Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Laptop Is Possessed! Multi rogue security apps [Closed]


  • This topic is locked This topic is locked

#1
velarie2112

velarie2112

    Member

  • Member
  • PipPipPip
  • 106 posts
I have an older HP laptop running Win XP Pro, SP3 that is seriously infected and it is critical that I recover some personal data from it.

It seems that there are multiple rogue security programs installed. Additionally I have identified two trojans (Trojan.Agent/Gen-6TO4EX and Trojan.Agent/Gen-Virut[Infected]) and a possible email worm. Due to the presence of these malicious items, I absolutely refuse to connect the system to the internet just yet. To make things even more interesting, every tool I install on the machine, is literally shutdown while scanning and then completely disabled by the malicious items. This is so over my pay grade, lol.

STEPS I'VE ALREADY TAKEN:
When I boot the laptop one of the first errors to pop up, is a system-looking error that says I have Worm.Win32.NetSky infection, but when I looked this up on Symantec's website it seems that this really indicates rogue security software. Eventually the system will also produce an error for TrojanSPM/LX, which I also believe is rogue security software. In additional to these popups, there is an app running in the system tray that tries to get me to download spyware removal software every three minutes and the desktop background was hijacked and replaced with an image telling me that there are multiple security issues with my system and it has been disabled to protect my data. Awesome! I also get a DLL error every time I boot - c84h1m.dll.

The first problem I had to deal with was the 23,000+ Symantec Tamper Protection Alert notifications which were preventing the OS from fully loading. I disabled Symantec antivirus and then tried to uninstall it. It would not uninstall giving me an error that either the system was running in safe mode (which it was not) or the Windows Installer component is corrupt. At this point I disabled all services besides essential MS services through msconfig.

When I took a look at the startup items I found additional problems. There were seemingly several hundred entries that mocked the file names of actual windows processes, but originated from my documents folder instead of the windows folder. I disabled all of these and after that point have only booted the laptop with selective boot. However, at some point later I checked the startup items list and new ones had been generated. I also found multiple instances of yxxa.exe in the startup items and disabled all of them.

While in safe mode I was able to remove Webtop Soft's Antivirus 2010, CleanUp! which was reported as infected, and Index Dat Spy which was also reported as infected. I booted normally ran TFC and removed 1.6GB of temp files and the system loaded better and produced fewer errors after reboot.

Errors that have been reported:
Worm.Win32.NetSky by unknown
TrojanSPM/LX by unknown
c84h1m.dll by system
Explorer.exe by system
Memory could not be written and Data Execution Prevention by system
verclsid.exe failed to initialize
MOM.exe application error
Window Installer won't run
smss.exe
q8xpb6n5 .exe
CCC.exe
Virtual Memory Minimum Too Low

The biggest issue is that through all this process I have no access to a command prompt (and yes I've tried to initiate it 4 or 5 different ways, finally I browsed to system 32/cmd.exe and clicked which produced an error that the path was invalid, lol)and I have no access to task manager. I can only get to msconfig.

After removing the temp files I attempted to start cleaning the system. First I tried to run AdwCleaner as admin. It ran and showed five suspicious files in a documents folder named 'uninstall.exe', but the program hung up and didn't seem to finish. So I tried to run it again and it found nothing. Next I tried to run JRT as admin, but it wouldn't run at all giving me an error that the application cannot be executed, I'm assuming because cmd.exe has been disabled.

Next I attempted to install MBAM, but I received an error that I didn't have permission to create directories in the Programs folder during the installation. Aborted. Created new directory directly under C: and then installed the software there. It installed successfully and I initiated a quick scan. The scan ran for just over 17 seconds still in the 'enumerating registry objects before scan' phase and then the interface spontaneously closed itself. When I tried to run the program again by clicking the desktop shortcut, it produced an error that the path was invalid. I browsed to the actual location on the drive and tried to open MBAM.exe. I received the same error that the path was invalid. I uninstalled MBAM and then reinstalled it. This time it ran just over 60 seconds before closing itself. I received the same invalid path error when trying to run the program by clicking the desktop icon again. Forced reboot.

Finally I visited the GTG site and ran all three versions of GTG OTL. Each version would run for a couple minutes and then spontaneously shutdown. Ran rkill.exe. Log saved. Installed fresh copy of MBAM again and initiated quick scan. This time it ran for almost 5 minutes before shutting down. Run rkill with another file name. It encountered a problem and had to close. Run VIPRERescue. Ran for almost 5 minutes, was listing results and then shutdown. (Please note that this is the only tool capable of accessing a command prompt.) No log. Reboot. Install SAS. Couldn't create necessary directories. Change install location and try again. SAS identified two trojans before spontaneously shutting down.

