Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page abcsearch4u infection...please help
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
 
LinkBack Thread Tools
Old 05-27-2005, 07:29 PM   #1 (permalink)
Registered User
 
Join Date: May 2005
Posts: 3
OS: XP pro


abcsearch4u infection...please help
I've used all the tools to my knwoledge..but when I run a hijack this scan they all come back...so I'm probably missing a step...here is my current log....

Logfile of HijackThis v1.99.1
Scan saved at 8:17:27 PM, on 5/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
D:\NEWFOL~1\SsAAD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\111352~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\COMMON~1\AOL\111352~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\soxfykb.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Palm\HOTSYNC.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1113524559\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] D:\NEWFOL~1\SsAAD.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ufdfrdv] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [onkuwcb] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [aqmwmva] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [gwlwgxq] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [hkjrcql] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [wstedxy] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [gyrhyjj] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [lewvlum] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [mtsmgwg] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [tgvjaor] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [jircxrb] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [flwjbxi] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [byorkve] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [iaoafnt] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [oddvkpf] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [esvddgt] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [lcoxjjq] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [tlvusnf] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [spfjtpg] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [tstjkby] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [xqlsavg] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [rpchedx] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [talcuto] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [fldgghl] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [wkoehim] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [bvycyxk] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [vgnsdtj] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [wmlgxet] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [wnqckgh] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [pbymmjo] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [jbrmerd] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [ipasqhc] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [aimrcow] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [xijtfrj] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [huqonam] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [qanhcna] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [yfrvtqm] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [pcorduj] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [hngsyrt] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [pcwefxd] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [fsersct] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [mwawoms] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [yubltut] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [riuvptu] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [gnbvgwu] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [paohtwq] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [epxmplr] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [hkuseok] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [yjxjrrb] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [iqolkqd] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [pxdanpy] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [iwywhnm] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [txbvcla] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [gsrwdwg] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [bvfrdwk] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [qovfufb] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [leamrkt] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [bihcbdu] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [vpojyfc] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [nlufllr] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [ktwgaxw] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [kchefhs] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [kgqeslb] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [lxecgsu] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [nqpwqed] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [cuqlvmm] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [yjkoego] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [rijjydd] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [wkfejuv] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [vdrgcos] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [pqrrgov] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [qvnrqug] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [chmcxsi] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [iirlxxn] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [gsrkvig] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [nbvgssu] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [tsfccqi] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [bydjhdv] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [luksuhs] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [jpcxalg] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [xardnym] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [hljesoa] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [lfcqvok] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [wxyjlty] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [pdfwthr] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [cywvrig] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [cjsqnkx] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [rypihhy] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [fbteexq] c:\windows\dxdpqas.exe
O4 - HKCU\..\Run: [dwrebob] c:\windows\etpcmot.exe
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/336//main.chm::/update.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...ploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
DJPhroggy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 05-28-2005, 02:07 AM   #2 (permalink)
TSF Enthusiast
 
blackduck30's Avatar
 
Join Date: Sep 2004
Location: Wollongong/Australia
Posts: 4,230
OS: XP pro SP3/Vista Ultimate

My System

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.
__________________
Blackduck30
Time is like money and milk, It's always running out

Any Donations Help Keep TSF Free For All
blackduck30 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-28-2005, 02:42 AM   #3 (permalink)
TSF Enthusiast
 
blackduck30's Avatar
 
Join Date: Sep 2004
Location: Wollongong/Australia
Posts: 4,230
OS: XP pro SP3/Vista Ultimate

My System

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download CWShredder at http://www.greyknight17.com/spy/CWShredder.exe and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/Cleanup.exe ) and install it. We will use this later.

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click 'Kill process' for each one if they are still listed (they shouldn't be - but double check):

C:\windows\soxfykb.exe

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/index.htm

O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O4 - HKCU\..\Run: [ufdfrdv] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [onkuwcb] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [aqmwmva] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [gwlwgxq] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [hkjrcql] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [wstedxy] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [gyrhyjj] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [lewvlum] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [mtsmgwg] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [tgvjaor] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [jircxrb] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [flwjbxi] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [byorkve] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [iaoafnt] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [oddvkpf] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [esvddgt] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [lcoxjjq] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [tlvusnf] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [spfjtpg] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [tstjkby] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [xqlsavg] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [rpchedx] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [talcuto] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [fldgghl] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [wkoehim] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [bvycyxk] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [vgnsdtj] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [wmlgxet] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [wnqckgh] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [pbymmjo] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [jbrmerd] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [ipasqhc] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [aimrcow] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [xijtfrj] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [huqonam] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [qanhcna] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [yfrvtqm] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [pcorduj] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [hngsyrt] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [pcwefxd] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [fsersct] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [mwawoms] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [yubltut] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [riuvptu] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [gnbvgwu] c:\windows\soxfykb.exe
O4 - HKCU\..\Run: [paohtwq] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [epxmplr] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [hkuseok] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [yjxjrrb] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [iqolkqd] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [pxdanpy] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [iwywhnm] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [txbvcla] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [gsrwdwg] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [bvfrdwk] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [qovfufb] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [leamrkt] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [bihcbdu] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [vpojyfc] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [nlufllr] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [ktwgaxw] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [kchefhs] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [kgqeslb] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [lxecgsu] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [nqpwqed] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [cuqlvmm] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [yjkoego] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [rijjydd] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [wkfejuv] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [vdrgcos] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [pqrrgov] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [qvnrqug] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [chmcxsi] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [iirlxxn] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [gsrkvig] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [nbvgssu] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [tsfccqi] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [bydjhdv] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [luksuhs] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [jpcxalg] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [xardnym] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [hljesoa] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [lfcqvok] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [wxyjlty] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [pdfwthr] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [cywvrig] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [cjsqnkx] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [rypihhy] c:\windows\kshrgxo.exe
O4 - HKCU\..\Run: [fbteexq] c:\windows\dxdpqas.exe
O4 - HKCU\..\Run: [dwrebob] c:\windows\etpcmot.exe

O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102/336//main.chm::/update.exe


Delete the following Files/Folders in RED (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

c:\windows\soxfykb.exe
c:\windows\kshrgxo.exe
c:\windows\dxdpqas.exe
c:\windows\etpcmot.exe

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Reboot into Normal Mode run a new HijackThis scan. Save the log file and run KRC HijackThis Analyzer http://www.greyknight17.com/spy/KRC...%20Analyzer.zip in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply.
__________________
Blackduck30
Time is like money and milk, It's always running out

Any Donations Help Keep TSF Free For All
blackduck30 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-28-2005, 05:11 PM   #4 (permalink)
Registered User
 
