Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

userinit.exe + trojon.svchost/fake

Started by ydt89 , Feb 25 2009 05:43 PM

  • Please log in to reply

#1
ydt89
Posted 25 February 2009 - 05:43 PM

ydt89

    New Member

  • Member
  • Pip
  • 8 posts
Hey, I've been working on cleaning up my system the past few days and have stumbled across an issue.. SuperAntiSpyware finds something called "trojon.svchost/fake" after removing, and rebooting it still continues to appear. I've also noticed that a process called "userinit.exe" has been place in my startup folder, and when deleted shows up on reboot once again. I think I have a few other weird problems (alot of weird processes showing up in task manager) heres my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:42:56, on 2/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5508)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\winlognn.exe
C:\WINDOWS\system32\drivers\services.exe
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\svchost.exe
C:\WINDOWS\system32\drivers\services.exe
K:\Computer-Repair-Utility-Kit-V2\Virus Removal\SuperAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\svchost.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Start Menu\Programs\Startup\userinit.exe
C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\lyerqbf.exe
C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ak8w706rwtb32.exe
C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\z1bh1gr3nf.exe
C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e4nnwo8j.exe
C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ad0dco57j.exe
C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\r56y1s5g.exe
C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mfj498ziybeh4.exe
C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\og6gc26g2t.exe
C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kbfdq5yhn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
K:\Computer-Repair-Utility-Kit-V2\Launcher.exe
K:\Computer-Repair-Utility-Kit-V2\Virus Removal\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kgeqisubacaxoz] rundll32.exe "C:\WINDOWS\Vsayupuwowo.dll",e
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Administrator.EXPERIEN-AFC008\svchost.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [zso7z0di8j57eu9n4cwmlipu9v4sltkazywpbk7l28et] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xkymmbofz8s3.exe
O4 - HKCU\..\Run: [zdhatj9eae7e2ibspf0de4qjbgdljm3c3ljx] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\b4ga3qt5eggev.exe
O4 - HKCU\..\Run: [a7t8wu6fppvhf8bmjcouq] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qvz2p03.exe
O4 - HKCU\..\Run: [t0bacar5or14jfufd9gjigtt] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\eqg5ist02at0t.exe
O4 - HKCU\..\Run: [p05s9m4cv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\vfdm5gv1l6w.exe
O4 - HKCU\..\Run: [h7bfbvnlu78us5p6noovzbnta66ryjj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nsfjh3038.exe
O4 - HKCU\..\Run: [d7e9fdzg9pcom3vham92bgm] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ljfs46rcvc5.exe
O4 - HKCU\..\Run: [trkmw4eiwyepjsqwa0apzndrqrhtc1v] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\izk8e5hodj.exe
O4 - HKCU\..\Run: [jclzkw4mi9snd2qll5rr2399kebyi7irwgrhf4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\o0g89m18.exe
O4 - HKCU\..\Run: [ocy7oikejktfc4ebk2cv4f7jvc8g639klddrnhmhee] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qv1rji.exe
O4 - HKCU\..\Run: [mfyeov88wj1yx] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ubrg1gh6s.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] K:\Computer-Repair-Utility-Kit-V2\Virus Removal\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [wphnwz5q4lz8g224jhs7twzib5qrojdu99] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mxdq2z0.exe
O4 - HKCU\..\Run: [k5h273uirdtfjqwad417hlu] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\suoekzyzy.exe
O4 - HKCU\..\Run: [x5d3hngfqp7g1n6n1vgrtiql6l1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zqnuf6b.exe
O4 - HKCU\..\Run: [odg4f11miybdwyx0gidn] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\noqhruklh.exe
O4 - HKCU\..\Run: [jy3svilcj5ce] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ta357qd.exe
O4 - HKCU\..\Run: [esazqxp9hobswaeehg2] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wtwlx8k2g42s2.exe
O4 - HKCU\..\Run: [slmz7d44sjk3cd0pxoa6o5wx9ijr35nuxj01w1lha5a442p] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jbwn5l4xz68c7.exe
O4 - HKCU\..\Run: [loq12y59gindz5rskahh26le0yuwqydkrsw03ixve4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\d36w7p.exe
O4 - HKCU\..\Run: [aqqesbwdi0z6ulkweplhmsudif35038ixct66ilfv8wkq3bqm] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\obkk5r16.exe
O4 - HKCU\..\Run: [bxnchvxgj9jamks80xkas3sa8] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\q1nfv5hi.exe
O4 - HKCU\..\Run: [kox74jcxqbnu8sptmwq51vofq88yepi] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\cvgumimaf1.exe
O4 - HKCU\..\Run: [aktm1sbw7ah72ngdxbefie7hl4s4pquyyiz4ljiuzqzd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kqz9psqbty10.exe
O4 - HKCU\..\Run: [ncvtt01007q67vefty87ysm6suvzeskxy1ek9f20pe] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\oipq1zop10ir.exe
O4 - HKCU\..\Run: [grzmv4n22rn7jy3q6qmy67f7jnaifxijigfa2650h6cx] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\t5caztl3qqgz.exe
O4 - HKCU\..\Run: [qjwso9sqqty8ay6gz69vig8zv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wm6i5uiy.exe
O4 - HKCU\..\Run: [avqrjfklh5rv9ze] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bhpcr8f3sn47y.exe
O4 - HKCU\..\Run: [hmgtnqr52r1bxx2zwyv64bn3yj9jjrrzxu0p74v] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ywvag641zx3l.exe
O4 - HKCU\..\Run: [warlk0vdwl3ecc9mw3bc2jq2gcmeud18l90bik0cx7fa2u] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e7hx94dfznk.exe
O4 - HKCU\..\Run: [g3fgz4hhxdwa6gp92slpsmugujbwumfwni] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rzvdedzodhb8.exe
O4 - HKCU\..\Run: [gbs0h1nlvw9yh5xlaruolo80d8x34jzlti] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gl12166kuu670.exe
O4 - HKCU\..\Run: [kv1xzwhvuj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wrq0gi.exe
O4 - HKCU\..\Run: [ua3h80z1tawjgoqgple5c34qqb4duh51p] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qg6h36ufex0f.exe
O4 - HKCU\..\Run: [a1pass7izjhs7ikn] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\io6upcu31tk.exe
O4 - HKCU\..\Run: [ercodeadp6a0cey1wwq8vv42t3] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fggzbd6.exe
O4 - HKCU\..\Run: [pptm1ekxdt4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\em4d3u0h.exe
O4 - HKCU\..\Run: [j34s441r34om6f74z2cz3y587yw4vgiyx4equy] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\hp0oztlqcjf.exe
O4 - HKCU\..\Run: [ru7xzdmggq8nmmnf373sb9ls] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bqevkidnio.exe
O4 - HKCU\..\Run: [kse09szpxgfr0vq3zq] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bfbtrzdm.exe
O4 - HKCU\..\Run: [nuz8owspd1o753n85mgh4je32vjdyc9nckn5cfsyg7qd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\t4otjr.exe
O4 - HKCU\..\Run: [c4c12wij5] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kf4uydrodvy.exe
O4 - HKCU\..\Run: [maoj0eb51bkr7yaeb3ds75pe3qv80jptioxfc004c7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\y9w10cghyw.exe
O4 - HKCU\..\Run: [efb0d66v5ib9hbkgwvlz0cp5aruflf347kovw3b5cn8h] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fst1nsli8f.exe
O4 - HKCU\..\Run: [hs1e1zlqnhtjrmlvtdfw86cgjxyqvwppp317lu1s] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wrl7jlp2sr9fv.exe
O4 - HKCU\..\Run: [zzxxo3c8exeigrlevok5vdhks2whuv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\cjva6fzcz.exe
O4 - HKCU\..\Run: [nsy8h1j0hbb1g54lf2o09hai2d140dh75q4typjhsl] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\s1oc36ef.exe
O4 - HKCU\..\Run: [doyt3hbv3381sbd7xry0uso6433u1o1u2y2] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wbojr23mo9.exe
O4 - HKCU\..\Run: [vvvzp89dbfycox6oqvs14yse] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\a7djrh46sptbf.exe
O4 - HKCU\..\Run: [fdfkvncahktj1udg841cfl0o8bs1kke5b0gk1htn25rubqi2x] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\uw6xii.exe
O4 - HKCU\..\Run: [q7smtps7105p47oj3oqu] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\s0f49iaub8y.exe
O4 - HKCU\..\Run: [tfwkl2nv8c6y0k9t78tjr4d32xdzoh3g3rm02fu1cdz8] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nrfuwlikyi0yo.exe
O4 - HKCU\..\Run: [a1p2tyh1t7foysy149ps25ajrys4nv2ts21tdhxzae0b7htg] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\yxpamt.exe
O4 - HKCU\..\Run: [o8ydwtlygqul5d1xokhykdriqpbkc667apn2i] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wwfenvpmu9xp.exe
O4 - HKCU\..\Run: [pz3ruacqkog0ppdyjdp2eki66yevdosx] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wlctutlv0x.exe
O4 - HKCU\..\Run: [qd4p3mq9rdrnt6fc2do52i6hqlpcvap4k1qmrhm2wsyr97] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\yro9j8uv24y.exe
O4 - HKCU\..\Run: [d5847rrj6bmwwhqf6lab1f4w6rcrk1uxd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\x958b78.exe
O4 - HKCU\..\Run: [vzb65j5f3fh6ztoyluyxt7yie0] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\sulgvp.exe
O4 - HKCU\..\Run: [yda1d52vcsekakhssoqm] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e2ssay7hbw.exe
O4 - HKCU\..\Run: [p5oa2qxgmivfd4ec2g184i3qzzfs] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jgumdc4.exe
O4 - HKCU\..\Run: [fu4l5imbdw1h5reyjr3ny4xbz7mbakugl0m3i8q] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\favpw6nlm.exe
O4 - HKCU\..\Run: [pqdcgubw3y2oeqm0356y7t3a009tg6o9apw1i2hq] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\x9uploa8prd31.exe
O4 - HKCU\..\Run: [dh0tr2xr2cllbzdsfdh] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dp4vyz8w.exe
O4 - HKCU\..\Run: [ci0xu14c0yjiz874v38g6dathksgsk7upxj25pehl] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zsoc6m1pm6j.exe
O4 - HKCU\..\Run: [h5ua9fj6lf6iq162m7h0q9p028dwej3tfi2kh] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\u67eu1p4nd0f5.exe
O4 - HKCU\..\Run: [buzehn4r8y5wvl65datg1pue] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\hzhi780f3tdv9.exe
O4 - HKCU\..\Run: [ig44jsmhaba] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ww1sw3ouom.exe
O4 - HKCU\..\Run: [ul9iggtddu1ah42pst0psq7kgvxkuzskgcx9a7sdlaf7tod] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\lk1aonp47.exe
O4 - HKCU\..\Run: [o70hgcapii4gkmvwacqo6gq3th6d1cnk] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fkxqrquirzbf.exe
O4 - HKCU\..\Run: [on86l196u4c72yh3dgerxr5r85jc3dok9325um76perje] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ygolzxv.exe
O4 - HKCU\..\Run: [tgt67xu7vc67un8a93e8t27ov6zydxz3hej5wezxney] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ti4cjf.exe
O4 - HKCU\..\Run: [h34aigw8klm312xbej6gzchz7t6o4g9xd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\k7ka6krfzp9n.exe
O4 - HKCU\..\Run: [i69e9t1l8sfqho3vau] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\tq6b16x2v.exe
O4 - HKCU\..\Run: [diwv95hc9x4r] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\octh69ldya.exe
O4 - HKCU\..\Run: [is20bmtmeshpwmkfii58ujyayjnpuy7hm47i1uk] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\emsqrjqdh.exe
O4 - HKCU\..\Run: [vcavdgzrkmonwe7dwz7t9tj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\y6v4f7.exe
O4 - HKCU\..\Run: [emyhq1kc4qe2l3k2ijyxotwc3em3py5mi004c5stfzw7o6g] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mzgww23kmn.exe
O4 - HKCU\..\Run: [vmbgke1ph2zihkuj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fkt627nsjt.exe
O4 - HKCU\..\Run: [pa2zfi6m32s] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\j88e97teyc.exe
O4 - HKCU\..\Run: [p3bp3zbb64wy9scb7rvr1tpc2hudwcrdayd8rt2zqp1jcnlr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rvvy71qb6y.exe
O4 - HKCU\..\Run: [y4qgai5pg7zzhgbfiql0djcy98ylm9pdf7qo60chshc40] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zn16lq0o3.exe
O4 - HKCU\..\Run: [ygxda5eindw6y6uaxd8x5qrpzh0tm93o4z2fxmug] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kfit9lz.exe
O4 - HKCU\..\Run: [vf9j9b98p1kixxkuy6wkofcl] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\i6ijw5q1w.exe
O4 - HKCU\..\Run: [u1rezf56lk6cdx5ve9c13zbwict00b16i4b] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\eqhu576qbvn6.exe
O4 - HKCU\..\Run: [irgc66272f1f] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zsx2ppjcg1l.exe
O4 - HKCU\..\Run: [uvrkrpxkfv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\y4h3a7gr7.exe
O4 - HKCU\..\Run: [q9l3zo7to3iiushi] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\cpkvrmozbi2h1.exe
O4 - HKCU\..\Run: [ox5pfb7e4y9cbop8j4p] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\f8apgvdnfne.exe
O4 - HKCU\..\Run: [j4ltxc4dy1urjinfb] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\c53ebd.exe
O4 - HKCU\..\Run: [atuk3nwhdz7ta2m] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\uodskhefxanu.exe
O4 - HKCU\..\Run: [s6upmiffy2pr3cxdqf7cjki7j6vir2a] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ldt97mgzg6.exe
O4 - HKCU\..\Run: [g19utyd9g4wpirg6lwkyrzb7smcvtz468z80sydq4ts] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dit8zphqz.exe
O4 - HKCU\..\Run: [am0oyy1eybbw25lkeb4wxkupsv7jtqqiex1kacsc] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\w8jl81z45.exe
O4 - HKCU\..\Run: [k74qbru9kgrvtdz5kwpgtxhknbun7zh] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qxg2azn.exe