Used SAS alternate start. Identified:
Trojan.Agent/Gen-6TO4EX
Trojan.Agent/Gen-Virut[Infected]
Ran for over 30 minutes, identified the above trojans, and then spontaneously closed.

Every where that I state it gave me an invalid path error actually means = "Can not access the device, path, or file. You may not have the appropriate permissions to access the item." Every tool I ran was transferred to the laptop via USB jump drive. I am concerned about infected my good laptop I'm using to download tools jumping the drive back and forth. Please advise.

So I can give you a AdwCleaner log, but that's it! Any assistance I could get would be greatly appreciated.

Your move GTG . . .
  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Welcome to GeeksToGo, velarie2112

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

I will come back with further instructions later.
  • 0

#3
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Thank you. Awaiting instructions.
  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Whoa. Nice infections. :)

So I can give you a AdwCleaner log, but that's it! Any assistance I could get would be greatly appreciated.

Please do so.

Ran rkill.exe. Log saved.

Please post also that log.

Trojan.Agent/Gen-Virut[Infected]

Doesn't sound good. We can only hope there's no file infector, but the symptoms shows that.

Anyway, let's start.

 

  • Step 1: Boot Into Safe Mode

  • Save any work and close all open windows
  • Restart your computer
  • When your computer has shutdown and is just starting to boot again (on the BIOS screen that usually has the manufactures logo on it) press F8
  • Using the arrow keys, select Safe Mode with Networking and press enter

  • Step 2: OTL

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    winsock.*
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      Posted Image

    • Click the box beside Scan All Users at the top of the console
    • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop.
    • Please copy the contents of these files and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
  • Please do the same for the Extras.txt
[/list]
  • 0

#5
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Here are the AdwCleaner and rkill logs. No OTL log. When I try to copy a new version to the desktop I get an access denied error. If I try to run the old copy I get an invalid file path. I continue to get the malicious pop ups even in safe mode.

Attached Files


  • 0

#6
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Please download and burn the file(s) on a clean machine, make the scan on the infected computer.

First,
  • Download here to your Desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to the CD

Next,
  • connect the USB Flash Drive
  • Download FRST and save it to the root of the USB Flash Drive.

Next,
  • Reboot the "bad computer" using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • When you see a message with Starting REATOGO-X-PE connect the USB Flash Drive
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  • After fully load your system should now display a REATOGO-X-PE desktop.
  • Double click the My Computer Icon, next open the drive corresponding to your flash drive
  • Execute FRST by double clicking on the icon Posted Image
    (When the Tool opens for the first time you must click Yes on the disclaimer.)

Posted Image

  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the Tool is run from.
  • Open the Start Menu and click Shutdown to close the REATOGO-X-PE
  • Insert the Flash Drive on the working computer, then locate and open the FRST.txt log
  • Please copy and paste the log contents to your post.

  • 0

#7
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
I'm starting to feel like I have a ghost in my machine. It successfully booted from the CD and started loading the REATOGO-X-PE. Shortly after the gray status bar made it completely across the screen, the machine shutdown. Now, despite the fact that BIOS is set to boot from CDROM, it skips it and loads from the hard drive. Did it three times. Each time I verified that BIOS was still set to load from CDROM.
  • 0

#8
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Start again in SafeMode. We can hope that FRST runs in SafeMode. Please do the steps below in Safe Mode with Networking.

Farbar Recovery Scan Tool (FRST)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it.
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0

#9
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
As soon as I opened the program I got an application error, but when I closed the dialog FRST started to run. However, it did also shutdown unexpectedly. Here's the FRST log. No additions log.
*******************************************************************************
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2014
Ran by Administrator (administrator) on JPRICELAP on 05-02-2014 13:02:29
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

ATTENTION: If processes are not listed WMI should be repaired.


==================== Processes (Whitelisted) ===================



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [MKayc] - C:\WINDOWS\csrss.exe
HKLM\...\Run: [MKeuf] - C:\WINDOWS\spoolsv.exe
HKLM\...\Run: [MKfsc] - C:\WINDOWS\winlogon.exe
HKLM\...\Run: [MKcuc] - C:\WINDOWS\lsass.exe
HKLM\...\Run: [MKeta] - C:\WINDOWS\services.exe
HKLM\...\Run: [MKdw+] - C:\WINDOWS\nvsvc32.exe
HKLM\...\Run: [MKfa] - C:\WINDOWS\win.exe
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe [95148 2010-09-28] () <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [smss32.exe] - C:\WINDOWS\system32\smss32.exe [18944 2010-09-30] ()
HKLM\...\Run: [Scheduler] - C:\WINDOWS\SMINST\Scheduler.exe [94736 2014-01-30] ()
HKLM\...\Run: [Reminder] - C:\WINDOWS\Creator\Remind_XP.exe [94736 2014-01-30] ()
HKLM\...\Run: [Recguard] - C:\WINDOWS\Sminst\Recguard.exe [94736 2014-01-30] ()
HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [94736 2014-01-30] ()
HKLM\...\Run: [Cpqset] - C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [94736 2014-01-30] ()
HKLM\...\Run: [CognizanceTS] - C:\Program Files\HEWLET~1\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [94736 2014-01-30] ()
HKLM\...\Run: [HPHmon06] - C:\WINDOWS\system32\hphmon06.exe [622592 2004-12-16] (Hewlett-Packard)
HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe [172032 2004-11-24] (HP)
HKLM\...\Run: [MKeufla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9] - C:\WINDOWS\spoolsv.exe
HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\winlogon32.exe
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
Winlogon\Notify\OneCard: C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 1
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\COMMON~1\Microsoft Shared\DW\dwtrig20.exe [94724 2010-09-26] ()
HKU\.DEFAULT\...\Run: [MKetWgg0] - C:\WINDOWS\services .exe
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvgggggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqgggggggggggggggggggggggggggggggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqggggggggggggggggggggggggggggggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe [95148 2010-09-28] () <===== ATTENTION
HKU\.DEFAULT\...\Run: [HNUtcHXlqvggggggggggggggggggggggggggggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKU\.DEFAULT\...\Run: [smss32.exe] - C:\WINDOWS\system32\smss32.exe [18944 2010-09-30] ()
HKU\.DEFAULT\...\Run: [SE11] - C:\Program Files\SecEss\SE11.exe
HKU\.DEFAULT\...\RunOnce: [TSClientMSIUninstaller] - cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
HKU\.DEFAULT\...\RunOnce: [TSClientAXDisabler] - cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
HKU\.DEFAULT\...\Policies\system: [DisableRegistryTools] 1
HKU\.DEFAULT\...\Policies\system: [DisableTaskMgr] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 1
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Run: [smss32.exe] - C:\WINDOWS\system32\smss32.exe [18944 2010-09-30] ()
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Policies\Explorer: [NoSetActiveDesktop] 1
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\MountPoints2: E - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
AppInit_DLLs: APSHook.dll => C:\WINDOWS\system32\APSHook.dll [70144 2007-02-25] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Documents and Settings\Administrator.IDI\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\jprice\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\jprice\Start Menu\Programs\Startup\palmOne Registration.lnk
ShortcutTarget: palmOne Registration.lnk -> C:\Program Files\palmOne\register.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...d=smb&pf=laptop
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...d=smb&pf=laptop
SearchScopes: HKLM - DefaultScope value is missing.
BHO: C:\WINDOWS\system32\rpk5dkg.dll - {B1BA40A1-75F2-51BD-F313-04B03A2C8953} - C:\WINDOWS\system32\rpk5dkg.dll No File
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll No File [ ]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\AdwCleaner\newsas\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog9 01 C:\WINDOWS\system32\helpers32.dll [25600] ()
Winsock: Catalog9 23 C:\WINDOWS\system32\helpers32.dll [25600] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
  • 0

#10
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Wow. Hopefully we get that fixed. You have several infections (Trojan.Scar, Some Rogues, etc.). I'm coming with a fix later. (Is this the full log?)
  • 0

Advertisements


#11
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
I don't know if it's the full log. FSRT shutdown before it was done running, and there's no additions log, so probably not.

I certainly appreciate your assistance. I've never encountered anything so nasty before.
  • 0

#12
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
OK, you should see a FRST.txt on your Desktop. Compare this file to what you have posted. Is there any difference? If yes please post.
  • 0

#13
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Yes, the full text of the log was cut and paste into the post. That is everything that was generated.
  • 0

#14
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Full Log

Attached Files

  • Attached File  FRST.txt   94.63KB   44 downloads

  • 0

#15
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
OK :thumbsup: Well done so far. I heard you had one time Nutloaf as helper? He is an online friend of me. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP