzhlt] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [k0ccor5t9x] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f7cscbywea] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [dcaue1xjx7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [gw9z0nampv] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [f16i85asa6] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [69327w1exc] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [1j2a41h968] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [vm7lsgdht7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ok0ukbh4td] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [np55s191do] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [rx6tgl2ca3] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [jl30bye3um] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [uia0hmftw8] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [j3y19gyz28] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [kg1ut5iukf] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ixayday8n7] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ly03s0cfk5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [frw1ceg5rz] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [onwjkcgmy5] C:\WINDOWS\ro9xsmy354.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [langm] C:\WINDOWS\System32\langm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtr

#11 Dimple Lover

Dimple Lover

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 12 June 2004 - 10:54 AM

bump

#12 Guest_splintercell990_*

Guest_splintercell990_*
  • Guests

Posted 12 June 2004 - 04:20 PM

Hello Dimple Lover,

That CWS fix didn't work...so lets try this:

First: With all other browsers closed, please fix the following items in HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)


Now, this part is CRITICAL:

Please reboot into SAFE mode (press F8 after the BIOS loads), and run HijackThis. Please fix all of the O4 entries that point to ro9xsmy354.exe. When you have finished fixing all of those O4 entries, then delete the following file (still in SAFE mode)

C:\WINDOWS\ro9xsmy354.exe<---file

Finally, reboot and when in Windows again, please post a fresh HijackThis logfile in this thread :)

Edited by splintercell990, 12 June 2004 - 04:24 PM.


#13 Dimple Lover

Dimple Lover

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 14 June 2004 - 01:20 PM

Hello Splinter Cell, I followed the instructions but they were very tedious! Deleting those 04 entries with ro9xsmy354 was a headache. But I did do it, but there was one complication. You told me to delete ro9xsmy354.exe, I could not find that file. I went into C drive, WINDOWS Folder, and I couldn't find it. I made me settings so that I could see all hidden files, still no luck. I tried searching for it but I still couldn't find it. Also some of the R1/R0 entries you told me to delete were not in the Hijackthis list, I think three of them I couldn't find. Here is my file

Logfile of HijackThis v1.97.7
Scan saved at 2:12:14 PM, on 6/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\En\My Documents\Downloads Etc\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\System32\smiehlp.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [langm] C:\WINDOWS\System32\langm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\SECRETMAKER\secretmaker.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (??????????) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8048.9125347222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab

#14 Dimple Lover

Dimple Lover

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 15 June 2004 - 03:03 PM

bump

#15 Dimple Lover

Dimple Lover

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 16 June 2004 - 05:42 PM

bump

#16 Dimple Lover

Dimple Lover

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 20 June 2004 - 07:56 AM

bump




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button