O4 - HKCU\..\Run: [iitvjymohjtf08s4nzrbdd9tod81kp3ks49jrtsg18s5cd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\x1zn9atctp.exe
O4 - HKCU\..\Run: [lltsmy4tctmtp3kgqled8dar1z0nul3oa0oaw65r] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\z2sjr8xfvdw9.exe
O4 - HKCU\..\Run: [rxkm6i3job21ozco6521vcb9tad89q0174ht7pl5vhxfv4i] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bm2fqp.exe
O4 - HKCU\..\Run: [zqckhhc5oi4v9dwq48kqd6amxxfh79igxmzgfe3s4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\sszdwdk2ggpi.exe
O4 - HKCU\..\Run: [u86mlztqv90t0ewo0zbke0wkeo5nnrskvish2fx] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mhfu2i33zc.exe
O4 - HKCU\..\Run: [k62ln8nvbbrygsxn4yy8eaksk76a] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\y39zj7uc.exe
O4 - HKCU\..\Run: [p29r1pp1rekv0r6wk2fbunlcj5rigsceiycypv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dhst5l804d54v.exe
O4 - HKCU\..\Run: [szkzka0vl1ba3nlu1jn8mzyqzf1r2kwpn52o7jnho] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\hjvlm0gp4.exe
O4 - HKCU\..\Run: [khmom0bgynl83vz16zf0vaoynvcgcy] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rfiwxam.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Administrator.EXPERIEN-AFC008\svchost.exe
O4 - HKCU\..\Run: [japkhnxzvbps8m3z7iqzh2sqjd49tg52z8vivydoaokpo35] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zqlxkt.exe
O4 - HKCU\..\Run: [nz7emoy78j7v4ka6748ey3kegflqwyxc7xhyn39] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ckuv79zp4.exe
O4 - HKCU\..\Run: [uyjzzk82ev3o] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\b61p7aljppls3.exe
O4 - HKCU\..\Run: [o0x4sniaopylhgseh234cblcopm9rjf9424wfmhaj5ny7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\b7dvp610dbc5.exe
O4 - HKCU\..\Run: [bgirnw56fcveg86lk29qlmc0cbzu5ap74hpquo] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mr48px.exe
O4 - HKCU\..\Run: [z2oamg4lx709z5pe427kfwcidmtsqcfdr9jk8nlqq3ila2r6c1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dxkpvlm2geb3.exe
O4 - HKCU\..\Run: [wp10ulylk29697] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\cvuuij0pxd0.exe
O4 - HKCU\..\Run: [a6xu0nvz3frh5hpuz05lexg1ajj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\auky0lwmv.exe
O4 - HKCU\..\Run: [jaifzfgtlk1enrkapnem0y8qsms5rpwi46p] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xxx5y9h.exe
O4 - HKCU\..\Run: [dlte97dwxla] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\do6t8eb.exe
O4 - HKCU\..\Run: [hgsts8bbx1u6qcxiejx5] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dimb5txds0pw.exe
O4 - HKCU\..\Run: [nrhfwgjfiodo4hhiha00vh4r] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qbwf1h8o8g2c.exe
O4 - HKCU\..\Run: [vmmxbxfaz71u9uecyrpeve152d582imklox4sq2] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wx93hd1zez.exe
O4 - HKCU\..\Run: [wrcca706qzwkswpnncfbz5rnsn] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\igfxak9yrz3.exe
O4 - HKCU\..\Run: [l4mebel3x6aky090nsyhv7c1h12gz16yfi908aa8wkbr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\uwc43sjpe5p.exe
O4 - HKCU\..\Run: [ov9uxmaqxeug7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mcf7oe30w9y7.exe
O4 - HKCU\..\Run: [w86ir32olm82kgyz] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jy5b7dkpmmm1v.exe
O4 - HKCU\..\Run: [tb08r5trfse1w7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fds3jxobpl7.exe
O4 - HKCU\..\Run: [lj62xfbnkx69l0k0e56db86mh9y2] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\f7116d.exe
O4 - HKCU\..\Run: [od4s6o1yp1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qwuywl5.exe
O4 - HKCU\..\Run: [l78tz95kqo140oy9l6j7ki3yeds59ajn7cfzphl2lmgpcwcv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\g642s9z.exe
O4 - HKCU\..\Run: [mw90t8bkr29f0ripgpzlvse6xa8v] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xv1jfxin28koi.exe
O4 - HKCU\..\Run: [kyfg9xoqq2joclj61] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\k25dsbt.exe
O4 - HKCU\..\Run: [cxegtuuil0ip6fvje0] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fio3drw1aj8aa.exe
O4 - HKCU\..\Run: [rpr0ug72t] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ykkqqb.exe
O4 - HKCU\..\Run: [rtdcdhqvn22mft54dr6x9] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\uoxdxuww.exe
O4 - HKCU\..\Run: [vz1p0w0f77orggxcvxv7ulyax5zjoy5bqt9edwsx3a9h2pdl4y] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\azozko66tsax.exe
O4 - HKCU\..\Run: [nsi5e0n1yfc3c] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qehn6c5v98a.exe
O4 - HKCU\..\Run: [rkqcbbg90nfqno3qthxh8b5g2y07] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bs0fajhh.exe
O4 - HKCU\..\Run: [eo6dpnsgiiyp] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\syng96ct.exe
O4 - HKCU\..\Run: [lrc524n41ia5zdqf88v] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\tztdslpxg61h5.exe
O4 - HKCU\..\Run: [nyu8ogl3osfi5o01nktw22ykpwcsobq9we7zdjt] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\woqbg26whla.exe
O4 - HKCU\..\Run: [t9918ba7q0tkr34r7txv85] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\f7w5sqevul3y.exe
O4 - HKCU\..\Run: [nuthb5p5nczhco0pob1cy0w6wz] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wi2qhue43uu.exe
O4 - HKCU\..\Run: [kcycmmj30vuvc258m5g76zcsorm3u5eo4fb52nqkzws6b6wefi] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\m0jp80d.exe
O4 - HKCU\..\Run: [s26vbe34hn58rsu4h7hxhby9cou3weijlxulim0wa74qlx45op] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\iv5j7grgh.exe
O4 - HKCU\..\Run: [jyr3dx6wp1aeqxw6rha] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\vgi8wplswa6.exe
O4 - HKCU\..\Run: [f09mmtrrw8umkqrf1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kbp18or1.exe
O4 - HKCU\..\Run: [shtvt4btkg8ntefnmceu4ir7y9lmsefgcptw7t7b8o] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xby6lk4j6qco.exe
O4 - HKCU\..\Run: [efyjvryat26ep6evefdlm7wxxagr27w455o1cb] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gj5i0xgj.exe
O4 - HKCU\..\Run: [rfzaz0yfpi5a37rhs3j4w2tcib05s] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jdeg49j7cwl.exe
O4 - HKCU\..\Run: [gerygak2a8ui99yyci] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\f918gtntf.exe
O4 - HKCU\..\Run: [pqxa4o1muqsmzxfbj9epgw8pj5or24mi] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mae6a2r6.exe
O4 - HKCU\..\Run: [hhe7hf2ft2jcr2y4p41o49oadhtb8h9dufny60zw2b] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nnr3dibq.exe
O4 - HKCU\..\Run: [yhtrl2xzed83gqust2desfgvu5ry0nhmcp546iyn5j] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\l3y7e1.exe
O4 - HKCU\..\Run: [qfm8bauhlt0ppttvnwl9hdhrhokn2fu6v3zqnu7h5wqbdcu] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xlqn9r3i.exe
O4 - HKCU\..\Run: [wk4f71wibe] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mind2zds.exe
O4 - HKCU\..\Run: [asgdkkj4hc2c0kgpehdwi440jzq0pbu1it69] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\r5hhab3he4.exe
O4 - HKCU\..\Run: [rdl9b9llznet56ai9bdaeo6amnhutjyypqr0f1ksdi7hs] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mqxputg32.exe
O4 - HKCU\..\Run: [d7eg9ak4wtp2y27nvoon4d4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\g9z1prvihl3fd.exe
O4 - HKCU\..\Run: [tdz3fmp4raj8h53qgb0k1dvh9jo9blio] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\r4cg1kgoq.exe
O4 - HKCU\..\Run: [zoogcsixvbfa] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\afwivfxjhhn.exe
O4 - HKCU\..\Run: [wreseew8z3bumlqq8bpntw] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\hemkerrvg.exe
O4 - HKCU\..\Run: [uf4f64prnm] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gq6li97.exe
O4 - HKCU\..\Run: [t3le5oi2cbhv4s7drdifp5ar8ls1c8] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\b3chrxh49v57t.exe
O4 - HKCU\..\Run: [anv9ayunskeqya80gub87wx2yohcm8v1iljn80nczey43ibaf] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\vvt66gmr5ny.exe
O4 - HKCU\..\Run: [m05bb5fkzr994e9ugaue3yig] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kb9dzowisa3.exe
O4 - HKCU\..\Run: [sj54s7gd1lxeqj8evh1s] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kgiaeeq3.exe
O4 - HKCU\..\Run: [n02q96e6d] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\w4brv604q4u7g.exe
O4 - HKCU\..\Run: [nupq87zj46zos52m9ewy8kyryicguuxyw23no4pj89qoa9r7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\u31vdpwiogl.exe
O4 - HKCU\..\Run: [orxgpegziur1qrvdoivq27d0rl8es] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\lyerqbf.exe
O4 - HKCU\..\Run: [c8xltjt61] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\c4b8dkoxz8pt9.exe
O4 - HKCU\..\Run: [e9uupqcd170rsz9ff97005zgdmwgfjaz] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nzonps04a.exe
O4 - HKCU\..\Run: [svahe1s5ffhmqs0fklk5s423brrk1fue8pb] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wt86j4h3rj3.exe
O4 - HKCU\..\Run: [qivcvxy7daxq5oba3] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ak8w706rwtb32.exe
O4 - HKCU\..\Run: [viz4rp5rej8uaoxorpbq1f6dvz1yzkafnpmfkracvtests] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\z1bh1gr3nf.exe
O4 - HKCU\..\Run: [f35t47dif6wr5z0dq7dvs9cku6zcak] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wchj8d6rv.exe
O4 - HKCU\..\Run: [mm0rocsm72b79oej8m221tmf7mi79df7isd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gg047ov6npyt.exe
O4 - HKCU\..\Run: [xh5dy879z24wgb38gy6ip] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e4nnwo8j.exe
O4 - HKCU\..\Run: [ow2seeptegudwprj9v3po3xzigpyv6fhk739] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\swxb0fmgac3b.exe
O4 - HKCU\..\Run: [c8sp29foo2g6n3twl4ogak25n2jo1tc4ci3sz2h50e87kq2f7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\g5xje5c5o4.exe
O4 - HKCU\..\Run: [r1xyvj0nk3ucqvok6ux5nsz31z58] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ad0dco57j.exe
O4 - HKCU\..\Run: [cobm6frakyyryp] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\r56y1s5g.exe
O4 - HKCU\..\Run: [i19vzkd67br85cv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e9jnqizsor.exe
O4 - HKCU\..\Run: [rxlxckdym3qlwxztkf4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mfj498ziybeh4.exe
O4 - HKCU\..\Run: [twmcyzugsmc4cpi6n0ncqr3rgchh3c] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mqmplai.exe
O4 - HKCU\..\Run: [b1ezg6w0plhs] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\u26o7ldf61t85.exe
O4 - HKCU\..\Run: [t9huknf7h45u5yk] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\og6gc26g2t.exe
O4 - HKCU\..\Run: [od0dtw6ndzutp4em5teh0eot39xnf] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gff3cb4f.exe
O4 - HKCU\..\Run: [xzedbynzn8u4wiiztvomna5mqko1fe6qp6] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\scca5je6.exe
O4 - HKCU\..\Run: [c0a97ii69ien5] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kbfdq5yhn.exe
O4 - HKCU\..\Run: [ars9ku0ztbuwhdj5s5w3fevporhiiwugwaa8zar1hlb] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qmiwk0fgn05.exe
O4 - HKCU\..\Run: [jlgh0m3gjl9i2ufg1xmo80vkk2o93ef] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\anvueqjtyt.exe
O4 - HKCU\..\Run: [ibjtfw91fp26ltfdlr56tjjaey5nwzso0] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rtsbkvlu.exe
O4 - HKCU\..\Run: [jiaq0npfp045xah4loe7fn2lnfl5lynztn0po2c0x1p46de4x] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\x42e7pv45693.exe
O4 - HKCU\..\Run: [c7uiwjbnu6scn9whu7db0fo4i44quw4zv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\z5ca66.exe
O4 - HKCU\..\Run: [abtegweqyzud923q19og61uxwfhge8wl8440b7kkek] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\o7bkpvved0r8e.exe
O4 - HKCU\..\Run: [iy630l8nbeydfk] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ymyv0512yzn.exe
O4 - HKCU\..\Run: [zaa9rt210wwckcnu9llujdvba] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mbx5kriidntwg.exe
O4 - HKCU\..\Run: [kt24t1ed6ehfu9n3nvnwoa] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\f14ipd55yq55a.exe
O4 - HKCU\..\Run: [ahbgajkwjuomf6i34153lkjvtfe] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gpr1ed1ix.exe
O4 - HKCU\..\Run: [upa8n7zuy8tsj0zf8oi] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jb48ygp.exe
O4 - HKCU\..\Run: [a62un565ys1q7251g1qmtdj0ei96ag4w6hqy5o70ox] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\z1dedtwvkvs.exe
O4 - HKCU\..\Run: [vubvn9f947sur44juspjy9d8mnb84k82qr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ntdmrjm3y.exe
O4 - HKCU\..\Run: [xmh8uv490w6v5ykjsouafdastpc3rl3dg3bj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gphe3mq.exe
O4 - HKCU\..\Run: [tjuhvl3y0duwxa8irlvw5wzfjtq80xgfy7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ein01k8gjd.exe
O4 - HKCU\..\Run: [pxqpxh5iife7teegyi1qis] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nes554j7ckya.exe
O4 - HKCU\..\Run: [zk972ejfd8gghdcolr6810kpuigfqfrjbmv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\n3l0xy31ftvjz.exe
O4 - HKCU\..\Run: [xbcfnhw9n0e78psvw93h0788q8rclsqn26jvu1wqzg9e20] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wrehvqdjqz.exe
O4 - HKCU\..\Run: [r7708ev4mlp82u74zniqorpae6pe1lbwo83ktlam5kwdqj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ow1j2x.exe
O4 - HKCU\..\Run: [szbmxw2lhnie9fduq9zce8dyx92lu272w] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\u7b5prlre5.exe
O4 - HKCU\..\Run: [mspl22tfshum] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mql0fv5t.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: userinit.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1231157589237
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 28355 bytes


any help would be great - thanks
  • 0

Advertisements

#2
kahdah
Posted 25 February 2009 - 06:14 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello ydt89

Welcome to G2Go. :)
=====================
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [Kgeqisubacaxoz] rundll32.exe "C:\WINDOWS\Vsayupuwowo.dll",e
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Administrator.EXPERIEN-AFC008\svchost.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe
O4 - HKCU\..\Run: [zso7z0di8j57eu9n4cwmlipu9v4sltkazywpbk7l28et] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xkymmbofz8s3.exe
O4 - HKCU\..\Run: [zdhatj9eae7e2ibspf0de4qjbgdljm3c3ljx] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\b4ga3qt5eggev.exe
O4 - HKCU\..\Run: [a7t8wu6fppvhf8bmjcouq] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qvz2p03.exe
O4 - HKCU\..\Run: [t0bacar5or14jfufd9gjigtt] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\eqg5ist02at0t.exe
O4 - HKCU\..\Run: [p05s9m4cv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\vfdm5gv1l6w.exe
O4 - HKCU\..\Run: [h7bfbvnlu78us5p6noovzbnta66ryjj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nsfjh3038.exe
O4 - HKCU\..\Run: [d7e9fdzg9pcom3vham92bgm] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ljfs46rcvc5.exe
O4 - HKCU\..\Run: [trkmw4eiwyepjsqwa0apzndrqrhtc1v] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\izk8e5hodj.exe
O4 - HKCU\..\Run: [jclzkw4mi9snd2qll5rr2399kebyi7irwgrhf4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\o0g89m18.exe
O4 - HKCU\..\Run: [ocy7oikejktfc4ebk2cv4f7jvc8g639klddrnhmhee] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qv1rji.exe
O4 - HKCU\..\Run: [mfyeov88wj1yx] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ubrg1gh6s.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] K:\Computer-Repair-Utility-Kit-V2\Virus Removal\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [wphnwz5q4lz8g224jhs7twzib5qrojdu99] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mxdq2z0.exe
O4 - HKCU\..\Run: [k5h273uirdtfjqwad417hlu] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\suoekzyzy.exe
O4 - HKCU\..\Run: [x5d3hngfqp7g1n6n1vgrtiql6l1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zqnuf6b.exe
O4 - HKCU\..\Run: [odg4f11miybdwyx0gidn] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\noqhruklh.exe
O4 - HKCU\..\Run: [jy3svilcj5ce] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ta357qd.exe
O4 - HKCU\..\Run: [esazqxp9hobswaeehg2] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wtwlx8k2g42s2.exe
O4 - HKCU\..\Run: [slmz7d44sjk3cd0pxoa6o5wx9ijr35nuxj01w1lha5a442p] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jbwn5l4xz68c7.exe
O4 - HKCU\..\Run: [loq12y59gindz5rskahh26le0yuwqydkrsw03ixve4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\d36w7p.exe
O4 - HKCU\..\Run: [aqqesbwdi0z6ulkweplhmsudif35038ixct66ilfv8wkq3bqm] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\obkk5r16.exe
O4 - HKCU\..\Run: [bxnchvxgj9jamks80xkas3sa8] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\q1nfv5hi.exe
O4 - HKCU\..\Run: [kox74jcxqbnu8sptmwq51vofq88yepi] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\cvgumimaf1.exe
O4 - HKCU\..\Run: [aktm1sbw7ah72ngdxbefie7hl4s4pquyyiz4ljiuzqzd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kqz9psqbty10.exe
O4 - HKCU\..\Run: [ncvtt01007q67vefty87ysm6suvzeskxy1ek9f20pe] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\oipq1zop10ir.exe
O4 - HKCU\..\Run: [grzmv4n22rn7jy3q6qmy67f7jnaifxijigfa2650h6cx] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\t5caztl3qqgz.exe
O4 - HKCU\..\Run: [qjwso9sqqty8ay6gz69vig8zv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wm6i5uiy.exe
O4 - HKCU\..\Run: [avqrjfklh5rv9ze] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bhpcr8f3sn47y.exe
O4 - HKCU\..\Run: [hmgtnqr52r1bxx2zwyv64bn3yj9jjrrzxu0p74v] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ywvag641zx3l.exe
O4 - HKCU\..\Run: [warlk0vdwl3ecc9mw3bc2jq2gcmeud18l90bik0cx7fa2u] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e7hx94dfznk.exe
O4 - HKCU\..\Run: [g3fgz4hhxdwa6gp92slpsmugujbwumfwni] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rzvdedzodhb8.exe
O4 - HKCU\..\Run: [gbs0h1nlvw9yh5xlaruolo80d8x34jzlti] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gl12166kuu670.exe
O4 - HKCU\..\Run: [kv1xzwhvuj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wrq0gi.exe
O4 - HKCU\..\Run: [ua3h80z1tawjgoqgple5c34qqb4duh51p] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qg6h36ufex0f.exe
O4 - HKCU\..\Run: [a1pass7izjhs7ikn] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\io6upcu31tk.exe
O4 - HKCU\..\Run: [ercodeadp6a0cey1wwq8vv42t3] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fggzbd6.exe
O4 - HKCU\..\Run: [pptm1ekxdt4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\em4d3u0h.exe
O4 - HKCU\..\Run: [j34s441r34om6f74z2cz3y587yw4vgiyx4equy] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\hp0oztlqcjf.exe
O4 - HKCU\..\Run: [ru7xzdmggq8nmmnf373sb9ls] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bqevkidnio.exe
O4 - HKCU\..\Run: [kse09szpxgfr0vq3zq] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bfbtrzdm.exe
O4 - HKCU\..\Run: [nuz8owspd1o753n85mgh4je32vjdyc9nckn5cfsyg7qd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\t4otjr.exe
O4 - HKCU\..\Run: [c4c12wij5] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kf4uydrodvy.exe
O4 - HKCU\..\Run: [maoj0eb51bkr7yaeb3ds75pe3qv80jptioxfc004c7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\y9w10cghyw.exe
O4 - HKCU\..\Run: [efb0d66v5ib9hbkgwvlz0cp5aruflf347kovw3b5cn8h] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fst1nsli8f.exe
O4 - HKCU\..\Run: [hs1e1zlqnhtjrmlvtdfw86cgjxyqvwppp317lu1s] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wrl7jlp2sr9fv.exe
O4 - HKCU\..\Run: [zzxxo3c8exeigrlevok5vdhks2whuv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\cjva6fzcz.exe
O4 - HKCU\..\Run: [nsy8h1j0hbb1g54lf2o09hai2d140dh75q4typjhsl] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\s1oc36ef.exe
O4 - HKCU\..\Run: [doyt3hbv3381sbd7xry0uso6433u1o1u2y2] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wbojr23mo9.exe
O4 - HKCU\..\Run: [vvvzp89dbfycox6oqvs14yse] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\a7djrh46sptbf.exe
O4 - HKCU\..\Run: [fdfkvncahktj1udg841cfl0o8bs1kke5b0gk1htn25rubqi2x] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\uw6xii.exe
O4 - HKCU\..\Run: [q7smtps7105p47oj3oqu] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\s0f49iaub8y.exe
O4 - HKCU\..\Run: [tfwkl2nv8c6y0k9t78tjr4d32xdzoh3g3rm02fu1cdz8] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nrfuwlikyi0yo.exe
O4 - HKCU\..\Run: [a1p2tyh1t7foysy149ps25ajrys4nv2ts21tdhxzae0b7htg] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\yxpamt.exe
O4 - HKCU\..\Run: [o8ydwtlygqul5d1xokhykdriqpbkc667apn2i] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wwfenvpmu9xp.exe
O4 - HKCU\..\Run: [pz3ruacqkog0ppdyjdp2eki66yevdosx] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wlctutlv0x.exe
O4 - HKCU\..\Run: [qd4p3mq9rdrnt6fc2do52i6hqlpcvap4k1qmrhm2wsyr97] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\yro9j8uv24y.exe
O4 - HKCU\..\Run: [d5847rrj6bmwwhqf6lab1f4w6rcrk1uxd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\x958b78.exe
O4 - HKCU\..\Run: [vzb65j5f3fh6ztoyluyxt7yie0] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\sulgvp.exe
O4 - HKCU\..\Run: [yda1d52vcsekakhssoqm] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e2ssay7hbw.exe
O4 - HKCU\..\Run: [p5oa2qxgmivfd4ec2g184i3qzzfs] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jgumdc4.exe
O4 - HKCU\..\Run: [fu4l5imbdw1h5reyjr3ny4xbz7mbakugl0m3i8q] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\favpw6nlm.exe
O4 - HKCU\..\Run: [pqdcgubw3y2oeqm0356y7t3a009tg6o9apw1i2hq] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\x9uploa8prd31.exe
O4 - HKCU\..\Run: [dh0tr2xr2cllbzdsfdh] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dp4vyz8w.exe
O4 - HKCU\..\Run: [ci0xu14c0yjiz874v38g6dathksgsk7upxj25pehl] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zsoc6m1pm6j.exe
O4 - HKCU\..\Run: [h5ua9fj6lf6iq162m7h0q9p028dwej3tfi2kh] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\u67eu1p4nd0f5.exe
O4 - HKCU\..\Run: [buzehn4r8y5wvl65datg1pue] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\hzhi780f3tdv9.exe
O4 - HKCU\..\Run: [ig44jsmhaba] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ww1sw3ouom.exe
O4 - HKCU\..\Run: [ul9iggtddu1ah42pst0psq7kgvxkuzskgcx9a7sdlaf7tod] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\lk1aonp47.exe
O4 - HKCU\..\Run: [o70hgcapii4gkmvwacqo6gq3th6d1cnk] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fkxqrquirzbf.exe
O4 - HKCU\..\Run: [on86l196u4c72yh3dgerxr5r85jc3dok9325um76perje] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ygolzxv.exe
O4 - HKCU\..\Run: [tgt67xu7vc67un8a93e8t27ov6zydxz3hej5wezxney] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ti4cjf.exe
O4 - HKCU\..\Run: [h34aigw8klm312xbej6gzchz7t6o4g9xd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\k7ka6krfzp9n.exe
O4 - HKCU\..\Run: [i69e9t1l8sfqho3vau] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\tq6b16x2v.exe
O4 - HKCU\..\Run: [diwv95hc9x4r] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\octh69ldya.exe
O4 - HKCU\..\Run: [is20bmtmeshpwmkfii58ujyayjnpuy7hm47i1uk] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\emsqrjqdh.exe
O4 - HKCU\..\Run: [vcavdgzrkmonwe7dwz7t9tj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\y6v4f7.exe
O4 - HKCU\..\Run: [emyhq1kc4qe2l3k2ijyxotwc3em3py5mi004c5stfzw7o6g] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mzgww23kmn.exe
O4 - HKCU\..\Run: [vmbgke1ph2zihkuj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fkt627nsjt.exe
O4 - HKCU\..\Run: [pa2zfi6m32s] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\j88e97teyc.exe
O4 - HKCU\..\Run: [p3bp3zbb64wy9scb7rvr1tpc2hudwcrdayd8rt2zqp1jcnlr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rvvy71qb6y.exe
O4 - HKCU\..\Run: [y4qgai5pg7zzhgbfiql0djcy98ylm9pdf7qo60chshc40] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zn16lq0o3.exe
O4 - HKCU\..\Run: [ygxda5eindw6y6uaxd8x5qrpzh0tm93o4z2fxmug] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kfit9lz.exe
O4 - HKCU\..\Run: [vf9j9b98p1kixxkuy6wkofcl] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\i6ijw5q1w.exe
O4 - HKCU\..\Run: [u1rezf56lk6cdx5ve9c13zbwict00b16i4b] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\eqhu576qbvn6.exe
O4 - HKCU\..\Run: [irgc66272f1f] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zsx2ppjcg1l.exe
O4 - HKCU\..\Run: [uvrkrpxkfv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\y4h3a7gr7.exe
O4 - HKCU\..\Run: [q9l3zo7to3iiushi] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\cpkvrmozbi2h1.exe
O4 - HKCU\..\Run: [ox5pfb7e4y9cbop8j4p] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\f8apgvdnfne.exe
O4 - HKCU\..\Run: [j4ltxc4dy1urjinfb] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\c53ebd.exe
O4 - HKCU\..\Run: [atuk3nwhdz7ta2m] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\uodskhefxanu.exe
O4 - HKCU\..\Run: [s6upmiffy2pr3cxdqf7cjki7j6vir2a] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ldt97mgzg6.exe
O4 - HKCU\..\Run: [g19utyd9g4wpirg6lwkyrzb7smcvtz468z80sydq4ts] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dit8zphqz.exe
O4 - HKCU\..\Run: [am0oyy1eybbw25lkeb4wxkupsv7jtqqiex1kacsc] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\w8jl81z45.exe
O4 - HKCU\..\Run: [k74qbru9kgrvtdz5kwpgtxhknbun7zh] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qxg2azn.exe
O4 - HKCU\..\Run: [iitvjymohjtf08s4nzrbdd9tod81kp3ks49jrtsg18s5cd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\x1zn9atctp.exe
O4 - HKCU\..\Run: [lltsmy4tctmtp3kgqled8dar1z0nul3oa0oaw65r] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\z2sjr8xfvdw9.exe
O4 - HKCU\..\Run: [rxkm6i3job21ozco6521vcb9tad89q0174ht7pl5vhxfv4i] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bm2fqp.exe
O4 - HKCU\..\Run: [zqckhhc5oi4v9dwq48kqd6amxxfh79igxmzgfe3s4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\sszdwdk2ggpi.exe
O4 - HKCU\..\Run: [u86mlztqv90t0ewo0zbke0wkeo5nnrskvish2fx] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mhfu2i33zc.exe
O4 - HKCU\..\Run: [k62ln8nvbbrygsxn4yy8eaksk76a] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\y39zj7uc.exe