Join Date: May 2005
Posts: 3
OS: XP pro


HJT Analyzer results
followed your instructions..here's the resulting log file



====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 6:07:13 PM, on 5/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\111352~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\111352~1\EE\AOLServiceHost.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1113524559\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [featwpk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cndjkwx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kqdlnlh] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gnyuxeb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xhfyyql] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vjcuqra] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xkkyvap] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [siwefbj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bieqins] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ehslmav] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yocaffc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fretguj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qgyxofr] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nutoumq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ausbgcl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [eriiutf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [abolfss] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fuupbhb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [wrbigfm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qnsnjvv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bulcugd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [lrfrpku] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [lcwtlxs] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jkluoyx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sxtstky] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dnyngax] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rhdojon] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kxftsfs] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mjesohd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cmuxqkm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ieqwmoa] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mfkcexd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sssydre] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [psyrrgp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hihmlsw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ncvftyo] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gmydmlf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [usexaxn] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dmroqko] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yfxwhww] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pfrrbld] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cmpfmmh] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hiigqnw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ikjyxfk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qrcmbvc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qqwwkbu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vcnlodg] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nskbqjr] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xgljbjv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ttwahvv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [siclmcl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ktjereq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [crgykjm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ljuuymx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [doppysp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dpwpyti] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jsciobl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qgyohbf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [daeeoue] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [phvinca] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xdmrorj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vswhjlm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ydhqbqt] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [avcvytb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mtbypve] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [lpdfdjc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [oobwylh] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [blpywks] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nxgsgkv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gngsttx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xoundmp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [quhhkwl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ylhocym] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [retwbrf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pvfqwer] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dcaajmj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jwhcyvd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ridfwuq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [degruim] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vhlobyo] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mwbjpkv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qemgsjc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kfyvvjw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nhdllwv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [tbxtyfo] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [emvlynu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fxpbalo] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qgfpsst] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rkyppca] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [itxrlme] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [oqmjpta] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [copmqen] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fkssgnq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [iiyytop] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hiuxwom] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [idtledw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hhejfrs] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [otxgvps] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fqvngnw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bpsopae] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [edrurqc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ovexlyb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xkqfwrs] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [lpajgbc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yabvjrb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xwnshwb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [akcdbyy] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vqnjufv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bjfvtho] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dxffvmb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kwtcqdf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vrmxupx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mblbtla] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [tsuomcf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [coakoxi] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ebnsxnd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [klcqvxd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ahbjfjk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hytiemp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qtjsqvk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nxobvfx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dqaatnf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dllbrkp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [apyrmxw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qslxbws] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vmusjnt] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vmccruf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [emktqau] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xidtvvc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [wwoxwdw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jvbfmuh] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qltlfjl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jpxlejq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gvpfpiu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sucyqkx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cxccrjy] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jabduhc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sjbwgjd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mghmiwg] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [oyknpwm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bqkuwjf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kpxptwx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [exybuwj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gjnyrhy] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [srsakep] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [accephn] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sqqwvqg] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nxbolrc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hkipoqw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jufgesm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [wlxvffs] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [unjaoeh] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sjahgyk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [wqnuinq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [uqmaynl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pkmjixr] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [opikjxi] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xhcfscu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fkykcsv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fibuenx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fwbrnal] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ipimihy] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [akytvfw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cuecyxf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mxotfrh] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rrjitqa] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [unyccaf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [efnjnxe] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bjlyjlv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ygppxku] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [drfnwsb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nxexbcw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rgobter] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xpydfuc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [aesvxay] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [psmtocs] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [axcuofu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ivphcfk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ktffvmd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [uteiiui] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [slgtnop] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [shytlka] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pdyysbx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [txfhgrp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bskwrds] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pirherw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rpwdpcb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [atpbmrp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fnxgque] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [axoekao] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xvhgvrl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dcpnppj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yadtdvc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [uoleeig] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gqabmqf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mqkxggc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vofuest] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [iodynqn] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [tjeywwo] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [lvhforv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sfiyyto] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qeldlhl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yyfexmt] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xlhalhq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [frhsvxv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cycmtyl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mhwurxb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sekefyi] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [erpccfx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rrobaef] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ffcerhn] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [eolovlm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bcngdua] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [muerpft] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xtuylje] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gjvqoll] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [havldhd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fktqjih] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [uncfvau] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [krvefre] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ycwnirb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [lobiady] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [npayody] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pbdxqhf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [asjooxg] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [glcdlnf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dunvpbt] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cvbkivr] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rcnsnru] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [onqvldg] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dbnxrmy] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ofinprd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gmvtmwl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [quupugl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [djqepay] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [wlggcal] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ymewmsj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kwcjafu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dciiuan] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gchgkyx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ackixue] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yggtmlj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [eeppqxv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [tdhsiee] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nvtcvnw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dnmreur] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mffebom] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xhiyglw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hhmoncv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [plybxrf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fskcudi] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yyrevmb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [btuivsq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rhfkaev] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pkwvylk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hspwfqp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cayrtxd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pvpphed] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rewckga] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ahmbngp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jycnrre] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [wurrbvc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mkyggel] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fssjkab] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kgdvxmu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xsxhdpd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [oexkdfe] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ptocitu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [geupfsa] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gmpnlgd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nkxsxql] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [uvcwadq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hbpfaqt] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dfwpmhe] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [iaeivkq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ukgfbka] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mgokbvx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [aprnrcp] c:\windows\etpcmot.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...ploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


End of KRC HijackThis Analyzer Log.
====================================================================
DJPhroggy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-29-2005, 03:28 AM   #5 (permalink)
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Download Silent runners.Vbs http://www.silentrunners.org/
1. Make sure you have any script blocking software disabled
2. Run the program. It will take a few minutes to complete.
3. Once complete it will produce a log named “StartupPrograms” with Your user and date in the filename. Open that txt file and posts it contents in your next post.

Download and install CleanUp http://cleanup.stevengould.org/

Download Rkfiles.zip http://skads.org/special/rkfiles.zip
UNZIP the contents to a permanent folder on your desktop.

Download the following attachment remv3.zip http://forums.skads.org/index.php?showtopic=80
Make a folder on the root drive C:\ and unzip the files into it

Now run the Cleanup utility and reboot/logoff when prompted.

REBOOT TO SAFE MODE… These tools MUST be run in safe mode!!
Once in safe mode…

Double click rkfiles.bat
It will scan for a while, so please be patient.
Wait till the dos window closes.
Open the C:\log.txt it created and rename it log1.txt.

Now Open the folder were you saved remv3.zip files and click the rem.bat file and let it run. It will delete the files and remove the infection and then make a log of the files it finds. The log file will be C:\log.txt and bad1.txt

**Note** Each tool uses log.txt as it’s output file so make sure you save the entry’s from one tool before running the other as it will overwrite the file if you don’t.

Reboot back to normal mode and post the contents of both the log.txt and log1.txt in your next post along with the silentrunners log.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-30-2005, 10:50 PM   #6 (permalink)
Registered User
 
Join Date: May 2005
Posts: 3
OS: XP pro


Ran the programs and here are the 3 resulting log files...

"Silent Runners.vbs", revision 37, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = (no data)
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
"featwpk" = "c:\windows\etpcmot.exe" [file not found]
"cndjkwx" = "c:\windows\etpcmot.exe" [file not found]
"kqdlnlh" = "c:\windows\etpcmot.exe" [file not found]
"gnyuxeb" = "c:\windows\etpcmot.exe" [file not found]
"xhfyyql" = "c:\windows\etpcmot.exe" [file not found]
"vjcuqra" = "c:\windows\etpcmot.exe" [file not found]
"xkkyvap" = "c:\windows\etpcmot.exe" [file not found]
"siwefbj" = "c:\windows\etpcmot.exe" [file not found]
"bieqins" = "c:\windows\etpcmot.exe" [file not found]
"ehslmav" = "c:\windows\etpcmot.exe" [file not found]
"yocaffc" = "c:\windows\etpcmot.exe" [file not found]
"fretguj" = "c:\windows\etpcmot.exe" [file not found]
"qgyxofr" = "c:\windows\etpcmot.exe" [file not found]
"nutoumq" = "c:\windows\etpcmot.exe" [file not found]
"ausbgcl" = "c:\windows\etpcmot.exe" [file not found]
"eriiutf" = "c:\windows\etpcmot.exe" [file not found]
"abolfss" = "c:\windows\etpcmot.exe" [file not found]
"fuupbhb" = "c:\windows\etpcmot.exe" [file not found]
"wrbigfm" = "c:\windows\etpcmot.exe" [file not found]
"qnsnjvv" = "c:\windows\etpcmot.exe" [file not found]
"bulcugd" = "c:\windows\etpcmot.exe" [file not found]
"lrfrpku" = "c:\windows\etpcmot.exe" [file not found]
"lcwtlxs" = "c:\windows\etpcmot.exe" [file not found]
"jkluoyx" = "c:\windows\etpcmot.exe" [file not found]
"sxtstky" = "c:\windows\etpcmot.exe" [file not found]
"dnyngax" = "c:\windows\etpcmot.exe" [file not found]
"rhdojon" = "c:\windows\etpcmot.exe" [file not found]
"kxftsfs" = "c:\windows\etpcmot.exe" [file not found]
"mjesohd" = "c:\windows\etpcmot.exe" [file not found]
"cmuxqkm" = "c:\windows\etpcmot.exe" [file not found]
"ieqwmoa" = "c:\windows\etpcmot.exe" [file not found]
"mfkcexd" = "c:\windows\etpcmot.exe" [file not found]
"sssydre" = "c:\windows\etpcmot.exe" [file not found]
"psyrrgp" = "c:\windows\etpcmot.exe" [file not found]
"hihmlsw" = "c:\windows\etpcmot.exe" [file not found]
"ncvftyo" = "c:\windows\etpcmot.exe" [file not found]
"gmydmlf" = "c:\windows\etpcmot.exe" [file not found]
"usexaxn" = "c:\windows\etpcmot.exe" [file not found]
"dmroqko" = "c:\windows\etpcmot.exe" [file not found]
"yfxwhww" = "c:\windows\etpcmot.exe" [file not found]
"pfrrbld" = "c:\windows\etpcmot.exe" [file not found]
"cmpfmmh" = "c:\windows\etpcmot.exe" [file not found]
"hiigqnw" = "c:\windows\etpcmot.exe" [file not found]
"ikjyxfk" = "c:\windows\etpcmot.exe" [file not found]
"qrcmbvc" = "c:\windows\etpcmot.exe" [file not found]
"qqwwkbu" = "c:\windows\etpcmot.exe" [file not found]
"vcnlodg" = "c:\windows\etpcmot.exe" [file not found]
"nskbqjr" = "c:\windows\etpcmot.exe" [file not found]
"xgljbjv" = "c:\windows\etpcmot.exe" [file not found]
"ttwahvv" = "c:\windows\etpcmot.exe" [file not found]
"siclmcl" = "c:\windows\etpcmot.exe" [file not found]
"ktjereq" = "c:\windows\etpcmot.exe" [file not found]
"crgykjm" = "c:\windows\etpcmot.exe" [file not found]
"ljuuymx" = "c:\windows\etpcmot.exe" [file not found]
"doppysp" = "c:\windows\etpcmot.exe" [file not found]
"dpwpyti" = "c:\windows\etpcmot.exe" [file not found]
"jsciobl" = "c:\windows\etpcmot.exe" [file not found]
"qgyohbf" = "c:\windows\etpcmot.exe" [file not found]
"daeeoue" = "c:\windows\etpcmot.exe" [file not found]
"phvinca" = "c:\windows\etpcmot.exe" [file not found]
"xdmrorj" = "c:\windows\etpcmot.exe" [file not found]
"vswhjlm" = "c:\windows\etpcmot.exe" [file not found]
"ydhqbqt" = "c:\windows\etpcmot.exe" [file not found]
"avcvytb" = "c:\windows\etpcmot.exe" [file not found]
"mtbypve" = "c:\windows\etpcmot.exe" [file not found]
"lpdfdjc" = "c:\windows\etpcmot.exe" [file not found]
"oobwylh" = "c:\windows\etpcmot.exe" [file not found]
"blpywks" = "c:\windows\etpcmot.exe" [file not found]
"nxgsgkv" = "c:\windows\etpcmot.exe" [file not found]
"gngsttx" = "c:\windows\etpcmot.exe" [file not found]
"xoundmp" = "c:\windows\etpcmot.exe" [file not found]
"quhhkwl" = "c:\windows\etpcmot.exe" [file not found]
"ylhocym" = "c:\windows\etpcmot.exe" [file not found]
"retwbrf" = "c:\windows\etpcmot.exe" [file not found]
"pvfqwer" = "c:\windows\etpcmot.exe" [file not found]
"dcaajmj" = "c:\windows\etpcmot.exe" [file not found]
"jwhcyvd" = "c:\windows\etpcmot.exe" [file not found]
"ridfwuq" = "c:\windows\etpcmot.exe" [file not found]
"degruim" = "c:\windows\etpcmot.exe" [file not found]
"vhlobyo" = "c:\windows\etpcmot.exe" [file not found]
"mwbjpkv" = "c:\windows\etpcmot.exe" [file not found]
"qemgsjc" = "c:\windows\etpcmot.exe" [file not found]
"kfyvvjw" = "c:\windows\etpcmot.exe" [file not found]
"nhdllwv" = "c:\windows\etpcmot.exe" [file not found]
"tbxtyfo" = "c:\windows\etpcmot.exe" [file not found]
"emvlynu" = "c:\windows\etpcmot.exe" [file not found]
"fxpbalo" = "c:\windows\etpcmot.exe" [file not found]
"qgfpsst" = "c:\windows\etpcmot.exe" [file not found]
"rkyppca" = "c:\windows\etpcmot.exe" [file not found]
"itxrlme" = "c:\windows\etpcmot.exe" [file not found]
"oqmjpta" = "c:\windows\etpcmot.exe" [file not found]
"copmqen" = "c:\windows\etpcmot.exe" [file not found]
"fkssgnq" = "c:\windows\etpcmot.exe" [file not found]
"iiyytop" = "c:\windows\etpcmot.exe" [file not found]
"hiuxwom" = "c:\windows\etpcmot.exe" [file not found]
"idtledw" = "c:\windows\etpcmot.exe" [file not found]
"hhejfrs" = "c:\windows\etpcmot.exe" [file not found]
"otxgvps" = "c:\windows\etpcmot.exe" [file not found]
"fqvngnw" = "c:\windows\etpcmot.exe" [file not found]
"bpsopae" = "c:\windows\etpcmot.exe" [file not found]
"edrurqc" = "c:\windows\etpcmot.exe" [file not found]
"ovexlyb" = "c:\windows\etpcmot.exe" [file not found]
"xkqfwrs" = "c:\windows\etpcmot.exe" [file not found]
"lpajgbc" = "c:\windows\etpcmot.exe" [file not found]
"yabvjrb" = "c:\windows\etpcmot.exe" [file not found]
"xwnshwb" = "c:\windows\etpcmot.exe" [file not found]
"akcdbyy" = "c:\windows\etpcmot.exe" [file not found]
"vqnjufv" = "c:\windows\etpcmot.exe" [file not found]
"bjfvtho" = "c:\windows\etpcmot.exe" [file not found]
"dxffvmb" = "c:\windows\etpcmot.exe" [file not found]
"kwtcqdf" = "c:\windows\etpcmot.exe" [file not found]
"vrmxupx" = "c:\windows\etpcmot.exe" [file not found]
"mblbtla" = "c:\windows\etpcmot.exe" [file not found]
"tsuomcf" = "c:\windows\etpcmot.exe" [file not found]
"coakoxi" = "c:\windows\etpcmot.exe" [file not found]
"ebnsxnd" = "c:\windows\etpcmot.exe" [file not found]
"klcqvxd" = "c:\windows\etpcmot.exe" [file not found]
"ahbjfjk" = "c:\windows\etpcmot.exe" [file not found]
"hytiemp" = "c:\windows\etpcmot.exe" [file not found]
"qtjsqvk" = "c:\windows\etpcmot.exe" [file not found]
"nxobvfx" = "c:\windows\etpcmot.exe" [file not found]
"dqaatnf" = "c:\windows\etpcmot.exe" [file not found]
"dllbrkp" = "c:\windows\etpcmot.exe" [file not found]
"apyrmxw" = "c:\windows\etpcmot.exe" [file not found]
"qslxbws" = "c:\windows\etpcmot.exe" [file not found]
"vmusjnt" = "c:\windows\etpcmot.exe" [file not found]
"vmccruf" = "c:\windows\etpcmot.exe" [file not found]
"emktqau" = "c:\windows\etpcmot.exe" [file not found]
"xidtvvc" = "c:\windows\etpcmot.exe" [file not found]
"wwoxwdw" = "c:\windows\etpcmot.exe" [file not found]
"jvbfmuh" = "c:\windows\etpcmot.exe" [file not found]
"qltlfjl" = "c:\windows\etpcmot.exe" [file not found]
"jpxlejq" = "c:\windows\etpcmot.exe" [file not found]
"gvpfpiu" = "c:\windows\etpcmot.exe" [file not found]
"sucyqkx" = "c:\windows\etpcmot.exe" [file not found]
"cxccrjy" = "c:\windows\etpcmot.exe" [file not found]
"jabduhc" = "c:\windows\etpcmot.exe" [file not found]
"sjbwgjd" = "c:\windows\etpcmot.exe" [file not found]
"mghmiwg" = "c:\windows\etpcmot.exe" [file not found]
"oyknpwm" = "c:\windows\etpcmot.exe" [file not found]
"bqkuwjf" = "c:\windows\etpcmot.exe" [file not found]
"kpxptwx" = "c:\windows\etpcmot.exe" [file not found]
"exybuwj" = "c:\windows\etpcmot.exe" [file not found]
"gjnyrhy" = "c:\windows\etpcmot.exe" [file not found]
"srsakep" = "c:\windows\etpcmot.exe" [file not found]
"accephn" = "c:\windows\etpcmot.exe" [file not found]
"sqqwvqg" = "c:\windows\etpcmot.exe" [file not found]
"nxbolrc" = "c:\windows\etpcmot.exe" [file not found]
"hkipoqw" = "c:\windows\etpcmot.exe" [file not found]
"jufgesm" = "c:\windows\etpcmot.exe" [file not found]
"wlxvffs" = "c:\windows\etpcmot.exe" [file not found]
"unjaoeh" = "c:\windows\etpcmot.exe" [file not found]
"sjahgyk" = "c:\windows\etpcmot.exe" [file not found]
"wqnuinq" = "c:\windows\etpcmot.exe" [file not found]
"uqmaynl" = "c:\windows\etpcmot.exe" [file not found]
"pkmjixr" = "c:\windows\etpcmot.exe" [file not found]
"opikjxi" = "c:\windows\etpcmot.exe" [file not found]
"xhcfscu" = "c:\windows\etpcmot.exe" [file not found]
"fkykcsv" = "c:\windows\etpcmot.exe" [file not found]
"fibuenx" = "c:\windows\etpcmot.exe" [file not found]
"fwbrnal" = "c:\windows\etpcmot.exe" [file not found]
"ipimihy" = "c:\windows\etpcmot.exe" [file not found]
"akytvfw" = "c:\windows\etpcmot.exe" [file not found]
"cuecyxf" = "c:\windows\etpcmot.exe" [file not found]
"mxotfrh" = "c:\windows\etpcmot.exe" [file not found]
"rrjitqa" = "c:\windows\etpcmot.exe" [file not found]
"unyccaf" = "c:\windows\etpcmot.exe" [file not found]
"efnjnxe" = "c:\windows\etpcmot.exe" [file not found]
"bjlyjlv" = "c:\windows\etpcmot.exe" [file not found]
"ygppxku" = "c:\windows\etpcmot.exe" [file not found]
"drfnwsb" = "c:\windows\etpcmot.exe" [file not found]
"nxexbcw" = "c:\windows\etpcmot.exe" [file not found]
"rgobter" = "c:\windows\etpcmot.exe" [file not found]
"xpydfuc" = "c:\windows\etpcmot.exe" [file not found]
"aesvxay" = "c:\windows\etpcmot.exe" [file not found]
"psmtocs" = "c:\windows\etpcmot.exe" [file not found]
"axcuofu" = "c:\windows\etpcmot.exe" [file not found]
"ivphcfk" = "c:\windows\etpcmot.exe" [file not found]
"ktffvmd" = "c:\windows\etpcmot.exe" [file not found]
"uteiiui" = "c:\windows\etpcmot.exe" [file not found]
"slgtnop" = "c:\windows\etpcmot.exe" [file not found]
"shytlka" = "c:\windows\etpcmot.exe" [file not found]
"pdyysbx" = "c:\windows\etpcmot.exe" [file not found]
"txfhgrp" = "c:\windows\etpcmot.exe" [file not found]
"bskwrds" = "c:\windows\etpcmot.exe" [file not found]
"pirherw" = "c:\windows\etpcmot.exe" [file not found]
"rpwdpcb" = "c:\windows\etpcmot.exe" [file not found]
"atpbmrp" = "c:\windows\etpcmot.exe" [file not found]
"fnxgque" = "c:\windows\etpcmot.exe" [file not found]
"axoekao" = "c:\windows\etpcmot.exe" [file not found]
"xvhgvrl" = "c:\windows\etpcmot.exe" [file not found]
"dcpnppj" = "c:\windows\etpcmot.exe" [file not found]
"yadtdvc" = "c:\windows\etpcmot.exe" [file not found]
"uoleeig" = "c:\windows\etpcmot.exe" [file not found]
"gqabmqf" = "c:\windows\etpcmot.exe" [file not found]
"mqkxggc" = "c:\windows\etpcmot.exe" [file not found]
"vofuest" = "c:\windows\etpcmot.exe" [file not found]
"iodynqn" = "c:\windows\etpcmot.exe" [file not found]
"tjeywwo" = "c:\windows\etpcmot.exe" [file not found]
"lvhforv" = "c:\windows\etpcmot.exe" [file not found]
"sfiyyto" = "c:\windows\etpcmot.exe" [file not found]
"qeldlhl" = "c:\windows\etpcmot.exe" [file not found]
"yyfexmt" = "c:\windows\etpcmot.exe" [file not found]
"xlhalhq" = "c:\windows\etpcmot.exe" [file not found]
"frhsvxv" = "c:\windows\etpcmot.exe" [file not found]
"cycmtyl" = "c:\windows\etpcmot.exe" [file not found]
"mhwurxb" = "c:\windows\etpcmot.exe" [file not found]
"sekefyi" = "c:\windows\etpcmot.exe" [file not found]
"erpccfx" = "c:\windows\etpcmot.exe" [file not found]
"rrobaef" = "c:\windows\etpcmot.exe" [file not found]
"ffcerhn" = "c:\windows\etpcmot.exe" [file not found]
"eolovlm" = "c:\windows\etpcmot.exe" [file not found]
"bcngdua" = "c:\windows\etpcmot.exe" [file not found]
"muerpft" = "c:\windows\etpcmot.exe" [file not found]
"xtuylje" = "c:\windows\etpcmot.exe" [file not found]
"gjvqoll" = "c:\windows\etpcmot.exe" [file not found]
"havldhd" = "c:\windows\etpcmot.exe" [file not found]
"fktqjih" = "c:\windows\etpcmot.exe" [file not found]
"uncfvau" = "c:\windows\etpcmot.exe" [file not found]
"krvefre" = "c:\windows\etpcmot.exe" [file not found]
"ycwnirb" = "c:\windows\etpcmot.exe" [file not found]
"lobiady" = "c:\windows\etpcmot.exe" [file not found]
"npayody" = "c:\windows\etpcmot.exe" [file not found]
"pbdxqhf" = "c:\windows\etpcmot.exe" [file not found]
"asjooxg" = "c:\windows\etpcmot.exe" [file not found]
"glcdlnf" = "c:\windows\etpcmot.exe" [file not found]
"dunvpbt" = "c:\windows\etpcmot.exe" [file not found]
"cvbkivr" = "c:\windows\etpcmot.exe" [file not found]
"rcnsnru" = "c:\windows\etpcmot.exe" [file not found]
"onqvldg" = "c:\windows\etpcmot.exe" [file not found]
"dbnxrmy" = "c:\windows\etpcmot.exe" [file not found]
"ofinprd" = "c:\windows\etpcmot.exe" [file not found]
"gmvtmwl" = "c:\windows\etpcmot.exe" [file not found]
"quupugl" = "c:\windows\etpcmot.exe" [file not found]
"djqepay" = "c:\windows\etpcmot.exe" [file not found]
"wlggcal" = "c:\windows\etpcmot.exe" [file not found]
"ymewmsj" = "c:\windows\etpcmot.exe" [file not found]
"kwcjafu" = "c:\windows\etpcmot.exe" [file not found]
"dciiuan" = "c:\windows\etpcmot.exe" [file not found]
"gchgkyx" = "c:\windows\etpcmot.exe" [file not found]
"ackixue" = "c:\windows\etpcmot.exe" [file not found]
"yggtmlj" = "c:\windows\etpcmot.exe" [file not found]
"eeppqxv" = "c:\windows\etpcmot.exe" [file not found]
"tdhsiee" = "c:\windows\etpcmot.exe" [file not found]
"nvtcvnw" = "c:\windows\etpcmot.exe" [file not found]
"dnmreur" = "c:\windows\etpcmot.exe" [file not found]
"mffebom" = "c:\windows\etpcmot.exe" [file not found]
"xhiyglw" = "c:\windows\etpcmot.exe" [file not found]
"hhmoncv" = "c:\windows\etpcmot.exe" [file not found]
"plybxrf" = "c:\windows\etpcmot.exe" [file not found]
"fskcudi" = "c:\windows\etpcmot.exe" [file not found]
"yyrevmb" = "c:\windows\etpcmot.exe" [file not found]
"btuivsq" = "c:\windows\etpcmot.exe" [file not found]
"rhfkaev" = "c:\windows\etpcmot.exe" [file not found]
"pkwvylk" = "c:\windows\etpcmot.exe" [file not found]
"hspwfqp" = "c:\windows\etpcmot.exe" [file not found]
"cayrtxd" = "c:\windows\etpcmot.exe" [file not found]
"pvpphed" = "c:\windows\etpcmot.exe" [file not found]
"rewckga" = "c:\windows\etpcmot.exe" [file not found]
"ahmbngp" = "c:\windows\etpcmot.exe" [file not found]
"jycnrre" = "c:\windows\etpcmot.exe" [file not found]
"wurrbvc" = "c:\windows\etpcmot.exe" [file not found]
"mkyggel" = "c:\windows\etpcmot.exe" [file not found]
"fssjkab" = "c:\windows\etpcmot.exe" [file not found]
"kgdvxmu" = "c:\windows\etpcmot.exe" [file not found]
"xsxhdpd" = "c:\windows\etpcmot.exe" [file not found]
"oexkdfe" = "c:\windows\etpcmot.exe" [file not found]
"ptocitu" = "c:\windows\etpcmot.exe" [file not found]
"geupfsa" = "c:\windows\etpcmot.exe" [file not found]
"gmpnlgd" = "c:\windows\etpcmot.exe" [file not found]
"nkxsxql" = "c:\windows\etpcmot.exe" [file not found]
"uvcwadq" = "c:\windows\etpcmot.exe" [file not found]
"hbpfaqt" = "c:\windows\etpcmot.exe" [file not found]
"dfwpmhe" = "c:\windows\etpcmot.exe" [file not found]
"iaeivkq" = "c:\windows\etpcmot.exe" [file not found]
"ukgfbka" = "c:\windows\etpcmot.exe" [file not found]
"mgokbvx" = "c:\windows\etpcmot.exe" [file not found]
"aprnrcp" = "c:\windows\etpcmot.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"HostManager" = "C:\Program Files\Common Files\AOL\1113524559\EE\AOLHostManager.exe" ["America Online, Inc."]
"AOLDialer" = "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" ["America Online"]
"AOL Spyware Protection" = ""C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"VSOCheckTask" = ""c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" ["Networks Associates Technology, Inc"]
"VirusScan Online" = ""c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"" ["Networks Associates Technology, Inc"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["Networks Associates Technology, Inc"]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" ["Networks Associates Technology, Inc"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {CLSID}\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{2F5AC606-70CF-461C-BFE1-734234536262}" = "WindowBlinds CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbui.dll" ["Stardock.Net, Inc"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WB\DLLName = "C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll" ["Stardock"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


Enabled Active Desktop and Wallpaper:
-------------------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"HotSync Manager" -> shortcut to: "C:\Palm\HOTSYNC.EXE" ["Palm, Inc."]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Update Check (DAVID-Administrator)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["Networks Associates Technology, Inc"]
"McAfee.com Update Check (PC1-Administrator)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" ["Networks Associates Technology, Inc"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 15


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}"
-> {CLSID}\(Default) = "McAfee VirusScan"
-> {CLSID}\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["Networks Associates Technology, Inc"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\
-> {CLSID}\(Default) = "Real.com"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\
(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"
"CLSIDExtension" = "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"

{669B269B-0D4E-41FB-A3D8-FD67CA94F646}\
"ButtonText" = "ComcastHSI"
"Exec" = "http://www.comcast.net/" [file not found]

{8828075D-D097-4055-AA02-2DBFA9D85E8A}\
"ButtonText" = "Support"
"Exec" = "http://www.comcastsupport.com/" [file not found]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{97809617-3937-4F84-B335-9BB05EF1A8D4}\
"ButtonText" = "Help"
"Exec" = "http://online.comcast.net/help/" [file not found]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["America Online"]
AOL TopSpeed Monitor, AOL TopSpeedMonitor, "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" ["America Online, Inc"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" ["McAfee Corporation"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["Network Associates, Inc."]
McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" ["Networks Associates Technology, Inc"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------



C:\Documents and Settings\Administrator\Desktop\SRTools\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\sjoblaaa.exe: UPX!
C:\WINDOWS\system32\vsmxmeri.exe: UPX!
C:\WINDOWS\system32\divxdec.ax: FSg!
C:\WINDOWS\system32\pgutaaaa.exe: FSG!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
Finished
bye



The batch is run from -- C:\Documents and Settings\Administrator\Desktop\SRTools\remv3

Files Found.................
----------------------------------------

Files Not deleted.................
----------------------------------------

Merging registry entries
-----------------------------------------------------------------
The Registry Entries Found...
-----------------------------------------------------------------


Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting
-----------------------------------------------------------------
Volume in drive C has no label.
Volume Serial Number is DC94-0E39

Directory of C:\WINDOWS\system32

msi.dll
Finished
DJPhroggy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-31-2005, 11:59 AM   #7 (permalink)
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Download KillBox http://www.bleepingcomputer.com/file...re/KillBox.zip

Navigate to the C:\Windows\Prefetch folder and delete ALL files in that folder.

Run the cleanup utility and reboot/logoff when prompted. Once done...reboot into safe mode.

Click START…RUN…Type in regedit. Make sure just “My Computer” is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake. Now navigate to each of the following keys and delete the file/folder/entry I highlighted in RED

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Steam" = (no data)
"featwpk" = "c:\windows\etpcmot.exe" [file not found]
"cndjkwx" = "c:\windows\etpcmot.exe" [file not found]
"kqdlnlh" = "c:\windows\etpcmot.exe" [file not found]
"gnyuxeb" = "c:\windows\etpcmot.exe" [file not found]
"xhfyyql" = "c:\windows\etpcmot.exe" [file not found]
"vjcuqra" = "c:\windows\etpcmot.exe" [file not found]
"xkkyvap" = "c:\windows\etpcmot.exe" [file not found]
"siwefbj" = "c:\windows\etpcmot.exe" [file not found]
"bieqins" = "c:\windows\etpcmot.exe" [file not found]
"ehslmav" = "c:\windows\etpcmot.exe" [file not found]
"yocaffc" = "c:\windows\etpcmot.exe" [file not found]
"fretguj" = "c:\windows\etpcmot.exe" [file not found]
"qgyxofr" = "c:\windows\etpcmot.exe" [file not found]
"nutoumq" = "c:\windows\etpcmot.exe" [file not found]
"ausbgcl" = "c:\windows\etpcmot.exe" [file not found]
"eriiutf" = "c:\windows\etpcmot.exe" [file not found]
"abolfss" = "c:\windows\etpcmot.exe" [file not found]
"fuupbhb" = "c:\windows\etpcmot.exe" [file not found]
"wrbigfm" = "c:\windows\etpcmot.exe" [file not found]
"qnsnjvv" = "c:\windows\etpcmot.exe" [file not found]
"bulcugd" = "c:\windows\etpcmot.exe" [file not found]
"lrfrpku" = "c:\windows\etpcmot.exe" [file not found]
"lcwtlxs" = "c:\windows\etpcmot.exe" [file not found]
"jkluoyx" = "c:\windows\etpcmot.exe" [file not found]
"sxtstky" = "c:\windows\etpcmot.exe" [file not found]
"dnyngax" = "c:\windows\etpcmot.exe" [file not found]
"rhdojon" = "c:\windows\etpcmot.exe" [file not found]
"kxftsfs" = "c:\windows\etpcmot.exe" [file not found]
"mjesohd" = "c:\windows\etpcmot.exe" [file not found]
"cmuxqkm" = "c:\windows\etpcmot.exe" [file not found]
"ieqwmoa" = "c:\windows\etpcmot.exe" [file not found]
"mfkcexd" = "c:\windows\etpcmot.exe" [file not found]
"sssydre" = "c:\windows\etpcmot.exe" [file not found]
"psyrrgp" = "c:\windows\etpcmot.exe" [file not found]
"hihmlsw" = "c:\windows\etpcmot.exe" [file not found]
"ncvftyo" = "c:\windows\etpcmot.exe" [file not found]
"gmydmlf" = "c:\windows\etpcmot.exe" [file not found]
"usexaxn" = "c:\windows\etpcmot.exe" [file not found]
"dmroqko" = "c:\windows\etpcmot.exe" [file not found]
"yfxwhww" = "c:\windows\etpcmot.exe" [file not found]
"pfrrbld" = "c:\windows\etpcmot.exe" [file not found]
"cmpfmmh" = "c:\windows\etpcmot.exe" [file not found]
"hiigqnw" = "c:\windows\etpcmot.exe" [file not found]
"ikjyxfk" = "c:\windows\etpcmot.exe" [file not found]
"qrcmbvc" = "c:\windows\etpcmot.exe" [file not found]
"qqwwkbu" = "c:\windows\etpcmot.exe" [file not found]
"vcnlodg" = "c:\windows\etpcmot.exe" [file not found]
"nskbqjr" = "c:\windows\etpcmot.exe" [file not found]
"xgljbjv" = "c:\windows\etpcmot.exe" [file not found]
"ttwahvv" = "c:\windows\etpcmot.exe" [file not found]
"siclmcl" = "c:\windows\etpcmot.exe" [file not found]
"ktjereq" = "c:\windows\etpcmot.exe" [file not found]
"crgykjm" = "c:\windows\etpcmot.exe" [file not found]
"ljuuymx" = "c:\windows\etpcmot.exe" [file not found]
"doppysp" = "c:\windows\etpcmot.exe" [file not found]
"dpwpyti" = "c:\windows\etpcmot.exe" [file not found]
"jsciobl" = "c:\windows\etpcmot.exe" [file not found]
"qgyohbf" = "c:\windows\etpcmot.exe" [file not found]
"daeeoue" = "c:\windows\etpcmot.exe" [file not found]
"phvinca" = "c:\windows\etpcmot.exe" [file not found]
"xdmrorj" = "c:\windows\etpcmot.exe" [file not found]
"vswhjlm" = "c:\windows\etpcmot.exe" [file not found]
"ydhqbqt" = "c:\windows\etpcmot.exe" [file not found]
"avcvytb" = "c:\windows\etpcmot.exe" [file not found]
"mtbypve" = "c:\windows\etpcmot.exe" [file not found]
"lpdfdjc" = "c:\windows\etpcmot.exe" [file not found]
"oobwylh" = "c:\windows\etpcmot.exe" [file not found]
"blpywks" = "c:\windows\etpcmot.exe" [file not found]
"nxgsgkv" = "c:\windows\etpcmot.exe" [file not found]
"gngsttx" = "c:\windows\etpcmot.exe" [file not found]
"xoundmp" = "c:\windows\etpcmot.exe" [file not found]
"quhhkwl" = "c:\windows\etpcmot.exe" [file not found]
"ylhocym" = "c:\windows\etpcmot.exe" [file not found]
"retwbrf" = "c:\windows\etpcmot.exe" [file not found]
"pvfqwer" = "c:\windows\etpcmot.exe" [file not found]
"dcaajmj" = "c:\windows\etpcmot.exe" [file not found]
"jwhcyvd" = "c:\windows\etpcmot.exe" [file not found]
"ridfwuq" = "c:\windows\etpcmot.exe" [file not found]
"degruim" = "c:\windows\etpcmot.exe" [file not found]
"vhlobyo" = "c:\windows\etpcmot.exe" [file not found]
"mwbjpkv" = "c:\windows\etpcmot.exe" [file not found]
"qemgsjc" = "c:\windows\etpcmot.exe" [file not found]
"kfyvvjw" = "c:\windows\etpcmot.exe" [file not found]
"nhdllwv" = "c:\windows\etpcmot.exe" [file not found]
"tbxtyfo" = "c:\windows\etpcmot.exe" [file not found]
"emvlynu" = "c:\windows\etpcmot.exe" [file not found]
"fxpbalo" = "c:\windows\etpcmot.exe" [file not found]
"qgfpsst" = "c:\windows\etpcmot.exe" [file not found]
"rkyppca" = "c:\windows\etpcmot.exe" [file not found]
"itxrlme" = "c:\windows\etpcmot.exe" [file not found]
"oqmjpta" = "c:\windows\etpcmot.exe" [file not found]
"copmqen" = "c:\windows\etpcmot.exe" [file not found]
"fkssgnq" = "c:\windows\etpcmot.exe" [file not found]
"iiyytop" = "c:\windows\etpcmot.exe" [file not found]
"hiuxwom" = "c:\windows\etpcmot.exe" [file not found]
"idtledw" = "c:\windows\etpcmot.exe" [file not found]
"hhejfrs" = "c:\windows\etpcmot.exe" [file not found]
"otxgvps" = "c:\windows\etpcmot.exe" [file not found]
"fqvngnw" = "c:\windows\etpcmot.exe" [file not found]
"bpsopae" = "c:\windows\etpcmot.exe" [file not found]
"edrurqc" = "c:\windows\etpcmot.exe" [file not found]
"ovexlyb" = "c:\windows\etpcmot.exe" [file not found]
"xkqfwrs" = "c:\windows\etpcmot.exe" [file not found]
"lpajgbc" = "c:\windows\etpcmot.exe" [file not found]
"yabvjrb" = "c:\windows\etpcmot.exe" [file not found]
"xwnshwb" = "c:\windows\etpcmot.exe" [file not found]
"akcdbyy" = "c:\windows\etpcmot.exe" [file not found]
"vqnjufv" = "c:\windows\etpcmot.exe" [file not found]
"bjfvtho" = "c:\windows\etpcmot.exe" [file not found]
"dxffvmb" = "c:\windows\etpcmot.exe" [file not found]
"kwtcqdf" = "c:\windows\etpcmot.exe" [file not found]
"vrmxupx" = "c:\windows\etpcmot.exe" [file not found]
"mblbtla" = "c:\windows\etpcmot.exe" [file not found]
"tsuomcf" = "c:\windows\etpcmot.exe" [file not found]
"coakoxi" = "c:\windows\etpcmot.exe" [file not found]
"ebnsxnd" = "c:\windows\etpcmot.exe" [file not found]
"klcqvxd" = "c:\windows\etpcmot.exe" [file not found]
"ahbjfjk" = "c:\windows\etpcmot.exe" [file not found]
"hytiemp" = "c:\windows\etpcmot.exe" [file not found]
"qtjsqvk" = "c:\windows\etpcmot.exe" [file not found]
"nxobvfx" = "c:\windows\etpcmot.exe" [file not found]
"dqaatnf" = "c:\windows\etpcmot.exe" [file not found]
"dllbrkp" = "c:\windows\etpcmot.exe" [file not found]
"apyrmxw" = "c:\windows\etpcmot.exe" [file not found]
"qslxbws" = "c:\windows\etpcmot.exe" [file not found]
"vmusjnt" = "c:\windows\etpcmot.exe" [file not found]
"vmccruf" = "c:\windows\etpcmot.exe" [file not found]
"emktqau" = "c:\windows\etpcmot.exe" [file not found]
"xidtvvc" = "c:\windows\etpcmot.exe" [file not found]
"wwoxwdw" = "c:\windows\etpcmot.exe" [file not found]
"jvbfmuh" = "c:\windows\etpcmot.exe" [file not found]
"qltlfjl" = "c:\windows\etpcmot.exe" [file not found]
"jpxlejq" = "c:\windows\etpcmot.exe" [file not found]
"gvpfpiu" = "c:\windows\etpcmot.exe" [file not found]
"sucyqkx" = "c:\windows\etpcmot.exe" [file not found]
"cxccrjy" = "c:\windows\etpcmot.exe" [file not found]
"jabduhc" = "c:\windows\etpcmot.exe" [file not found]
"sjbwgjd" = "c:\windows\etpcmot.exe" [file not found]
"mghmiwg" = "c:\windows\etpcmot.exe" [file not found]
"oyknpwm" = "c:\windows\etpcmot.exe" [file not found]
"bqkuwjf" = "c:\windows\etpcmot.exe" [file not found]
"kpxptwx" = "c:\windows\etpcmot.exe" [file not found]
"exybuwj" = "c:\windows\etpcmot.exe" [file not found]
"gjnyrhy" = "c:\windows\etpcmot.exe" [file not found]
"srsakep" = "c:\windows\etpcmot.exe" [file not found]
"accephn" = "c:\windows\etpcmot.exe" [file not found]
"sqqwvqg" = "c:\windows\etpcmot.exe" [file not found]
"nxbolrc" = "c:\windows\etpcmot.exe" [file not found]
"hkipoqw" = "c:\windows\etpcmot.exe" [file not found]
"jufgesm" = "c:\windows\etpcmot.exe" [file not found]
"wlxvffs" = "c:\windows\etpcmot.exe" [file not found]
"unjaoeh" = "c:\windows\etpcmot.exe" [file not found]
"sjahgyk" = "c:\windows\etpcmot.exe" [file not found]
"wqnuinq" = "c:\windows\etpcmot.exe" [file not found]
"uqmaynl" = "c:\windows\etpcmot.exe" [file not found]
"pkmjixr" = "c:\windows\etpcmot.exe" [file not found]
"opikjxi" = "c:\windows\etpcmot.exe" [file not found]
"xhcfscu" = "c:\windows\etpcmot.exe" [file not found]
"fkykcsv" = "c:\windows\etpcmot.exe" [file not found]
"fibuenx" = "c:\windows\etpcmot.exe" [file not found]
"fwbrnal" = "c:\windows\etpcmot.exe" [file not found]
"ipimihy" = "c:\windows\etpcmot.exe" [file not found]
"akytvfw" = "c:\windows\etpcmot.exe" [file not found]
"cuecyxf" = "c:\windows\etpcmot.exe" [file not found]
"mxotfrh" = "c:\windows\etpcmot.exe" [file not found]
"rrjitqa" = "c:\windows\etpcmot.exe" [file not found]
"unyccaf" = "c:\windows\etpcmot.exe" [file not found]
"efnjnxe" = "c:\windows\etpcmot.exe" [file not found]
"bjlyjlv" = "c:\windows\etpcmot.exe" [file not found]
"ygppxku" = "c:\windows\etpcmot.exe" [file not found]
"drfnwsb" = "c:\windows\etpcmot.exe" [file not found]
"nxexbcw" = "c:\windows\etpcmot.exe" [file not found]
"rgobter" = "c:\windows\etpcmot.exe" [file not found]
"xpydfuc" = "c:\windows\etpcmot.exe" [file not found]
"aesvxay" = "c:\windows\etpcmot.exe" [file not found]
"psmtocs" = "c:\windows\etpcmot.exe" [file not found]
"axcuofu" = "c:\windows\etpcmot.exe" [file not found]
"ivphcfk" = "c:\windows\etpcmot.exe" [file not found]
"ktffvmd" = "c:\windows\etpcmot.exe" [file not found]
"uteiiui" = "c:\windows\etpcmot.exe" [file not found]
"slgtnop" = "c:\windows\etpcmot.exe" [file not found]
"shytlka" = "c:\windows\etpcmot.exe" [file not found]
"pdyysbx" = "c:\windows\etpcmot.exe" [file not found]
"txfhgrp" = "c:\windows\etpcmot.exe" [file not found]
"bskwrds" = "c:\windows\etpcmot.exe" [file not found]
"pirherw" = "c:\windows\etpcmot.exe" [file not found]
"rpwdpcb" = "c:\windows\etpcmot.exe" [file not found]
"atpbmrp" = "c:\windows\etpcmot.exe" [file not found]
"fnxgque" = "c:\windows\etpcmot.exe" [file not found]
"axoekao" = "c:\windows\etpcmot.exe" [file not found]
"xvhgvrl" = "c:\windows\etpcmot.exe" [file not found]
"dcpnppj" = "c:\windows\etpcmot.exe" [file not found]
"yadtdvc" = "c:\windows\etpcmot.exe" [file not found]
"uoleeig" = "c:\windows\etpcmot.exe" [file not found]
"gqabmqf" = "c:\windows\etpcmot.exe" [file not found]
"mqkxggc" = "c:\windows\etpcmot.exe" [file not found]
"vofuest" = "c:\windows\etpcmot.exe" [file not found]
"iodynqn" = "c:\windows\etpcmot.exe" [file not found]
"tjeywwo" = "c:\windows\etpcmot.exe" [file not found]
"lvhforv" = "c:\windows\etpcmot.exe" [file not found]
"sfiyyto" = "c:\windows\etpcmot.exe" [file not found]
"qeldlhl" = "c:\windows\etpcmot.exe" [file not found]
"yyfexmt" = "c:\windows\etpcmot.exe" [file not found]
"xlhalhq" = "c:\windows\etpcmot.exe" [file not found]
"frhsvxv" = "c:\windows\etpcmot.exe" [file not found]
"cycmtyl" = "c:\windows\etpcmot.exe" [file not found]
"mhwurxb" = "c:\windows\etpcmot.exe" [file not found]
"sekefyi" = "c:\windows\etpcmot.exe" [file not found]
"erpccfx" = "c:\windows\etpcmot.exe" [file not found]
"rrobaef" = "c:\windows\etpcmot.exe" [file not found]
"ffcerhn" = "c:\windows\etpcmot.exe" [file not found]
"eolovlm" = "c:\windows\etpcmot.exe" [file not found]
"bcngdua" = "c:\windows\etpcmot.exe" [file not found]
"muerpft" = "c:\windows\etpcmot.exe" [file not found]
"xtuylje" = "c:\windows\etpcmot.exe" [file not found]
"gjvqoll" = "c:\windows\etpcmot.exe" [file not found]
"havldhd" = "c:\windows\etpcmot.exe" [file not found]
"fktqjih" = "c:\windows\etpcmot.exe" [file not found]
"uncfvau" = "c:\windows\etpcmot.exe" [file not found]
"krvefre" = "c:\windows\etpcmot.exe" [file not found]
"ycwnirb" = "c:\windows\etpcmot.exe" [file not found]
"lobiady" = "c:\windows\etpcmot.exe" [file not found]
"npayody" = "c:\windows\etpcmot.exe" [file not found]
"pbdxqhf" = "c:\windows\etpcmot.exe" [file not found]
"asjooxg" = "c:\windows\etpcmot.exe" [file not found]
"glcdlnf" = "c:\windows\etpcmot.exe" [file not found]
"dunvpbt" = "c:\windows\etpcmot.exe" [file not found]
"cvbkivr" = "c:\windows\etpcmot.exe" [file not found]
"rcnsnru" = "c:\windows\etpcmot.exe" [file not found]
"onqvldg" = "c:\windows\etpcmot.exe" [file not found]
"dbnxrmy" = "c:\windows\etpcmot.exe" [file not found]
"ofinprd" = "c:\windows\etpcmot.exe" [file not found]
"gmvtmwl" = "c:\windows\etpcmot.exe" [file not found]
"quupugl" = "c:\windows\etpcmot.exe" [file not found]
"djqepay" = "c:\windows\etpcmot.exe" [file not found]
"wlggcal" = "c:\windows\etpcmot.exe" [file not found]
"ymewmsj" = "c:\windows\etpcmot.exe" [file not found]
"kwcjafu" = "c:\windows\etpcmot.exe" [file not found]
"dciiuan" = "c:\windows\etpcmot.exe" [file not found]
"gchgkyx" = "c:\windows\etpcmot.exe" [file not found]
"ackixue" = "c:\windows\etpcmot.exe" [file not found]
"yggtmlj" = "c:\windows\etpcmot.exe" [file not found]
"eeppqxv" = "c:\windows\etpcmot.exe" [file not found]
"tdhsiee" = "c:\windows\etpcmot.exe" [file not found]
"nvtcvnw" = "c:\windows\etpcmot.exe" [file not found]
"dnmreur" = "c:\windows\etpcmot.exe" [file not found]
"mffebom" = "c:\windows\etpcmot.exe" [file not found]
"xhiyglw" = "c:\windows\etpcmot.exe" [file not found]
"hhmoncv" = "c:\windows\etpcmot.exe" [file not found]
"plybxrf" = "c:\windows\etpcmot.exe" [file not found]
"fskcudi" = "c:\windows\etpcmot.exe" [file not found]
"yyrevmb" = "c:\windows\etpcmot.exe" [file not found]
"btuivsq" = "c:\windows\etpcmot.exe" [file not found]
"rhfkaev" = "c:\windows\etpcmot.exe" [file not found]
"pkwvylk" = "c:\windows\etpcmot.exe" [file not found]
"hspwfqp" = "c:\windows\etpcmot.exe" [file not found]
"cayrtxd" = "c:\windows\etpcmot.exe" [file not found]
"pvpphed" = "c:\windows\etpcmot.exe" [file not found]
"rewckga" = "c:\windows\etpcmot.exe" [file not found]
"ahmbngp" = "c:\windows\etpcmot.exe" [file not found]
"jycnrre" = "c:\windows\etpcmot.exe" [file not found]
"wurrbvc" = "c:\windows\etpcmot.exe" [file not found]
"mkyggel" = "c:\windows\etpcmot.exe" [file not found]
"fssjkab" = "c:\windows\etpcmot.exe" [file not found]
"kgdvxmu" = "c:\windows\etpcmot.exe" [file not found]
"xsxhdpd" = "c:\windows\etpcmot.exe" [file not found]
"oexkdfe" = "c:\windows\etpcmot.exe" [file not found]
"ptocitu" = "c:\windows\etpcmot.exe" [file not found]
"geupfsa" = "c:\windows\etpcmot.exe" [file not found]
"gmpnlgd" = "c:\windows\etpcmot.exe" [file not found]
"nkxsxql" = "c:\windows\etpcmot.exe" [file not found]
"uvcwadq" = "c:\windows\etpcmot.exe" [file not found]
"hbpfaqt" = "c:\windows\etpcmot.exe" [file not found]
"dfwpmhe" = "c:\windows\etpcmot.exe" [file not found]
"iaeivkq" = "c:\windows\etpcmot.exe" [file not found]
"ukgfbka" = "c:\windows\etpcmot.exe" [file not found]
"mgokbvx" = "c:\windows\etpcmot.exe" [file not found]
"aprnrcp" = "c:\windows\etpcmot.exe" [file not found]

Close regedit.

Run hijackthis and fix the following entrys...

O4 - HKCU\..\Run: [featwpk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cndjkwx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kqdlnlh] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gnyuxeb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xhfyyql] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vjcuqra] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xkkyvap] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [siwefbj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bieqins] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ehslmav] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yocaffc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fretguj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qgyxofr] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nutoumq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ausbgcl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [eriiutf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [abolfss] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fuupbhb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [wrbigfm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qnsnjvv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bulcugd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [lrfrpku] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [lcwtlxs] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jkluoyx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sxtstky] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dnyngax] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rhdojon] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kxftsfs] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mjesohd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cmuxqkm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ieqwmoa] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mfkcexd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sssydre] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [psyrrgp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hihmlsw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ncvftyo] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gmydmlf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [usexaxn] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dmroqko] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yfxwhww] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pfrrbld] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cmpfmmh] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hiigqnw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ikjyxfk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qrcmbvc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qqwwkbu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vcnlodg] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nskbqjr] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xgljbjv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ttwahvv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [siclmcl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ktjereq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [crgykjm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ljuuymx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [doppysp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dpwpyti] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jsciobl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qgyohbf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [daeeoue] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [phvinca] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xdmrorj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vswhjlm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ydhqbqt] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [avcvytb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mtbypve] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [lpdfdjc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [oobwylh] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [blpywks] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nxgsgkv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gngsttx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xoundmp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [quhhkwl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ylhocym] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [retwbrf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pvfqwer] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dcaajmj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jwhcyvd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ridfwuq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [degruim] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vhlobyo] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mwbjpkv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qemgsjc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kfyvvjw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nhdllwv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [tbxtyfo] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [emvlynu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fxpbalo] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qgfpsst] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rkyppca] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [itxrlme] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [oqmjpta] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [copmqen] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fkssgnq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [iiyytop] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hiuxwom] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [idtledw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hhejfrs] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [otxgvps] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fqvngnw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bpsopae] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [edrurqc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ovexlyb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xkqfwrs] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [lpajgbc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yabvjrb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xwnshwb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [akcdbyy] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vqnjufv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bjfvtho] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dxffvmb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kwtcqdf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vrmxupx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mblbtla] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [tsuomcf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [coakoxi] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ebnsxnd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [klcqvxd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ahbjfjk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hytiemp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qtjsqvk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nxobvfx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dqaatnf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dllbrkp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [apyrmxw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qslxbws] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vmusjnt] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vmccruf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [emktqau] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xidtvvc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [wwoxwdw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jvbfmuh] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qltlfjl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jpxlejq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gvpfpiu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sucyqkx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cxccrjy] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jabduhc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sjbwgjd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mghmiwg] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [oyknpwm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bqkuwjf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kpxptwx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [exybuwj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gjnyrhy] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [srsakep] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [accephn] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sqqwvqg] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nxbolrc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hkipoqw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jufgesm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [wlxvffs] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [unjaoeh] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sjahgyk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [wqnuinq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [uqmaynl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pkmjixr] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [opikjxi] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xhcfscu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fkykcsv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fibuenx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fwbrnal] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ipimihy] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [akytvfw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cuecyxf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mxotfrh] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rrjitqa] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [unyccaf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [efnjnxe] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bjlyjlv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ygppxku] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [drfnwsb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nxexbcw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rgobter] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xpydfuc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [aesvxay] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [psmtocs] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [axcuofu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ivphcfk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ktffvmd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [uteiiui] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [slgtnop] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [shytlka] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pdyysbx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [txfhgrp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bskwrds] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pirherw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rpwdpcb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [atpbmrp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fnxgque] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [axoekao] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xvhgvrl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dcpnppj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yadtdvc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [uoleeig] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gqabmqf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mqkxggc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [vofuest] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [iodynqn] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [tjeywwo] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [lvhforv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sfiyyto] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [qeldlhl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yyfexmt] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xlhalhq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [frhsvxv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cycmtyl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mhwurxb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [sekefyi] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [erpccfx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rrobaef] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ffcerhn] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [eolovlm] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [bcngdua] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [muerpft] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xtuylje] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gjvqoll] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [havldhd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fktqjih] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [uncfvau] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [krvefre] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ycwnirb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [lobiady] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [npayody] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pbdxqhf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [asjooxg] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [glcdlnf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dunvpbt] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cvbkivr] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rcnsnru] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [onqvldg] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dbnxrmy] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ofinprd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gmvtmwl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [quupugl] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [djqepay] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [wlggcal] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ymewmsj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kwcjafu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dciiuan] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gchgkyx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ackixue] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yggtmlj] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [eeppqxv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [tdhsiee] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nvtcvnw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dnmreur] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mffebom] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xhiyglw] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hhmoncv] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [plybxrf] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fskcudi] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [yyrevmb] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [btuivsq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rhfkaev] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pkwvylk] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hspwfqp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [cayrtxd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [pvpphed] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [rewckga] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ahmbngp] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [jycnrre] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [wurrbvc] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mkyggel] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [fssjkab] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [kgdvxmu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [xsxhdpd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [oexkdfe] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ptocitu] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [geupfsa] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [gmpnlgd] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [nkxsxql] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [uvcwadq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [hbpfaqt] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [dfwpmhe] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [iaeivkq] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [ukgfbka] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [mgokbvx] c:\windows\etpcmot.exe
O4 - HKCU\..\Run: [aprnrcp] c:\windows\etpcmot.exe

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

c:\windows\etpcmot.exe
C:\WINDOWS\system32\sjoblaaa.exe
C:\WINDOWS\system32\vsmxmeri.exe
C:\WINDOWS\system32\pgutaaaa.exe

Once you reboot post another Hijackthis, Rkfiles, and Silentrunners logs.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:50 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85