O4 - HKCU\..\Run: [p29r1pp1rekv0r6wk2fbunlcj5rigsceiycypv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dhst5l804d54v.exe
O4 - HKCU\..\Run: [szkzka0vl1ba3nlu1jn8mzyqzf1r2kwpn52o7jnho] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\hjvlm0gp4.exe
O4 - HKCU\..\Run: [khmom0bgynl83vz16zf0vaoynvcgcy] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rfiwxam.exe
O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Administrator.EXPERIEN-AFC008\svchost.exe
O4 - HKCU\..\Run: [japkhnxzvbps8m3z7iqzh2sqjd49tg52z8vivydoaokpo35] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zqlxkt.exe
O4 - HKCU\..\Run: [nz7emoy78j7v4ka6748ey3kegflqwyxc7xhyn39] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ckuv79zp4.exe
O4 - HKCU\..\Run: [uyjzzk82ev3o] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\b61p7aljppls3.exe
O4 - HKCU\..\Run: [o0x4sniaopylhgseh234cblcopm9rjf9424wfmhaj5ny7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\b7dvp610dbc5.exe
O4 - HKCU\..\Run: [bgirnw56fcveg86lk29qlmc0cbzu5ap74hpquo] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mr48px.exe
O4 - HKCU\..\Run: [z2oamg4lx709z5pe427kfwcidmtsqcfdr9jk8nlqq3ila2r6c1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dxkpvlm2geb3.exe
O4 - HKCU\..\Run: [wp10ulylk29697] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\cvuuij0pxd0.exe
O4 - HKCU\..\Run: [a6xu0nvz3frh5hpuz05lexg1ajj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\auky0lwmv.exe
O4 - HKCU\..\Run: [jaifzfgtlk1enrkapnem0y8qsms5rpwi46p] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xxx5y9h.exe
O4 - HKCU\..\Run: [dlte97dwxla] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\do6t8eb.exe
O4 - HKCU\..\Run: [hgsts8bbx1u6qcxiejx5] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dimb5txds0pw.exe
O4 - HKCU\..\Run: [nrhfwgjfiodo4hhiha00vh4r] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qbwf1h8o8g2c.exe
O4 - HKCU\..\Run: [vmmxbxfaz71u9uecyrpeve152d582imklox4sq2] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wx93hd1zez.exe
O4 - HKCU\..\Run: [wrcca706qzwkswpnncfbz5rnsn] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\igfxak9yrz3.exe
O4 - HKCU\..\Run: [l4mebel3x6aky090nsyhv7c1h12gz16yfi908aa8wkbr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\uwc43sjpe5p.exe
O4 - HKCU\..\Run: [ov9uxmaqxeug7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mcf7oe30w9y7.exe
O4 - HKCU\..\Run: [w86ir32olm82kgyz] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jy5b7dkpmmm1v.exe
O4 - HKCU\..\Run: [tb08r5trfse1w7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fds3jxobpl7.exe
O4 - HKCU\..\Run: [lj62xfbnkx69l0k0e56db86mh9y2] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\f7116d.exe
O4 - HKCU\..\Run: [od4s6o1yp1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qwuywl5.exe
O4 - HKCU\..\Run: [l78tz95kqo140oy9l6j7ki3yeds59ajn7cfzphl2lmgpcwcv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\g642s9z.exe
O4 - HKCU\..\Run: [mw90t8bkr29f0ripgpzlvse6xa8v] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xv1jfxin28koi.exe
O4 - HKCU\..\Run: [kyfg9xoqq2joclj61] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\k25dsbt.exe
O4 - HKCU\..\Run: [cxegtuuil0ip6fvje0] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fio3drw1aj8aa.exe
O4 - HKCU\..\Run: [rpr0ug72t] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ykkqqb.exe
O4 - HKCU\..\Run: [rtdcdhqvn22mft54dr6x9] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\uoxdxuww.exe
O4 - HKCU\..\Run: [vz1p0w0f77orggxcvxv7ulyax5zjoy5bqt9edwsx3a9h2pdl4y] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\azozko66tsax.exe
O4 - HKCU\..\Run: [nsi5e0n1yfc3c] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qehn6c5v98a.exe
O4 - HKCU\..\Run: [rkqcbbg90nfqno3qthxh8b5g2y07] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bs0fajhh.exe
O4 - HKCU\..\Run: [eo6dpnsgiiyp] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\syng96ct.exe
O4 - HKCU\..\Run: [lrc524n41ia5zdqf88v] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\tztdslpxg61h5.exe
O4 - HKCU\..\Run: [nyu8ogl3osfi5o01nktw22ykpwcsobq9we7zdjt] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\woqbg26whla.exe
O4 - HKCU\..\Run: [t9918ba7q0tkr34r7txv85] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\f7w5sqevul3y.exe
O4 - HKCU\..\Run: [nuthb5p5nczhco0pob1cy0w6wz] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wi2qhue43uu.exe
O4 - HKCU\..\Run: [kcycmmj30vuvc258m5g76zcsorm3u5eo4fb52nqkzws6b6wefi] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\m0jp80d.exe
O4 - HKCU\..\Run: [s26vbe34hn58rsu4h7hxhby9cou3weijlxulim0wa74qlx45op] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\iv5j7grgh.exe
O4 - HKCU\..\Run: [jyr3dx6wp1aeqxw6rha] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\vgi8wplswa6.exe
O4 - HKCU\..\Run: [f09mmtrrw8umkqrf1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kbp18or1.exe
O4 - HKCU\..\Run: [shtvt4btkg8ntefnmceu4ir7y9lmsefgcptw7t7b8o] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xby6lk4j6qco.exe
O4 - HKCU\..\Run: [efyjvryat26ep6evefdlm7wxxagr27w455o1cb] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gj5i0xgj.exe
O4 - HKCU\..\Run: [rfzaz0yfpi5a37rhs3j4w2tcib05s] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jdeg49j7cwl.exe
O4 - HKCU\..\Run: [gerygak2a8ui99yyci] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\f918gtntf.exe
O4 - HKCU\..\Run: [pqxa4o1muqsmzxfbj9epgw8pj5or24mi] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mae6a2r6.exe
O4 - HKCU\..\Run: [hhe7hf2ft2jcr2y4p41o49oadhtb8h9dufny60zw2b] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nnr3dibq.exe
O4 - HKCU\..\Run: [yhtrl2xzed83gqust2desfgvu5ry0nhmcp546iyn5j] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\l3y7e1.exe
O4 - HKCU\..\Run: [qfm8bauhlt0ppttvnwl9hdhrhokn2fu6v3zqnu7h5wqbdcu] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xlqn9r3i.exe
O4 - HKCU\..\Run: [wk4f71wibe] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mind2zds.exe
O4 - HKCU\..\Run: [asgdkkj4hc2c0kgpehdwi440jzq0pbu1it69] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\r5hhab3he4.exe
O4 - HKCU\..\Run: [rdl9b9llznet56ai9bdaeo6amnhutjyypqr0f1ksdi7hs] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mqxputg32.exe
O4 - HKCU\..\Run: [d7eg9ak4wtp2y27nvoon4d4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\g9z1prvihl3fd.exe
O4 - HKCU\..\Run: [tdz3fmp4raj8h53qgb0k1dvh9jo9blio] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\r4cg1kgoq.exe
O4 - HKCU\..\Run: [zoogcsixvbfa] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\afwivfxjhhn.exe
O4 - HKCU\..\Run: [wreseew8z3bumlqq8bpntw] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\hemkerrvg.exe
O4 - HKCU\..\Run: [uf4f64prnm] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gq6li97.exe
O4 - HKCU\..\Run: [t3le5oi2cbhv4s7drdifp5ar8ls1c8] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\b3chrxh49v57t.exe
O4 - HKCU\..\Run: [anv9ayunskeqya80gub87wx2yohcm8v1iljn80nczey43ibaf] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\vvt66gmr5ny.exe
O4 - HKCU\..\Run: [m05bb5fkzr994e9ugaue3yig] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kb9dzowisa3.exe
O4 - HKCU\..\Run: [sj54s7gd1lxeqj8evh1s] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kgiaeeq3.exe
O4 - HKCU\..\Run: [n02q96e6d] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\w4brv604q4u7g.exe
O4 - HKCU\..\Run: [nupq87zj46zos52m9ewy8kyryicguuxyw23no4pj89qoa9r7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\u31vdpwiogl.exe
O4 - HKCU\..\Run: [orxgpegziur1qrvdoivq27d0rl8es] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\lyerqbf.exe
O4 - HKCU\..\Run: [c8xltjt61] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\c4b8dkoxz8pt9.exe
O4 - HKCU\..\Run: [e9uupqcd170rsz9ff97005zgdmwgfjaz] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nzonps04a.exe
O4 - HKCU\..\Run: [svahe1s5ffhmqs0fklk5s423brrk1fue8pb] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wt86j4h3rj3.exe
O4 - HKCU\..\Run: [qivcvxy7daxq5oba3] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ak8w706rwtb32.exe
O4 - HKCU\..\Run: [viz4rp5rej8uaoxorpbq1f6dvz1yzkafnpmfkracvtests] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\z1bh1gr3nf.exe
O4 - HKCU\..\Run: [f35t47dif6wr5z0dq7dvs9cku6zcak] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wchj8d6rv.exe
O4 - HKCU\..\Run: [mm0rocsm72b79oej8m221tmf7mi79df7isd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gg047ov6npyt.exe
O4 - HKCU\..\Run: [xh5dy879z24wgb38gy6ip] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e4nnwo8j.exe
O4 - HKCU\..\Run: [ow2seeptegudwprj9v3po3xzigpyv6fhk739] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\swxb0fmgac3b.exe
O4 - HKCU\..\Run: [c8sp29foo2g6n3twl4ogak25n2jo1tc4ci3sz2h50e87kq2f7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\g5xje5c5o4.exe
O4 - HKCU\..\Run: [r1xyvj0nk3ucqvok6ux5nsz31z58] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ad0dco57j.exe
O4 - HKCU\..\Run: [cobm6frakyyryp] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\r56y1s5g.exe
O4 - HKCU\..\Run: [i19vzkd67br85cv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e9jnqizsor.exe
O4 - HKCU\..\Run: [rxlxckdym3qlwxztkf4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mfj498ziybeh4.exe
O4 - HKCU\..\Run: [twmcyzugsmc4cpi6n0ncqr3rgchh3c] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mqmplai.exe
O4 - HKCU\..\Run: [b1ezg6w0plhs] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\u26o7ldf61t85.exe
O4 - HKCU\..\Run: [t9huknf7h45u5yk] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\og6gc26g2t.exe
O4 - HKCU\..\Run: [od0dtw6ndzutp4em5teh0eot39xnf] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gff3cb4f.exe
O4 - HKCU\..\Run: [xzedbynzn8u4wiiztvomna5mqko1fe6qp6] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\scca5je6.exe
O4 - HKCU\..\Run: [c0a97ii69ien5] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kbfdq5yhn.exe
O4 - HKCU\..\Run: [ars9ku0ztbuwhdj5s5w3fevporhiiwugwaa8zar1hlb] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qmiwk0fgn05.exe
O4 - HKCU\..\Run: [jlgh0m3gjl9i2ufg1xmo80vkk2o93ef] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\anvueqjtyt.exe
O4 - HKCU\..\Run: [ibjtfw91fp26ltfdlr56tjjaey5nwzso0] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rtsbkvlu.exe
O4 - HKCU\..\Run: [jiaq0npfp045xah4loe7fn2lnfl5lynztn0po2c0x1p46de4x] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\x42e7pv45693.exe
O4 - HKCU\..\Run: [c7uiwjbnu6scn9whu7db0fo4i44quw4zv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\z5ca66.exe
O4 - HKCU\..\Run: [abtegweqyzud923q19og61uxwfhge8wl8440b7kkek] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\o7bkpvved0r8e.exe
O4 - HKCU\..\Run: [iy630l8nbeydfk] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ymyv0512yzn.exe
O4 - HKCU\..\Run: [zaa9rt210wwckcnu9llujdvba] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mbx5kriidntwg.exe
O4 - HKCU\..\Run: [kt24t1ed6ehfu9n3nvnwoa] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\f14ipd55yq55a.exe
O4 - HKCU\..\Run: [ahbgajkwjuomf6i34153lkjvtfe] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gpr1ed1ix.exe
O4 - HKCU\..\Run: [upa8n7zuy8tsj0zf8oi] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jb48ygp.exe
O4 - HKCU\..\Run: [a62un565ys1q7251g1qmtdj0ei96ag4w6hqy5o70ox] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\z1dedtwvkvs.exe
O4 - HKCU\..\Run: [vubvn9f947sur44juspjy9d8mnb84k82qr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ntdmrjm3y.exe
O4 - HKCU\..\Run: [xmh8uv490w6v5ykjsouafdastpc3rl3dg3bj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gphe3mq.exe
O4 - HKCU\..\Run: [tjuhvl3y0duwxa8irlvw5wzfjtq80xgfy7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ein01k8gjd.exe
O4 - HKCU\..\Run: [pxqpxh5iife7teegyi1qis] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nes554j7ckya.exe
O4 - HKCU\..\Run: [zk972ejfd8gghdcolr6810kpuigfqfrjbmv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\n3l0xy31ftvjz.exe
O4 - HKCU\..\Run: [xbcfnhw9n0e78psvw93h0788q8rclsqn26jvu1wqzg9e20] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wrehvqdjqz.exe
O4 - HKCU\..\Run: [r7708ev4mlp82u74zniqorpae6pe1lbwo83ktlam5kwdqj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ow1j2x.exe
O4 - HKCU\..\Run: [szbmxw2lhnie9fduq9zce8dyx92lu272w] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\u7b5prlre5.exe
O4 - HKCU\..\Run: [mspl22tfshum] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mql0fv5t.exe
O4 - Startup: userinit.exe



Now click on Fix Checked and then close Hijackthis.
===================================
I will need you to Download ONE of these anti-virus programs and install it.
These are free.
AVG free 8.0
Note this is free antispyware protection and Antivirus protection.

or

Antivir
this is just antivirus protection.
====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#3
ydt89
Posted 25 February 2009 - 07:39 PM

ydt89

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Checked boxes in hijack this, installing AVG now, then running OTlistit ill post results when i have them.
Thanks for the help :)
  • 0

#4
kahdah
Posted 25 February 2009 - 07:48 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)
  • 0

#5
ydt89
Posted 25 February 2009 - 07:54 PM

ydt89

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTListIt.Txt and Extras.Txt Attatched

NOTE: AVG wouldn't install.. Had issue with writing to registry.. :/

Attached Files


Edited by ydt89, 25 February 2009 - 07:59 PM.

  • 0

#6
kahdah
Posted 26 February 2009 - 06:59 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
If you are using cracks you will not continue to get help here do discontinue using them as they are illegal.

The reason I say this is because of these files:
C:\Documents and Settings\All Users.WINDOWS\Documents\NetBIOS Cracker.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\UT 2003 KeyGen.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\Counter-Strike KeyGen.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\L0pht 4.0 Windows Password Cracker.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\AOL Instant Messenger (AIM) Hacker.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\IP Nuker.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\Windows Password Cracker.exe

If you do not use cracks then disregard the above message sometimes these types of files can be dropped by malware.
================
Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
PRC - C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\envqjno3.exe ()
PRC - C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\tmha4s8ew.exe ()
PRC - C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\fuomj1u0tcmln.exe ()
PRC - C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\e68n4jafg89.exe ()
PRC - C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\dtrn5g.exe ()
PRC - C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\vnb60lrn.exe ()
PRC - C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\qjuzd54ru.exe ()
PRC - C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\ybd05tsen77.exe ()
PRC - C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\p0thshbfn.exe ()
PRC - C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\ms3meinrc12tw.exe ()
PRC - C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\gh0kk66bvxm.exe ()
O4 - HKCU..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe (Microsoft Corporation)
O4 - HKCU..\Run: [a25sf0i5jp50f0rijssep2jwt3pxk64xhfc4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ybd05tsen77.exe ()
O4 - HKCU..\Run: [af8otyxml869cy04tqeb0vicqkgv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\voif31a2k.exe ()
O4 - HKCU..\Run: [avujbtrrpo3g9evwdaog092vtib] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\lvs8vt.exe File not found
O4 - HKCU..\Run: [b1fuk63ncir8cq2ql1t269kzkggv32nz1klm6anarley9ng] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\juzcwco1tnti.exe File not found
O4 - HKCU..\Run: [b3wpghh5q7zu31cyg] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\hnmvf2my.exe File not found
O4 - HKCU..\Run: [bg4p92jd5497ucem1njzm0qov6kp] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nka7ostdw4wh.exe ()
O4 - HKCU..\Run: [bmdnjrcse2tdjzq69keqe947bzh5zeu8j2] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\t4f3xlirp.exe ()
O4 - HKCU..\Run: [bqfuupbdc87batm7x0q0iu4tjc63y7gxnxbi0hqzvsvuv2] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ciih2jy4t9i.exe ()
O4 - HKCU..\Run: [brrpf1jki6jinam58knxahj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fzz1mir7.exe File not found
O4 - HKCU..\Run: [bsat0ddqrhrry5ktbvq2avyinl1x9r819008u99u] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\oonztm237hm.exe File not found
O4 - HKCU..\Run: [bthemblrq] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jbe165vfg.exe File not found
O4 - HKCU..\Run: [byv4hgnh4ir1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\u73jpz.exe ()
O4 - HKCU..\Run: [cbifnd5zuiogc9nly1mg3th6mq6ldbd4rvg] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ck1b15.exe File not found
O4 - HKCU..\Run: [cecwoeqwkwfg4boaiwd8prihcegkj5iqc14rajm6qall5d9u1u] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fzem3ejr.exe File not found
O4 - HKCU..\Run: [cfw2h4y9s4i5oojj0fmqvlmcgxagsmx6yrdj91d8g5nn3qja] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\btdbrz8jj.exe File not found
O4 - HKCU..\Run: [cosodoxq1vxhfgjj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qy135cvoprp.exe ()
O4 - HKCU..\Run: [cp1dpgxlz6eyqhwdajnke0] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\vjetswoq21k.exe File not found
O4 - HKCU..\Run: [cysdyc56pkfgjoz5arr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fce45uk.exe ()
O4 - HKCU..\Run: [d0rjwyoq1pw8ozkzo] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mmorh8x.exe ()
O4 - HKCU..\Run: [d2qe3m7np2k] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\pxk5cjvfwzv83.exe File not found
O4 - HKCU..\Run: [d4gd7r9bsyla421d6xxkxcprx4zpu6wzdm7mheaf8qov3] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ua8s9a90atod.exe File not found
O4 - HKCU..\Run: [dktrnv7dsupoc0qps4q8rmp2kkxwl53gysa96zohj2xyxip5u] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\us1o4bjqyvi1z.exe File not found
O4 - HKCU..\Run: [duoyp8262nsiylxfzr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fjf7nr.exe File not found
O4 - HKCU..\Run: [e14e1k8c9xxbdhmz81l0hltcfp1hgw9l406x6] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\h7fiaq8b.exe ()
O4 - HKCU..\Run: [e87hw9fl0opowzvhnpzruvxmgy7n0twdy] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\n2pdofli.exe ()
O4 - HKCU..\Run: [ebpw0e5gx3ej8rcpjuagxvk1ea1xy] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zoqx8stfx0y.exe File not found
O4 - HKCU..\Run: [ectxmfbkag2cogke658tebbxjjsu9t1pggim8g8b] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qjuzd54ru.exe ()
O4 - HKCU..\Run: [enijcgqsfb1t62s5g1fd05s90em] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\hhyaxdun.exe File not found
O4 - HKCU..\Run: [evx6dys54njmykbxj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\t5g4hdeonz.exe File not found
O4 - HKCU..\Run: [ewnuoe2vjitdw0ectwj5ar0] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\aaurzxjb.exe File not found
O4 - HKCU..\Run: [feji1s84zkppv468bxxrlfg0qp] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ygzk95c.exe File not found
O4 - HKCU..\Run: [feq3csslrn5zzrkbuknk3uc311] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ru2bcd4y44.exe File not found
O4 - HKCU..\Run: [fewfl97479z559j8ggelkvd7eg57mkzuyxzl] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\y0jfhmqzbwt9.exe File not found
O4 - HKCU..\Run: [fgkef26ykjajthf16koo34jfuumt10mmmg5xjxccqygh3y9qfr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\svsz9t8cdjg.exe ()
O4 - HKCU..\Run: [fihmmbb2rmg7qv07erm] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\j4zzl6qoyj.exe File not found
O4 - HKCU..\Run: [fqt8gzvyi2xfkvh9zl] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jzuim01cqf98o.exe ()
O4 - HKCU..\Run: [fuoojb2xlxt20yipi2pz8p5p] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qe4gasy0nfbuz.exe File not found
O4 - HKCU..\Run: [fuybhajhi1fvtd4voq9m4y0rwi2rhkr4b70z5n5gxrhr2] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jm25kcveez.exe ()
O4 - HKCU..\Run: [gmd0yyky2rmxhcmzyjcym22x86f] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\uyvtinppab.exe ()
O4 - HKCU..\Run: [gtactr7t8k5] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rc20xod1bd4lx.exe ()
O4 - HKCU..\Run: [h067i80gu2e3h21] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\d04fjslo9cqqw.exe ()
O4 - HKCU..\Run: [h80eae33hsniy] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\god8if6sdvozz.exe ()
O4 - HKCU..\Run: [hebnt7cl84w34hhbr8hb05xkwixcpdccb3s4e73yuom8pnuuh8] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\h63ie6tzcdo.exe File not found
O4 - HKCU..\Run: [hexo82d2azo9oqtzsvm0j1f3s06ckpm9yv3w69f1jhnws0o] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rxmx1h.exe ()
O4 - HKCU..\Run: [hoyg74qktfjzvewr2wz74aae5iaeycgpuix1m] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kxgmruh9yjfr.exe File not found
O4 - HKCU..\Run: [i05cnxqahe53] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\hx29i1l153ks.exe ()
O4 - HKCU..\Run: [ia4dujnk134ogw16o68gtxswwfng7xbavv9a8f] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\yg1muctdei1xk.exe File not found
O4 - HKCU..\Run: [if8q7cgxx7vko7sia5] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\c3kpwio.exe File not found
O4 - HKCU..\Run: [ikzkztij8dkzfsu70b2z59yjhkb30e37qmhrlvpybotx0] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\lk23nnv.exe File not found
O4 - HKCU..\Run: [ilebfp5s3gokb2pfdt9sjcajg] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\envqjno3.exe ()
O4 - HKCU..\Run: [inp5ebonb2w7qqvvk75jtbjgoaqs0vw7oh] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xoaj9jep.exe File not found
O4 - HKCU..\Run: [iwkd82mrl881n72sjl0w] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gh0kk66bvxm.exe ()
O4 - HKCU..\Run: [ixelplvrojef004ov0zyq1miic46t6pviqyhw8k] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wo2no2aade.exe File not found
O4 - HKCU..\Run: [j5st8nqyc95uxicz] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\i37n9o4m.exe ()
O4 - HKCU..\Run: [j7udztpi4wdcdwaifsysl] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\py2iy17nfnuv.exe File not found
O4 - HKCU..\Run: [jqftupolghczpvqnqu5rb] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\sxlxjauh.exe File not found
O4 - HKCU..\Run: [jrg6jrvfibr6ctarb322zratb82wy2yrhikk] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\n3dvx68fi.exe ()
O4 - HKCU..\Run: [jxfo67kknbejdkv8norw3o32gyb5i6] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\q9kkwr.exe ()
O4 - HKCU..\Run: [jxyu3d2nhc1w28psjinx74r7m] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rvoid5pfz9p0x.exe ()
O4 - HKCU..\Run: [kc3kot9hcwtyqxplz8n83pvqexc70q8ge4rtgdy0xz57iaj44k] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\r8e4durqas9e.exe ()
O4 - HKCU..\Run: [kj07f609nt] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ciczaqj4tv.exe File not found
O4 - HKCU..\Run: [kt9yl75drxtu5e3lsmx] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kuvjufs4v6p1.exe ()
O4 - HKCU..\Run: [kxyl2ldq5w42onvskopd3107mg70k4hh54v] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\f7c1wdfe.exe File not found
O4 - HKCU..\Run: [kydzuwc1bd9] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\p4peau5p3cxm3.exe File not found
O4 - HKCU..\Run: [l2b4k6phveo8wmn4mxo1chlyh6ax3udzbaa6g] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\iqie7rpf0.exe File not found
O4 - HKCU..\Run: [l73ugtp2tom8x0qbgp93t6gz768tvajfo6uo06ydp] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\aomu68lxlp70.exe File not found
O4 - HKCU..\Run: [lbl7sc5qrt5bh] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ry8n29w39.exe ()
O4 - HKCU..\Run: [leh3jhy53c0zxbtl6n2erlkp81] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zy4noeb4ds1.exe ()
O4 - HKCU..\Run: [lhmeva7qqq48ifybh5qdjc] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\pj1s7nv1z2p.exe ()
O4 - HKCU..\Run: [llt4ky9suw4knhhwqpa6529dytascezxjjai6] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gzpd0k.exe File not found
O4 - HKCU..\Run: [lsy3mb22xwgjz4c3l1jcd8uao25pkroso6y1dtlznetttozu] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nsprjg8z.exe ()
O4 - HKCU..\Run: [lwvmcxthqhp0a5b6rbtxwtnlzghgiqpkci1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\q2pz86hz7ckb.exe File not found
O4 - HKCU..\Run: [m25sryy5ycfddlnske08g9psyhr9yrf7eyme] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\gmqknj.exe File not found
O4 - HKCU..\Run: [m924grmrtqjjlsuxppscxmx4x8eg4jmumdun7c25x1rrgh] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bwyn69neiv9.exe ()
O4 - HKCU..\Run: [ma7tv6hsy8efex3xyqyt2ctwvd7pjqtas6vn570] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xy88jo.exe File not found
O4 - HKCU..\Run: [mbdgwdovzn6x4hg5] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\hh07haf4cht.exe ()
O4 - HKCU..\Run: [mhpr5gvdtmuz5uulhvlo5jeu1bdorfaklp6y] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\yw955k1ql7xv.exe ()
O4 - HKCU..\Run: [mif5ip7ca5s8vpzvnmpm4tvg357hf4ubehn] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qp33giw.exe File not found
O4 - HKCU..\Run: [mj46vm7k5vesv536oor] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\sklyh932z.exe ()
O4 - HKCU..\Run: [mjvfjgbbgs4eez07wub24dv19] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ibagbv.exe ()
O4 - HKCU..\Run: [mniq4vlghq9iq2es6pk] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\auykrdconls.exe ()
O4 - HKCU..\Run: [msmr6r500jxlsjwpq0v8jjgni8l] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e0k25uin2ht.exe File not found
O4 - HKCU..\Run: [mu8df6d450clwy7mw] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\v3rbs4d3bv.exe File not found
O4 - HKCU..\Run: [mxoconcz75vxsgj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qr9hbrv.exe ()
O4 - HKCU..\Run: [n4fuwbkz4k89csff10i1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fbn0vu.exe File not found
O4 - HKCU..\Run: [n9569wtl0ppxbc7t] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mkzgrm.exe ()
O4 - HKCU..\Run: [n9bar79pp8cylhjt9tnq4d0tjvjcwbjx0i42q5usegcxzm] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\o70fxz.exe File not found
O4 - HKCU..\Run: [neog2nm6lrduxd01l4mxsopw9y39k] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\yy5dp2p05a.exe File not found
O4 - HKCU..\Run: [nv4aa252pbx17gdh09rg7tnv8bx9yoy] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\oksau8btlam6.exe ()
O4 - HKCU..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
O4 - HKCU..\Run: [nwwlpnes0tqnoqri8h7e2g8x6k357i69fsa1haeg39bwnb] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\q4si8qke8309.exe File not found
O4 - HKCU..\Run: [nzrb4dq1zf6r0fnpg5mn38qe3p0] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ogsfvclnuyy.exe File not found
O4 - HKCU..\Run: [o44gqn3tbpm1iuvdbp] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\tli052w96y.exe File not found
O4 - HKCU..\Run: [o896ox4ir66ge69y2wqyblr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dtrn5g.exe ()
O4 - HKCU..\Run: [oc6ny7c1cjzdvf0wjtrmky] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\m13j697fobi.exe ()
O4 - HKCU..\Run: [odeeizlzty9rhg] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e7ar42de5vktn.exe ()
O4 - HKCU..\Run: [oh91k1dcr741gwfn2msz4pglg0ebuwz0uptv1wtu2v2q] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\p0thshbfn.exe ()
O4 - HKCU..\Run: [oqlk2l2n637beje7hqdsxa] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\x000nm50wqk9.exe File not found
O4 - HKCU..\Run: [ov07esgjorkahso78xgg9i82ontn2tb7abxjoeurzkq3e] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\utd3dvyqfdz6.exe File not found
O4 - HKCU..\Run: [ovv62ak4k2krobdrfm969hu9dg6yvtc75anjwdn3xx] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\m8lbuo54rnnhv.exe File not found
O4 - HKCU..\Run: [pb6co91oosy1zdd960u3uuesl] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xh9grmx1h.exe File not found
O4 - HKCU..\Run: [pd8uvf7dwqlcypuv9t2sja] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\l4saob8q.exe ()
O4 - HKCU..\Run: [pdwcszgalwl1xorgxmo0kvmhkvq85] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\axrn4tjfko.exe File not found
O4 - HKCU..\Run: [ph6fcnp86dgma4j9hrih1a0jitsgz01cii4zeikaai0tay0n] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qlqlddw3bn.exe ()
O4 - HKCU..\Run: [pkasllg3jo36o9rp52e85i1ocnq] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zozed4.exe File not found
O4 - HKCU..\Run: [ple82ed7lqb1v45k8olju7z4i09zqobvzhwkdmga] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\yr6l18hp.exe File not found
O4 - HKCU..\Run: [pspvspujnxq1b] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\q74g2j.exe File not found
O4 - HKCU..\Run: [pw4ijliykzw52f6nfofcbo31uq05nj4g8vt4dok8x] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e68n4jafg89.exe ()
O4 - HKCU..\Run: [q08dy0b3hvdj6zgkbu7c0xd84b26p6] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\tmha4s8ew.exe ()
O4 - HKCU..\Run: [q16aacqlp3b4yzegi3ei9y304dgm5vt83vyi4j3sebbq4qga1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\aw2g86jbgv.exe ()
O4 - HKCU..\Run: [q9jt4nim5gc7vivn9da9] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\s3iv7n.exe ()
O4 - HKCU..\Run: [qdnap8g1picqsq73fsi4350] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\q78jynmd7v7.exe File not found
O4 - HKCU..\Run: [qi8p9tgqurro6yxaqg570mf2anwkgw74hautm9zn9hfqv64hc] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\e5lp5geeuv.exe ()
O4 - HKCU..\Run: [qirw7z461d93wi6l6tt] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zib2si3c7zn8h.exe File not found
O4 - HKCU..\Run: [qm7qin7cpem34ld] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ugwdri1sok4r.exe File not found
O4 - HKCU..\Run: [qmh7dgkmlfqk9r2b9n62uc6] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jb2ca73ol.exe File not found
O4 - HKCU..\Run: [qsjs9f2vw8l4238bjvs] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\pzkgs5xd.exe File not found
O4 - HKCU..\Run: [r3l3p3jphva8mgqhnesawjzyzekprnqhxnrsdhz7edtasax] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qiri9xnd0ybat.exe File not found
O4 - HKCU..\Run: [r8q0ihzh14sg] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ty8ifdqgb.exe ()
O4 - HKCU..\Run: [rcqpwu19r15otxofngdqz7vw2im3734ihilwv8je4idwoout] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\cw7byw004st.exe ()
O4 - HKCU..\Run: [rdffz4tr027a1mxg8ogfok6vgwieux7slzc4lr4yq4mwvvcxk] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\i6bz36e.exe File not found
O4 - HKCU..\Run: [s3zol3brgu68ywe] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\kvpneed.exe File not found
O4 - HKCU..\Run: [s8p1wfvaaus6ve6jplojqufydtieo] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\k3n18xjrvvp.exe ()
O4 - HKCU..\Run: [se64mnhhudozny6iqitohjoi4x1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wtpws3ueg54yy.exe ()
O4 - HKCU..\Run: [sjy21xcs0kznr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\w7usox8sbw2z9.exe File not found
O4 - HKCU..\Run: [skb26gz0tbbhwtn8qxs90t7kr6wpory5ihwftr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\n15oh3grpp4l.exe File not found
O4 - HKCU..\Run: [slirxvat4vf0uusztagp5sdm06niy2spo7zkk8zny] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\s7ku19nf2.exe File not found
O4 - HKCU..\Run: [spyc6tcfbqy4o4b0fu2j1cxiz8vzizayis0t2il] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\k3odwymrlvp.exe File not found
O4 - HKCU..\Run: [szl2rkoz221cir] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\pigrcrn.exe File not found
O4 - HKCU..\Run: [t4aqup0wx5n1roaekv4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ms3meinrc12tw.exe ()
O4 - HKCU..\Run: [t7gh14qd8h6azktegajygsauic2313johwi8v1t0vl38tw] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\o4n4i03pknk.exe File not found
O4 - HKCU..\Run: [t7kh6k2pz3krynj2ytpchyd84z5xq7c6uo5gqst4nij9i99] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fmpw1h4ou.exe File not found
O4 - HKCU..\Run: [t9rvqe579j7jr6qjb8r2626n] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zuyaenue6wknz.exe File not found
O4 - HKCU..\Run: [ta3p5ull1082ibe8] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\han2j1fn.exe ()
O4 - HKCU..\Run: [tag96jnvq68hheuhe2a17hm6plgagf4i] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bbrpanrtw.exe ()
O4 - HKCU..\Run: [tgszmuqvbphthnc514bw] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\guktlucuvbkpj.exe ()
O4 - HKCU..\Run: [tjxsyvfrvhisv1vy78j9e004bvzt6mo1vrkytxvg] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\unsrpl6o.exe ()
O4 - HKCU..\Run: [tr04fpfpx2wgy2yb8tcuq1yrh10m] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\j3ie6u.exe File not found
O4 - HKCU..\Run: [ttd8drzwqlp87t1y2czxtis62jhudj92w5s3] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rnrgzyg0z2d6e.exe File not found
O4 - HKCU..\Run: [tv3t6tlojwg6e0ibf26u1vhpxyz07u7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\m9a670g.exe File not found
O4 - HKCU..\Run: [twpr0k1pe74ku69en0cqmmvf] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\icmvkfi30dfo3.exe File not found
O4 - HKCU..\Run: [u0ppay0i58hcukeptgal2otgd0e81] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\vz7eobd18.exe File not found
O4 - HKCU..\Run: [u261yie3ve0stl7yatcptaihar9jrf3o03cla9mebcbpl82] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\xacypojmb2vun.exe File not found
O4 - HKCU..\Run: [u8oolgn8pr5ehbqvbv4f4rdevc6cuingd9iqtuv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\pc96d2c.exe ()
O4 - HKCU..\Run: [ug1d82lr8hu2fumeb094ld1fpcmtd4] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ot02s351ce4i.exe File not found
O4 - HKCU..\Run: [uggyw3ktjxcxewkv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jwemmes0tbr.exe ()
O4 - HKCU..\Run: [uij9wxhhei8csqkh] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\z0we8053xd.exe File not found
O4 - HKCU..\Run: [umklltfjikkk8jedjrwnxrg89w8ub4a5sv] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\pgpgxl3o1j6k3.exe File not found
O4 - HKCU..\Run: [uqlwbpbstp4r4wmxxlg9k6w1qhgfugz6y05vsiqc7ngc6df] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zohgkxc.exe ()
O4 - HKCU..\Run: [uqrdkxechkixump] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\whp9qg.exe ()
O4 - HKCU..\Run: [uv36g77u7l7dncw18x] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\civx6w.exe ()
O4 - HKCU..\Run: [ux1vwylpmqh8swdzi836cs5yoe7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ywuoq8io3by.exe ()
O4 - HKCU..\Run: [vlxr33n9cly5kr2koy43lb0z114] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rcvk3st5.exe File not found
O4 - HKCU..\Run: [vn297l0twzmn9nzhp08kb79zz8ndb4ea7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wmavklrq8vit.exe ()
O4 - HKCU..\Run: [w5o1c3upnjxvkfyqmxo8s5wxfk9qkrf2uc1roc] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\sa3ejksbmdr.exe File not found
O4 - HKCU..\Run: [w6hcgivvg0xgzei] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qf03jbg0h.exe ()
O4 - HKCU..\Run: [wcqaoe1nd42btwuxhm25r] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dlu8cevyg91nz.exe File not found
O4 - HKCU..\Run: [winlogon] C:\Documents and Settings\Administrator.EXPERIEN-AFC008\svchost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [wuykcqvgul4in0e8o4a] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ygpxye1mjjv91.exe File not found
O4 - HKCU..\Run: [ww28a99b5tb] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\aldhn06708.exe ()
O4 - HKCU..\Run: [wzhwy4p4gy0j92c5e7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nidtheb.exe File not found
O4 - HKCU..\Run: [wzpefd6ojz3mvb3] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\mgo0s5as.exe ()
O4 - HKCU..\Run: [x20iaotae3ms0ngieswe55xx6nxi] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\un8rbqa1jju.exe File not found
O4 - HKCU..\Run: [xibcrrl8wrg6wz] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\itkhp2ubkxm.exe ()
O4 - HKCU..\Run: [xiyhqlp3uah3rjfmv3vv1bf3c1nbuagjmup0he0le0vsh1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\zihfvqdc3.exe ()
O4 - HKCU..\Run: [xuf7rzqh5lmfh0d0k] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\j7frejq1we.exe File not found
O4 - HKCU..\Run: [xupjh69t4cfnh9rismagb0qzfctn5hcwnp19] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\sajx5p.exe ()
O4 - HKCU..\Run: [xxft24dse6n5lwowkp] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\twyecma.exe File not found
O4 - HKCU..\Run: [xyofjb3udv4m5] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\or93yn1.exe File not found
O4 - HKCU..\Run: [y43zbh99alr5d1i74xci2hk8dc25jwxysln9req2308v5q] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\nifc22.exe ()
O4 - HKCU..\Run: [y5jsyqdn4oydhkiolt] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\i94bgz9.exe File not found
O4 - HKCU..\Run: [y6sefixt86pgtr] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\dlf02j0.exe File not found
O4 - HKCU..\Run: [yf1d04lg9f0wcmb3p9w4vttdukbd4qpdea6juntj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\qgzq5z4.exe ()
O4 - HKCU..\Run: [ynnk7kqr8g2s6v4zw60gyn5nlexq5f3] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\vpz0iww3roib1.exe ()
O4 - HKCU..\Run: [ysx6pj7majzw2kwddg] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\vnb60lrn.exe ()
O4 - HKCU..\Run: [yxiui9nqwuglnmohgn5dzg3dg9m7ncqopfchpbquqm3egx1] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\jwgjhrxs9rkr.exe File not found
O4 - HKCU..\Run: [yzsj59qaso63lxlb] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\peshtoxi5c.exe ()
O4 - HKCU..\Run: [z62520m6yq917s1m0eivzqf8a7] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\ynu0ek239hrz.exe ()
O4 - HKCU..\Run: [za2hbdtlgm22nk5fir96q82sa5z3] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\bd9qmgr3mc.exe File not found
O4 - HKCU..\Run: [za3i4kclfziyf3ue90wd] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\rdxo3bw4tsw.exe ()
O4 - HKCU..\Run: [zf7j2p3l8wtznbr0ad0wovlp] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\pmhk0hcexe4.exe ()
O4 - HKCU..\Run: [zh635rcey9egfmqizpymljf8uak] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\fuomj1u0tcmln.exe ()
O4 - HKCU..\Run: [zjgfe82cbnp8i2rztzk9z77z8u60efurlb7gb8wjny] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\wz2gp6t2.exe File not found
O4 - HKCU..\Run: [zouidpmnem3eur688wizd0hsuzx65e5qoethiuw2coqj] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\slt2rqp0jn.exe File not found
O4 - HKCU..\Run: [ztn3ybklmqbmyb4fw] C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\lni1ta1gus.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1


:Files
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\envqjno3.exe 
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\tmha4s8ew.exe 
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\fuomj1u0tcmln.exe 
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\e68n4jafg89.exe 
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\dtrn5g.exe 
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\vnb60lrn.exe 
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\qjuzd54ru.exe 
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\ybd05tsen77.exe 
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\p0thshbfn.exe 
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\ms3meinrc12tw.exe 
C:\Documents and Settings\Administrator.EXPERIEN-AFC008\Local Settings\Temp\gh0kk66bvxm.exe 
C:\Documents and Settings\All Users.WINDOWS\Documents\NetBIOS Cracker.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\UT 2003 KeyGen.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\Counter-Strike KeyGen.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\L0pht 4.0 Windows Password Cracker.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\AOL Instant Messenger (AIM) Hacker.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\IP Nuker.exe
C:\Documents and Settings\All Users.WINDOWS\Documents\Windows Password Cracker.exe
C:\itamcndf.exe
C:\xuli.exe
C:\WINDOWS\System32\uniq.tll
C:\ujbptob.exe
C:\-329389833
C:\jttgds.exe
C:\pfkik.exe
C:\cxfagn.exe
C:\WINDOWS\Vsayupuwowo.dll
C:\cwxwwgtl.exe
C:\WINDOWS\System32\pyuketyh.dll
C:\WINDOWS\System32\shqslyoi.dll
C:\WINDOWS\System32\SYIkQqss.ini2
C:\WINDOWS\System32\SYIkQqss.ini
C:\WINDOWS\System32\ssqQkIYS.dll.vir
C:\WINDOWS\tasks\jasosqcp.job

:Commands
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
===============
After that Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
ydt89
Posted 26 February 2009 - 04:39 PM

ydt89

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The OTlListIt File is attatched.
It appears all of the unknown process that were running no longer do. :) Thanks ^_^;
Combofix wouldnt run for me.. Not sure why. I attatched a screen shot of the issues as well.

Attached Thumbnails

  • hmmm.jpg

Attached Files


  • 0

#8
kahdah
Posted 26 February 2009 - 05:29 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Delete your version of Combofix and do the following:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

  • 0

#9
ydt89
Posted 26 February 2009 - 07:55 PM

ydt89

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Still getting same error with Combofix even after renaming. Hijack this log attatched.
I also noticed I can't get to google at all.. Or any google services suddenly, when looking at the hijack this log I saw google in there many times. Is this something to do with this? Thanks.

Attached Files


  • 0

#10
kahdah
Posted 27 February 2009 - 05:59 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

I also noticed I can't get to google at all.. Or any google services suddenly, when looking at the hijack this log I saw google in there many times. Is this something to do with this?

You have a badly infected machine I am surprised it turns on anymore.
=================
Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the C:\Drive. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum.
==============
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

Advertisements

#11
ydt89
Posted 27 February 2009 - 06:11 PM

ydt89

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Requested logs are attached

Once again thanks again for all the help. I already see a vast improvement.

Attached Files


  • 0

#12
kahdah
Posted 28 February 2009 - 06:47 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Very good please run Otlistit2 again with the same instructions as before and attach those logs.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please attach the files, one at a time, and post it with your next reply.

  • 0

#13
ydt89
Posted 03 March 2009 - 04:18 PM

ydt89

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
here you are :)

Attached Files


  • 0

#14
kahdah
Posted 03 March 2009 - 09:32 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the contents of the attached .txt file
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.


  • 0

#15
ydt89
Posted 03 March 2009 - 10:29 PM

ydt89

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Log is attached ^_^

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP