crypt.dll, smitfraud-c and virtumonde

Status
Not open for further replies.
W

whohuhwhat

New member
Hey guys,

My norton antivirus gave me a popup notification saying that crypt.dll was infected. It said it quarantined the file but norton was (not responding). I ran adaware and spybot in safe mode. Spybot found smitfraud-c and virtumonde and attempted to "fix the problem." Unfortunately, the problem is still there.

***********

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:23 PM, on 2/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton\defwatch.exe
C:\Program Files\Norton\rtvscan.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Norton\vptray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Executor\executor.exe
C:\Program Files\D-Color\dcolor.exe
C:\Program Files\miniMIZE\miniMIZE.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\F H e L\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\F H e L\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton\vptray.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [Blujeqayofikahas] rundll32.exe "C:\WINDOWS\Nqamalolacihi.dll",e
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [Kdawat] rundll32.exe "C:\WINDOWS\upevoyoxajijohap.dll",e
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\executor.exe" -s
O4 - HKCU\..\Run: [D-Color] C:\Program Files\D-Color\dcolor.exe
O4 - HKCU\..\Run: [miniMIZE] C:\Program Files\miniMIZE\miniMIZE.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [csjmijd96flzjwbfkdt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\x3hvbfjjtv8.exe
O4 - HKCU\..\Run: [ml53hzopky5mipv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nhyyvuj.exe
O4 - HKCU\..\Run: [iw86dw5i52qpg2abdbz23egctf2a28f4pmcpi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p0ak6fmi2h8.exe
O4 - HKCU\..\Run: [x0mw5tjuozfwippivvn2sl6cngxvtibnen4vhw] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\m7v1ftwy3yds.exe
O4 - HKCU\..\Run: [MS AntiSpyware 2009] "C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe" /autorun
O4 - HKCU\..\Run: [fbu1wi9mqx15evz9seac4dr4dhv7cish] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uesmi0.exe
O4 - HKCU\..\Run: [fh0nq8bfbdnp0vwyd9gyw0khjqtn1t2t] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nkalgmg3q4dc7.exe
O4 - HKCU\..\Run: [i5ncfzkqx94lxqfge] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cigjktg9i8.exe
O4 - HKCU\..\Run: [xhq26mutp453z5yyre2mosrjt1p3t3qabnyihbq4ry0trbr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ok8d9mu1h6rr.exe
O4 - HKCU\..\Run: [va56uiw5v2vky1o2kva3mbeaf3qp9tscczn6tje0wclmcr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fh452ttihhg.exe
O4 - HKCU\..\Run: [hidh0uewahesyrbuen1x3ew1azthn3mzszo22doao] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\royjhktogfcc.exe
O4 - HKCU\..\Run: [ki3tl3fuef588hlg8mk9fjluqjub3lgssr3t6oqcu] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\x1bzxx7p1y.exe
O4 - HKCU\..\Run: [jwx45bubt43na8yo6da66bhsc3vp2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\stp1me2.exe
O4 - HKCU\..\Run: [evd68kpgf8xmrhruyc006] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\de4f3oqegc8dr.exe
O4 - HKCU\..\Run: [knwfbf3aglv15bajyn1h9j6t9u2yp51kx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o6fvbzdp.exe
O4 - HKCU\..\Run: [nfln919pciqaxn8emjybaaalu9cfi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ly9degonpw.exe
O4 - HKCU\..\Run: [wexmcsfwkvvw2iluawj6la5ic74slncm1xj7mr9wc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ellvllzp9kj.exe
O4 - HKCU\..\Run: [tam0e75vpi016e0la8tw4zkysepoo7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ttngeq7o.exe
O4 - HKCU\..\Run: [xdw2dxi3h1gok408d8mhvmhojr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\evnzk09hs.exe
O4 - HKCU\..\Run: [fq4b9v2gk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ozpkjuy0rg37.exe
O4 - HKCU\..\Run: [sxfus7hjstzoz789v3vh9986rtrn2t1mtyzc3972zt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wiwnz3t.exe
O4 - HKCU\..\Run: [yxzrebbx5yatqswfxx0pyefjz9h1v4jn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xen5dwxvnymz.exe
O4 - HKCU\..\Run: [hz9pevghjfxblzwaquofdn9rojuq1rzncxc0h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sz9dovcx6.exe
O4 - HKCU\..\Run: [ahxpuihzgnab2c2k1e83y31dg60lcia] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j713fih2e.exe
O4 - HKCU\..\Run: [kep8frp1nco] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\eo2iowsul9p2s.exe
O4 - HKCU\..\Run: [w3xi6cbn5jbfqx7hjnup6sho5c7d8ylgfmsm1z4n] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\scx1r569hxu.exe
O4 - HKCU\..\Run: [ymf3ff0f4mupexuc7iz7oiktj7clkyhxcbq33jkm] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mxqh5qd6vl.exe
O4 - HKCU\..\Run: [xm972eeoitci] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\azq0b0fzy3i.exe
O4 - HKCU\..\Run: [gljnudmq7wisy8cmb1miamwsrmsd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c5fd4sr.exe
O4 - HKCU\..\Run: [kyuu1x56ysizqewgbnxwnjln89hld55n5d3ho60ku] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\eg78awbfx9rr.exe
O4 - HKCU\..\Run: [xo24ffzb4pvorn1549suref] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\z660kvtfly.exe
O4 - HKCU\..\Run: [er3i359chj0x00vo8nr4xhvnumc8nxiihkn1gpc1tr385lc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kupmg3jm7g.exe
O4 - HKCU\..\Run: [lsknx97qg6qweg0e3yho1em00qwe] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cqwnf8adqa.exe
O4 - HKCU\..\Run: [pv6ag7lx9v] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\neyqbzh3ts.exe
O4 - HKCU\..\Run: [p34e1wufi9oaiebabjx3k5ut] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ysm91a.exe
O4 - HKCU\..\Run: [ghjwshjwa] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\njhtkgmht.exe
O4 - HKCU\..\Run: [fvneugu4p] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\q37xwc3fy.exe
O4 - HKCU\..\Run: [k2l0phiomm9ulo1kobnjjnbvbu9gfyc734ka2pb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\em7g23581m.exe
O4 - HKCU\..\Run: [yqhtzjf4rw86tykyeodwrrjf1gmlw1e10xwkzcn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\a7qivn9u7m54.exe
O4 - HKCU\..\Run: [lavk0ippii3qa2dpit9eq63p52ngkbhpwql] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\pyl2eto.exe
O4 - HKCU\..\Run: [vbxg2l59ax1tblbho2xbi5h8g74nhvxqt679oyp11dpqloc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wq16akzrbpl.exe
O4 - HKCU\..\Run: [lvn233rjwr4niw4u7h9e14wsxqxo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vchf8zd.exe
O4 - HKCU\..\Run: [oh4ibn5m0o24r1ajnqjuu] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\z6c0ucve.exe
O4 - HKCU\..\Run: [e6djm4qmg5v6vmryynfgvulnj3kwchvbc2ygr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cgqk0svvsqqb.exe
O4 - HKCU\..\Run: [n8ska376xs1vcwl7drkh4w7mxeihybbiv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jk95z31.exe
O4 - HKCU\..\Run: [dfq5y84cc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v82mgvbbcekm.exe
O4 - HKCU\..\Run: [mqf5u4lb42j8p1ugql32iareditwuvwv5g6p6owk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u8s8vu8.exe
O4 - HKCU\..\Run: [rmadp3z24dlnsvucin6eahja3ykrhfku0e40u98tllmxi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uidvu919nqpcp.exe
O4 - HKCU\..\Run: [efbcuelkll0o1hmflmspiwjj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mqpwdfgg.exe
O4 - HKCU\..\Run: [m971w231n2gaocexkt4qyvdvrp74geyhn34y1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fw1ekkrix.exe
O4 - HKCU\..\Run: [crsz8omn5k1ykda4g1hz3vgj3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\po0pdlupf.exe
O4 - HKCU\..\Run: [uaqvk6vmyydajuhusempda4ltx8toay] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\r31wgkl39e.exe
O4 - HKCU\..\Run: [ln8yoh8mu1nspf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bwco08ddn8ef.exe
O4 - HKCU\..\Run: [wi7kc06nn5kwy9srfxpeub1mkz37arj59wtt9jptpd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\x7hnnc0ih2.exe
O4 - HKCU\..\Run: [ubtau15rc0xha6bisljqkf77n6qocshcjnbab3c1z4d14gtb46] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mt0oqj33.exe
O4 - HKCU\..\Run: [qnmbb6zva] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ep786ouu.exe
O4 - HKCU\..\Run: [wf99pp3v2j210tk8flqsv8dtjmun8plk2d] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ludk3cm.exe
O4 - HKCU\..\Run: [vre8vb305c7ifua7pqrreeqf1fshtnf3f] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cx3q4im3.exe
O4 - HKCU\..\Run: [asg7dxsdm2t91jaqe7thcd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vdashkemt3oj5.exe
O4 - HKCU\..\Run: [rhefwpxpb1lke5at8txhzp] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kgttkr07qlb.exe
O4 - HKCU\..\Run: [whu2xquxo1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\boljbe5vyyg.exe
O4 - HKCU\..\Run: [co55jqxq9oyd1g6c57] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ems3xthfkrso.exe
O4 - HKCU\..\Run: [pz1ol9kl4oo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b3zrg6.exe
O4 - HKCU\..\Run: [bqlkrtwcn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d3ps5r7w2.exe
O4 - HKCU\..\Run: [ayy0j6ol5azqnu3u6vpyzma454] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hs1ainkrpmx.exe
O4 - HKCU\..\Run: [sirpxuevascszslts78e0mbxuujx7vxop59f2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lc1bf3lj.exe
O4 - HKCU\..\Run: [jbvwd2lda7np5gb7t3su6vzs91hpm3qfmzy] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cxs7vz.exe
O4 - HKCU\..\Run: [dmu3z3fhp1jim29j9sth02m9jownth1ky] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v94xubtezwy6b.exe
O4 - HKCU\..\Run: [i5zc9yxgipjk6jqhq8cq31alj5yuugphs3ka3h0h6xl] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vvn0oicj3l1v.exe
O4 - HKCU\..\Run: [ckbz5uih77i2gu94rm83s7q72wbpvl96vabos03] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kmi13yd.exe
O4 - HKCU\..\Run: [wix010yqnk483gb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dsuja3oi.exe
O4 - HKCU\..\Run: [suq1io9ulh3vcf8n] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v51k98f9.exe
O4 - HKCU\..\Run: [j3184thqyjd6xd4uws5cm38] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nwdl9eux1qk.exe
O4 - HKCU\..\Run: [ql5yhynqnsj65wkvzmn2bdfoy48peyr4go9gu9p6gfh9pe4] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jmfqbwmgqqq1.exe
O4 - HKCU\..\Run: [usk0p9aajkya9z] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jy3qzno.exe
O4 - HKCU\..\Run: [nzwb3ixfewk7fo6riq1821gv17qzqxw22na] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ql5sdrgs6l.exe
O4 - HKCU\..\Run: [sh0kd94waiycl4g] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ee0epy3.exe
O4 - HKCU\..\Run: [cl92p468imcdfrvkq786u8ltnvlqg5moa19oigbls3801x] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ejjyff.exe
O4 - HKCU\..\Run: [dz9m687ckp7j0f] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b9oe9zrpnb.exe
O4 - HKCU\..\Run: [xbhf3r8ibnhil1y5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fgnpnoc63md.exe
O4 - HKCU\..\Run: [y31xtpxx7fnf6oq8v8fkf8u7lerz3amnf2t7cadtged5r] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\brbotszbg.exe
O4 - HKCU\..\Run: [zapw0zv3j] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\w78c4t704.exe
O4 - HKCU\..\Run: [c6slf91pshk0keqv6enqfsp] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cse64kfq2nz.exe
O4 - HKCU\..\Run: [xwqnr266ahnfb6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v828hm79.exe
O4 - HKCU\..\Run: [hozy3n6qjpokunfmhggeer22uzkg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\oee7oribi.exe
O4 - HKCU\..\Run: [auxkxp646vv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u8iep3g9xnb9o.exe
O4 - HKCU\..\Run: [arj9ji0ydb4x55myaqojs7htoe8tp85] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uy4ujnkzi.exe
O4 - HKCU\..\Run: [r0v9y4lxrzex5x7ukq1twf0im8z3rbroj6sys] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\upphi29.exe
O4 - HKCU\..\Run: [wv0dsr6anzqz7e52s68736xadwpiz7ptdh5l2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\frp0ocbd.exe
O4 - HKCU\..\Run: [ybo2il98r7xo7hqf3g87sc4lz4fd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mldihq0.exe
O4 - HKCU\..\Run: [chflux04n813eqtcr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lgr4g74e5hgrc.exe
O4 - HKCU\..\Run: [ac64e3ep2s3qminjrfaw70vh6b002] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ajaoje7z2i3.exe
O4 - HKCU\..\Run: [wtbyz1bop124j4de] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sfhpijyqlcw.exe
O4 - HKCU\..\Run: [ycsl9v4f3txgguf5oo6lhuhi7mp61j3963ef4avk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lvorv4q9.exe
O4 - HKCU\..\Run: [tfogis7cdhtezdbt74] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d8jv4rau7u.exe
O4 - HKCU\..\Run: [e4g3rmd4ll7dptw0vjavdgnr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zoju7b92dulqj.exe
O4 - HKCU\..\Run: [hjnih3frph7mm6a26tum6c0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gsszz4rsc6.exe
O4 - HKCU\..\Run: [ifoe67k9b7qh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b3u6u64eo6wtt.exe
O4 - HKCU\..\Run: [axrzqcf6yode1eiz9yvhi6yzviavcb2fmljz2owbm6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c4dormo61a.exe
O4 - HKCU\..\Run: [k3eookxekg3b22r50bxcs0n7ryh38lzxfzyuh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mrw9qxu4aojxd.exe
O4 - HKCU\..\Run: [ld62oswyv12nlcd7kzsqhhm58ot3zyn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xawsw7.exe
O4 - HKCU\..\Run: [yzrrvui0tk7h0buco5szv4j] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bzra939s.exe
O4 - HKCU\..\Run: [bkqhgxc5yt471z3qqe1dnhfk7xwkarfd54ehif4s] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fe88gj.exe
O4 - HKCU\..\Run: [dgkzt0rkyrpdvjhxg3jbl9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j3k9tyi1.exe
O4 - HKCU\..\Run: [r1u0ip3etr54bxrjm96o8nnkx71cl8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c9w80ktk1.exe
O4 - HKCU\..\Run: [ka5kjmas2zqju1h4jk5bhjifnjzhgubhynq2d] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fgc6x5e5h.exe
O4 - HKCU\..\Run: [go9jlll0hbqe2or3sju0bamt0k7s8bxxt30ue] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\i02ts1v33.exe
O4 - HKCU\..\Run: [gdrv00idqgnfzk3tsslzkphgj4qa6k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o0mrop.exe
O4 - HKCU\..\Run: [p9rb6ch06wboi1qypogqhskfux] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\a7b5qu.exe
O4 - HKCU\..\Run: [e8i41t8d97l7r539h31nxvwvk9eqs76z565g711dwl] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nv0d66trvxnp.exe
O4 - HKCU\..\Run: [vb5loy3movu7xm5v2ifosvl2iocqh9ypcdjys9us7dao1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\oa8v1ix3o.exe
O4 - HKCU\..\Run: [mf7kpb5e6pz75bqj9jh7f0sgpzipwprbem68m] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u8oezkipb9g.exe
O4 - HKCU\..\Run: [jh9cgqouv1h6diojyc9auhtbljo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dnmza5hoemq.exe
O4 - HKCU\..\Run: [ykf72kue937plj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j2tjfka80y25.exe
O4 - HKCU\..\Run: [gkmm9midynm338vob7kk597txw99wtg0c5v9bis] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c3mydp.exe
O4 - HKCU\..\Run: [bzb1li4tyg7mfola52pt3z3mujsgty0gi0fu4] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p1wtszyeps.exe
O4 - HKCU\..\Run: [dfbfuv3sbdb6kin6cqrj5iydh6rynl9ugrv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ce4s0i.exe
O4 - HKCU\..\Run: [yn9wxa1wspkmz9hz2zshoqrpg7wyp1z5e3fw3q] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zkt16797.exe
O4 - HKCU\..\Run: [l4gqg1hbdmz69pte0vkcte0cemgy5qrpmwevtq492] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mn6xptu9.exe
O4 - HKCU\..\Run: [lzo0mxf6et0mt1zpz7meffr4r] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lnwndnz052b.exe
O4 - HKCU\..\Run: [ndsnzlvul9w88nlb1hrnk9djw4seku4c48fzj34oo41xjz] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t1a5n2agg.exe
O4 - HKCU\..\Run: [bhp25ruuj8zi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\swor5je.exe
O4 - HKCU\..\Run: [yczpbq3olwu0yp64l2bms5aluqx7u69p1rqi7u4y3lic54b] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hu58z9.exe
O4 - HKCU\..\Run: [djs4be4zmlf0il5h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\m2kk47g40zh.exe
O4 - HKCU\..\Run: [i9syz7lerhgybsu6t6maxj6hx8myma5xgvbbt8vxvttccjnje3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rc598mdrlh.exe
O4 - HKCU\..\Run: [m4wehwxxxv3zorqjjifoq1zd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o7tqsn1osbidv.exe
O4 - HKCU\..\Run: [nyhtvek6f9j4e519kmcw373] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\g30arssfb5b6f.exe
O4 - HKCU\..\Run: [zgddd7hfo3oid95] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c9vqpvw02hyw.exe
O4 - HKCU\..\Run: [i5hr61u6qseux1qg8b378jia2xk2dowuey0rz5ddupxy8zaas] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nse9v5yt5zyno.exe
O4 - HKCU\..\Run: [vpqgpsv53u0y2lv3acg3ozjxhv94] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v1qs5ycgm5s7.exe
O4 - HKCU\..\Run: [kt71oes1d9vuwyiuiy6636fvvyy2m10] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ygxcrdo0rh4rr.exe
O4 - HKCU\..\Run: [denya6sffxa8tt6wh3uxrxodz9b4c] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cabxdq.exe
O4 - HKCU\..\Run: [nxhtzomokaj01g364xs71236ga2s9qr9fomef43rzg2u58] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\phk5oxt5s.exe
O4 - HKCU\..\Run: [llfc3geg64tsatllw3qo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\avroe8jv2twui.exe
O4 - HKCU\..\Run: [bbjcb16puo09smwgtaznzxjhcold204a10of] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\q8p3fxdgtb.exe
O4 - HKCU\..\Run: [py1ooulcggqhmjodm5hm628w01zvnpopekfarvi6zwyq4] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tn37ubzbm0qm1.exe
O4 - HKCU\..\Run: [fzmj9z1bl6422o0yo2dqqa3cs] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ek36r4w.exe
O4 - HKCU\..\Run: [iek9zrg77i5ziz7e7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bfr6b5knwc.exe
O4 - HKCU\..\Run: [l9kw1bbxtqqxcdj9h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ljarep4aq0irz.exe
O4 - HKCU\..\Run: [g8f8vunrx45mvo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\pyrphfmgzbj.exe
O4 - HKCU\..\Run: [wr9vn6qq20bbn4yqttpjftpbhi00s] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\guvfo1mo.exe
O4 - HKCU\..\Run: [on3b0g597my92eg8rhvol] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kojghwb.exe
O4 - HKCU\..\Run: [tx6djd5k5vgntr9j1vngbgp] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hl0dfi6z1.exe
O4 - HKCU\..\Run: [oxdfokvgcioosdo3nvtxe3vznic89i1y44fg30fnewcmehmqfx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rixik9te.exe
O4 - HKCU\..\Run: [pw64i1llwqcw4hjra661mg4jkcr25hzr8zi47h8h5y6r3avjyy] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zr2h13e7do7x9.exe
O4 - HKCU\..\Run: [o6j8l3pjrv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v79jxo69qi.exe
O4 - HKCU\..\Run: [h523azrms8ap4ib8vrw7j4ogh5kj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\db2zy0fz7o.exe
O4 - HKCU\..\Run: [qxjcj85dyc94s1vgoghf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bbpa4xl5h6.exe
O4 - HKCU\..\Run: [gdj7847gzp05e4qqt5av3cz60tme86wxi4lx8d3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jf19osueyc.exe
O4 - HKCU\..\Run: [sqd08lf04isi07vpv8h03z0z42uph9g0ve87saua] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xh1sb2w71us.exe
O4 - HKCU\..\Run: [ngklwbhyc25e4hksej95] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\x3kck01lku.exe
O4 - HKCU\..\Run: [uwu05ja9y] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p9mgp4.exe
O4 - HKCU\..\Run: [kio3ehawvhd1gt5t09t1ub6bbvg3itxo4mh9neira9hpi8a78] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ifyfwq3.exe
O4 - HKCU\..\Run: [ci4etsedh50bhqyx637atzgdv8flhydloky9v4fqlcrul1zd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u83wahpzk.exe
O4 - HKCU\..\Run: [y33d88ky29fd378d3bqp2vjpj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ty51ciyi9d.exe
O4 - HKCU\..\Run: [d6sd0ltjtznf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\so034ie78.exe
O4 - HKCU\..\Run: [i89icwn3d6uinnermxyd0u03xa9mpde] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\pjokoj24fdac.exe
O4 - HKCU\..\Run: [jdk3rtmqm58fsd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hwv44otvy735.exe
O4 - HKCU\..\Run: [po16ugxs0jebekzacene03q0kmhnvd7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d7j3rsg0b1.exe
O4 - HKCU\..\Run: [w7isypcmu1yzlf6diro9bttckx0y] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\i602vod6z1ya9.exe
O4 - HKCU\..\Run: [mvtllhqjdia9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\znq5nd8.exe
O4 - HKCU\..\Run: [np4rxbuq6u2qysbmf40ur7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\beclzy0665zwr.exe
O4 - HKCU\..\Run: [uhm4s2a829hzx16iq8ivae6dajayktij3qaicpomye7d8h7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cahx4q8899m9.exe
O4 - HKCU\..\Run: [p3nwunr9kr3oaatzgoisvvrg2p] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ph9myxv.exe
O4 - HKCU\..\Run: [qz8g1i562rakfbip32eh8pzi3bwzd2aeugtd6kcwi7nco9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wlzrqquumfq5.exe
O4 - HKCU\..\Run: [ysf9nmvb9qtcwwx88qlv0qie29r9ie8rit423ysadwdmo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\s6itjr.exe
O4 - HKCU\..\Run: [jn2csu59pg0xwko59r2kh1qe9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hz6axikk.exe
O4 - HKCU\..\Run: [btsr54fwsp70bzkj6qo0vik3jo7g9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t26u0p.exe
O4 - HKCU\..\Run: [jkg8xcw0qunuzgtkrxpb3iqhd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c65lqh.exe
O4 - HKCU\..\Run: [adihd84vumj0xe3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rxhmqn0pa.exe
O4 - HKCU\..\Run: [vn428vg93giyd6pqs9sujzqhmj9yqnk4myly4cjx26] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vy0nnk.exe
O4 - HKCU\..\Run: [so1i32qqf09f7q0j2vudrbczk0ivr8hkc2aaiytnyuurh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kpco69god.exe
O4 - HKCU\..\Run: [rfc8851k93jivc1eaoq57lw9p3zits] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xrlcrzfn8m6ho.exe
O4 - HKCU\..\Run: [avs003xu12yskny6jvochd4m683oqbmz0eekw6p] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b2gedc.exe
O4 - HKCU\..\Run: [l68ijpr8cpmfo36tdfxkvr46n8ay57tn6889yat9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bx4exd4tl.exe
O4 - HKCU\..\Run: [jajri40tpc8l2xt6r5hd3283] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p4zx0mi.exe
O4 - HKCU\..\Run: [i6tzttyj1pbanquxry6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ll3612.exe
O4 - HKCU\..\Run: [oxkqmdsdh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h1a8x4cjjnf.exe
O4 - HKCU\..\Run: [o9gy6ghmmo6468o0de8o6pffl48b5po3eu1605lpt0c] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ax5lstol8.exe
O4 - HKCU\..\Run: [cto5sn3yjzr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hb5s3kt.exe
O4 - HKCU\..\Run: [fj4h4lv6qaycycovrnrqj5ovr4z6n2b] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cc5czowuot3s.exe
O4 - HKCU\..\Run: [cgn3to5as1s2hqfxgdwpzmhju9qhn18681] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\y9cev9od1.exe
O4 - HKCU\..\Run: [xn3ifzar6mtf3ciwg23w34or6knd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gwouw4xmi.exe
O4 - HKCU\..\Run: [anng19a9wlwc1yjncc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d8cuz5ljpnla.exe
O4 - HKCU\..\Run: [py8gxt78o2or2h8v3in5gi0nwd92jcbizm3e3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zjhcmq8o2h.exe
O4 - HKCU\..\Run: [u86jcn017znkc2vqz6heda] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rk7xbcnt4.exe
O4 - HKCU\..\Run: [l0zm64g1n11m7k83rxf0tsx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fdljn2.exe
O4 - HKCU\..\Run: [q5aivmb9munfkpo6856k7k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u4xkn8laq.exe
O4 - HKCU\..\Run: [whludkj3xqblqjxqbhk2rffbma2puyz2n] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\r6q01ts7.exe
O4 - HKCU\..\Run: [r5ofbdostksvpwzputl8cm85ll4hzqwawhf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\by4lgma8.exe
O4 - HKCU\..\Run: [his135lkvp3ltcz] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b3n5pkf.exe
O4 - HKCU\..\Run: [awwpf0gdv0kv26ccx1dpbidnqtexunahtk0ltuzkv2ytii] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\e8z5mjrpz5vv.exe
O4 - HKCU\..\Run: [ot4unm9ezn03glyimceo7ku2i14nz1g0ztipfkmwp6v8uclf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tzb6586.exe
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: SetPointII.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\fhel~1\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\fhel~1\locals~1\temp\ntdll64.dll
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1235190547000
O20 - AppInit_DLLs: wbsys.dll atxpii.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Norton\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Norton\rtvscan.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 27712 bytes
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.

For your benefit, the instructions are pinned (sticky) to the top of the Malware Removal forum, please read and be sure you have followed those instructions. I have also posted the "Before you Post" instructions at the top of this thread.

You are good an infected, if you will read and follow directions I will do all I can to help.

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) Follow the directions in this link:
http://www.bleepingcomputer.com/malware-removal/uninstall-antispyware-2008

when you get to instructions #12 that says this:
When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.

I want you to follow these instructions instead:
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Please post contents of that file & a new HJT log in your next reply.

Emergency tool <<< use only in an emergency
http://www.snapfiles.com/get/winsockxpfix.html

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks
 
Malwarebytes' Anti-Malware 1.34
Database version: 1797
Windows 5.1.2600 Service Pack 2

2/23/2009 5:32:45 PM
mbam-log-2009-02-23 (17-32-45).txt

Scan type: Quick Scan
Objects scanned: 103753
Time elapsed: 21 minute(s), 14 second(s)

Memory Processes Infected: 26
Memory Modules Infected: 3
Registry Keys Infected: 9
Registry Values Infected: 218
Registry Data Items Infected: 8
Folders Infected: 6
Files Infected: 767

Memory Processes Infected:
C:\Documents and Settings\F H e L\Local Settings\Temp\uv6mwx.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rqem93.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\g3s7iq79.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gyg72rv6bnv.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gtxnta7ss48m.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wqv9w8q9.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wlc6nr2v4.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\m207nrvrznq.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b0wym9p9gt.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xqyk5rhs5tz.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i9h3b1jl8bi3.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rxu16o.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ckzgx1572hmz.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\fq8nierj7c8.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jpmsu8x6di8.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\t3qhshdw5jk2.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lqz57kxf7d.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\o568tzqztpi.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ahbpqqc3x1dz2.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\znkmac5.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\m503svpga1toe.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xojmy5.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yyok6mb.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yz588v0.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wgp6h9s8pfa.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b6l65gl.exe (Trojan.Clicker) -> Unloaded process successfully.

Memory Modules Infected:
\\?\globalroot\systemroot\system32\UACkavkyvps.dll (Trojan.TDSS) -> Delete on reboot.
C:\Documents and Settings\F H e L\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Nqamalolacihi.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\blujeqayofikahas (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vhtfll17dfolfnaaovf1s9ni7ay2sbiuf45su3sppp6l (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jvmljm3rhnvwceoaykabunjzutyttftch (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mytgicv0zfsf1uisxgv6qxs2d4zo5jzk8b2idz (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\neee0mt9sa2z61hhb23q55 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lbozsenseuqo1i3x9omtujim57ahy8q (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rybhut5215xhes2gi3n34in7guz2l012zjpwf3fbeyw3mm (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rdjcfa6cavccl3ds7jx3t46m760 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ed7k4fpxruho8whjlnb (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iqflbpjdbfp80npf45r52zvflkrzemhiwe7wh3w0 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\istum9kaitygllt9ph95hy17zwwl7j18oifa (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms antispyware 2009 (Rogue.MSAntispyware2009) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qnmbb6zva (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sirpxuevascszslts78e0mbxuujx7vxop59f2 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wv0dsr6anzqz7e52s68736xadwpiz7ptdh5l2 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ybo2il98r7xo7hqf3g87sc4lz4fd (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ld62oswyv12nlcd7kzsqhhm58ot3zyn (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yzrrvui0tk7h0buco5szv4j (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dgkzt0rkyrpdvjhxg3jbl9 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p9rb6ch06wboi1qypogqhskfux (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yn9wxa1wspkmz9hz2zshoqrpg7wyp1z5e3fw3q (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fzmj9z1bl6422o0yo2dqqa3cs (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wr9vn6qq20bbn4yqttpjftpbhi00s (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\on3b0g597my92eg8rhvol (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxdfokvgcioosdo3nvtxe3vznic89i1y44fg30fnewcmehmqfx (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uwu05ja9y (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kio3ehawvhd1gt5t09t1ub6bbvg3itxo4mh9neira9hpi8a78 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mvtllhqjdia9 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cvwq74dhrs70yr40b (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cla1rlroqj8fum3di1cg4sp6chivf0u90vt7msxwn0z30p0 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\h1j3imv331jks5t0aor52 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nmdpoygi11h8p9jgv55n (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pqkdtw1mhlmkvhqqj66hgh9d0a (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hd9bumai9o3mo4mhrhg9j1skt9lce (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fkcs5m6w0ljaiwsz0ccuu6z9xmtpphce73q (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ng2t19y0nd7k93x5v4vof48u (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gq4ftpr2eku4hphxkrpqd (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dw4vfn078wyvp1iljg6ibtuvdepeyg1tytbwsxsru6d2gddu (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rl4r1pn81i1392i6cz1ts3d3b1vya (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ts7x28ub04eq (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\x7m63rj717yu5hmrz055mlnb1dyoyo8caagbqgc0vjj (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u1g8jvgug (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w4pu67dtbct (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mds1xerusvnfgu86iw5bcie5rh6dp6voj73 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cgo8apfs5 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yffrjvn4v2xdd9h6jeng1uo5 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtf8tzal4wx6gh (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nptjxtc0bt6yovymd86xeigv0ie2 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\v74s9guo5xag0mtqgiapgd7ys5ow1nxhk7af0u9jbhvj7v (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w571yixnc5f (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eae440zuy4izba2vhnzi3lv8fmxefn0lcngse (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\glkgdoa5hpa5966k8usqcnce (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\g0otwwd6i77su08m8 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ao1sn57t22mka1ulia (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctydw1oag46f3z52dn (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mlg4rl2y0m0rzbizq7nph1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bn4sd60rmuwlglhx1kemqnp33kfsr1x0pwwwl28ds8ykvk (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ztl3lgita84notbmnui4egpj748f5vog8 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zyzqya756vqzk (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bnqlsgygb91c1tszt4a7hntziq4spddi8je7k1p (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d8qsm679vf8x6nqi5i6i3js3d4ot9oxq (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vopvihngf3jfl80owm (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autrtzm2rcezf3p7vvyjfg (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lhhwnryf8r8oltox (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fk7l3ottlvukeyuymuf2snk4r45at1est5 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yyeyj3zp2ofmu7ybao28ivf31ap49 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e6z749vc0p81p884gb17j79uwl68u0osskjxz (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\isbp1ddez0gg183c3lhgiwy56p3lgnt3tkt (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tq16sbj9m2im7g9wiv54f20iajchhint72g (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pyh6xzf1htl2sb4vo (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p2b79zudkz09gf6t4ljfmmlfidi21oz9bq2h (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tbrqr03vawcxevzfu52a9h (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ep1pe4t4st48brldh8i6d0 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\r8po22yk0cpn19xoiy (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xv9e3745n (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mowyjgygae8hygxm8aozismc0jxbfc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d525qwhszaakzei8g6tewmit5xprvwe5eunbh4s (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dspv12ygxmxx5cry10hy8dj9vjjj6ud1gu2l8yu47y9t (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agbhuhssux (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yhtva26xszn694 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pwl7a1iikklcy7csppqpf (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uqoyw03n33otf (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weso3idmtxhcnciiuf5x (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\awghks87xizqbvfgxz4fvfe5o50i1mi2u38l059fciwtg (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gazpsefogl4orsuoo1cqu1lv0ep1siojn9fec4i1g7352n (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ltrq3ua6uo3wnr407tv6rxdic6 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\k5kr3zlaslljwqigt0qyyhhfkjv (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aq5lg37pju82cpt5xyuze7r3v10rfi1elt2u2nl8p687mbf6t (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fgn1ltwik0nq1x4zxuef4vkvcfkkeasiun57w8abrio0dvpp2z (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vbr7oywhh1m01ykc0o18syzpetradc7tiv3bngxg (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c53hpfkslgjzooj9gtr335jtb1lxhwd5 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\q6em5e6ogcnhg32ezkurfxfh2otctozt9x (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lyudswce5bo54gjkhkd86hbs33t8iu047huppm2ssheb3xa4r0 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j1aj1gq0ws86020p2gw (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fdebyhvn1nnytrujqjeujyo4x8i43asv038bcqa7pmlaz7 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ql9t7dlk3pjl0i9pvtvypqgrhzxtpjjv8uc1t1p6 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cgx9tuyg6c8m2ulq9wt1v72kdx4nr1b2ys745w6jcxh (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ffskq1w181w6x6hdbvwuyxbfbknqw7c4smqbqo71u0 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tr9kwlvk3cyv7p (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iibmgqwaom94pmh67tpietn6kjtuv7pmlziq1zi (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eztxl3bmmp6rvqux91gf8erwd2boelwqur2gw67hr79fh (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\n0vgack558tngi48dvgnmt87us04h6v8h (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\blukj6ho5dg4vqs54i69h5ju14xwg0058lo1rutkn (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fdz9n56bkvu1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wv7ywcg218ptcr (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iphnrn8av3 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xhjxagy402x8o (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sqvzi8h02xhehvm5 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zqq3a5i562ctso7qb9s2k4plsacxfdfejdy7bxdcc8gp (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\i91wk6za06aqrbgpp6x9ffw5d7krlhzkvtl (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ehe12dzqn7bnzog62c7kiik9tznnyihqxtrt3rjds (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ckkoul5y3l1zxztnmutyzh6h4swn (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bej3i7lwyj43nuk (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hocle7smy0c (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\k679yserfwda (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lh95uajvrc62r2vvn4zzv8778ta (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\finza6cbxejg (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iwq3inywxfqe6ax34gyr2rk2pqurgz1r1dl3 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mhxuvftymiabff1vmn442pdvc62wt (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u4ijtqom8wtbdh5hxbjto20e6 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wwgb2yjnopgr9lrhrhz4s9by2v428wgv677z9ki8t4m93ph7j (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ffanv3qpqe3lk5wg5teronddjcnfdklmydntr6gs (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xa88d78qsct5e3opdftda3ifyxyz9pkbtfgwke4v5 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fsnme7hrgsnsnz3sa2z2az43jtqdbvr4q3hgvh1cmmwq8skbp (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\o1g4vt9y9m30l92lgkw6wcp93iooovw44cqs98o (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u6wslapjfa2jhwsbi6kt3 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siovvbjun20lo1ze1aeh171s0ykv5n54w6 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zc05ws75r0ekbaybhwlvcelwg (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\t5es431v4 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rg2zj38raeu886ij1mf (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\quo6gsjwnvavwoj (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\q1ozlhzyj916i1ih3z7pl2v9y1l4tljgttj27anmk41p0 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xmixkebqb5a0ajeelmbsznxus3zi4xtqxbk77eazrzztzc40ke (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ocsns9oy3wn5x5jpl2f35cmfme2v (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fn4yv0psenykzcowoljxtt9tpdu8kake8j179zwgsm (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\v5gdmmm3eoc3xq3qveky8hpd7pw (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1nkqtrej2woklziea5io9wnb5z0p (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ucxs8ga57b4de3tldi3t6x9v2irmlt76swq47fbmanbt768u (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hq0p80ru6z3hnmpui7mergvitcnnb7y3q4b (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yei472r632 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\khpyzlswg5gcnd40g5o47s6koy (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ijgn4y4o32qj9hv7uli2ot0vaa (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ngam7xyjlsb8h1wjl1se1mjze3k97dhe2f6ksz (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jjp7d3aupi7lw581kcwdm1mms19hag9w36k6 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sjk1ohjpn9ltbng4oqttiogyekubbpxalmfpgz0mhln (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kp5l6v7wc1kfv7954deq2o (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cark6568w7g6i968yqp (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gjgnq4kiomy5rylltp4tue8eyvham8bwg2lmbgz5iet (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e9obde7o8537zwr398qqlmdz9lkq (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a77eb4sfquv2vkfumhco68ddc5fi5qaj6m (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvhnrqfbipuqf1p9kp237pkhlqm84nf (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ei76dnc0t3fgz5h8ddyf4deorega7igzmvauiptr8 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sdiccwgnrwd89dlmo5fraaa6ka49fwtq9gmcyif3l (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adbyaohnhydrw16tm5dsdhcm21 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\grr4dxuu5o2co0w70nfn9gl1wfq (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u6edrji1g4vnp (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnk1yz1d50xqq8hpn5qftz (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\z3zr90b368az2ocyela8a0qeuv0zb98db6u6cxb07cl0h67zsm (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avnfvfgpv0 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kmlvyxjldp85c6zxxd34qbz8h00803hi0luz4l (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kp3achjbedozzfvcja9afbvbolwf7rw4 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnmbfwsqsifg8w3idwgdj93bbqu08um3t (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kfy2kqxt1kv8oug0c07e40114gmjmdq6 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms3krqdgjlsx1dxh8oq2wlyes2gbzbxbascpf (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlt5yn8odfd0ivfebs8p7xvy9me0o0e41a88 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iaq5b8al9vaavz6mv412lnwnk8i8ecflpfmfocu5p46yt (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\k379gp7zlup0d327 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cqscy3vpvv2ditbk4kssv1bqvzr16pg4q8epy (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\n4vni8q8adqi8i4z1ec5ofqy3fk1a80n6ju1nzcf37eptjg0yq (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yyg1h746zmxls7wsmj7tcexgi4imm9cmttir1rjyay5p (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\llo2u14dprx0w4p3ogxafmtlru1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yqbjz5djqv6s6d9e5vt5wgkllqqj (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wqv502nkb7j (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdhg4diwrhcan85g (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d89jvvv7zsrvudv26v1jj7xbbp77x (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qx0x3ynvkt1kak9zrr2bzef07fi5x3fg95py8gexwppb0 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\om7qffo5ap7ecbvvfupt8d0vtfu9wyij3rijmjyqkralou7 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jj6y5m9bn6oyk0y1zfeqs64frof6vyqy6s40r1kx99wlmuoku (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\n7dx5hf7p96bbik4u8jylm0zjb92ssei241n5nju1lw9c7ke (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b6r1njx11efjaf4q7wi4pqqljjord (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fdh06v3xir2ograhor4ckw66pu4a (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\giymwh7gmu423ct61g6rvzpgb890cc71o1hvug5v (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yv8zdjq8hz1qdwr06j48ilx1tk5r9qwj (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zdtu9oc1a950gl1i7tbzrfuo57j3p8stkjdfzrd (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\q2p0b8dealw0r52bz (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rjtj8qbcofcz04ql4msppxk0tvfc51fuek5dn (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\t0lrpu9h490g91h7j4qk3l4pnly07dta7nx7apjc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jzn2t2e9q1wg (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hwnyyj25k0bcewnmowif849u5cabe8gpqvaphzsqfmt4pcn5 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\deajikgtrttpr1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ehhdrhra9vrjak2h2zkkulcnarzclq7vm9eym3u7 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\atax8mle7sq6jjgx7pfck5gki45x5wjb9xhb8heap (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p89z8yiy8jv7jflf1k5lky9faq86dbgdzoun9gl93mipit (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\g3irszw53skby2w0dl5hj41amvuvkhy3 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d409c3fn0g (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lghsooga4vf4u8an9165hnc6mw7v4qelvj (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cx6zvnzmtrh7vl1oc0u1vrxpplkih71z1h4uc0arhfv (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gidyuyu195gfih3s9u67cx2k1nfcgvi5udvkuw (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a2jzmmj3uzdwsjzsjrgufqkgx8zjgkg8c9x0w3u06x6n04 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jwtgs8mikgizu0y6l1tx74yjammoyetw966w0f (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\p8suw75w5apq5yuwzhlhmdaqj535zfjx35w9b (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bk48b9crgev9 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\x6vzutle4irhwj8ghjhc8n0or8pc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b82cyrlu33so (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\x1cwfwfy10abg (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cl6neiaq3g9jgk (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cvrhrp2mdihh1h9ldb1whef1fibxxqwncav2jhqmaz69il5 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ujuvilob69vbuvbtkhywp7uly27232zv1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pr63or6acoyy9dh7kt3hicx1xhrr9t36v (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ofybj83v74c2f75vpcgmf2 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iguana1z8q1gmnitn7d375hnvhzallb9f3vb0nf14v (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yggoxc442d1fjozr30jhrkh27zxz (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\esy21b67mz7cpzjsbgsvqptf6a6 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kdawat (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxqnefy -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
\\?\globalroot\systemroot\system32\UACkavkyvps.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Nqamalolacihi.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\F H e L\Local Settings\Temp\uv6mwx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rqem93.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\g3s7iq79.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gyg72rv6bnv.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gtxnta7ss48m.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wqv9w8q9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wlc6nr2v4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\m207nrvrznq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b0wym9p9gt.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xqyk5rhs5tz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i9h3b1jl8bi3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rxu16o.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ckzgx1572hmz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\fq8nierj7c8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jpmsu8x6di8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\t3qhshdw5jk2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lqz57kxf7d.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\o568tzqztpi.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ahbpqqc3x1dz2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\znkmac5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\m503svpga1toe.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xojmy5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yyok6mb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yz588v0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wgp6h9s8pfa.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b6l65gl.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\winlognn.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.MSAntispyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xen5dwxvnymz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\r31wgkl39e.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bwco08ddn8ef.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ep786ouu.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\boljbe5vyyg.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\hs1ainkrpmx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lc1bf3lj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v94xubtezwy6b.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jmfqbwmgqqq1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\brbotszbg.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u8iep3g9xnb9o.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\uy4ujnkzi.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\frp0ocbd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mldihq0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ajaoje7z2i3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\d8jv4rau7u.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c4dormo61a.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mrw9qxu4aojxd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xawsw7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bzra939s.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j3k9tyi1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i02ts1v33.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\a7b5qu.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dnmza5hoemq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j2tjfka80y25.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zkt16797.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lnwndnz052b.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\m2kk47g40zh.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c9vqpvw02hyw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nse9v5yt5zyno.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ygxcrdo0rh4rr.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\avroe8jv2twui.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\q8p3fxdgtb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tn37ubzbm0qm1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ek36r4w.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bfr6b5knwc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ljarep4aq0irz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pyrphfmgzbj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\guvfo1mo.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kojghwb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rixik9te.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zr2h13e7do7x9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v79jxo69qi.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\db2zy0fz7o.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bbpa4xl5h6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\p9mgp4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ifyfwq3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\so034ie78.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pjokoj24fdac.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\znq5nd8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\o14i9g5ft.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b4adike.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mnhgytsat7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wfv1dmasvv.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tm71h9c0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vws7lk0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mxv049.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\o24pspbu.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pc9nj6vmy.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dana4u2tuqh0t.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\huzcy6iv.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\swzre2c3k.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rrdwdjx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\n21vjnkbwvm3e.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gpddq9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j4rh5608s.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jj5413m34elm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\uxtnrvcx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c6hmrpx5o2s33.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tnop0es.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\arxus7art8q4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\x3luc8y.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rjf7e7wd6xu0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\stk5m7go7rp51.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\hr1mzxev49pe.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\q9htg85dcx0c6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ye7gmyo.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qfxkbk.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dm1eoyv8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\byg3hu5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u49logxe.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ixno06zoqg5qz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tpsn00k00s.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ei6qcq3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lo3azh95rc80.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\idxj1s5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tm2zimq1irpb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zwhjpnav.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gv748z.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dx0kmkbn3h7wd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c6z41ll.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qa8jfcree.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ldci7c8zs.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\etjk3e.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c0icddiitdmc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v6uukitkdktad.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\k9dvnpw5t2x.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jz8xwpcus8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\aw9u86mum.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i4o6d4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j5ooakr04e8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mpebmx8yqq7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jar8edb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jk5b3tsiprt.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\a3wcy907sa8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\es8db5d2fgyfm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\woferantyaap6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\sz3weeayb4k.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\hxkdr4p58m.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\owafag2h.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v9yg3ur.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gsyzq4tr.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dzazdn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nroksg.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\stqmwoi42du.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ux74scgr4ysh.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ttixf7b3yt3k.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\y8m69kdn2b.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kgoal84.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jpjcur.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bog0cc9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pa6nuis1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\oamc2g11e6n9t.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i7k902d.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\g2ekq07yg0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cz2mm2i.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qbgpys1r8ilp.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jys75xctspsnm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\uanah4vmod.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bzibuj8hbj8a.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
 
C:\Documents and Settings\F H e L\Local Settings\Temp\b9dv0z8y.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u5ba15jjv7frp.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\psde6qarq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\t0pwj5nmdd7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qcdw36.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\azfh2hhyt.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tm8z93s0dd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b82o87l.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\o3yesh58fouu.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\oz03su.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kf7qvawk8qz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j52oef4oiz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rjq74q.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yde8xljc8niki.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\o0xax8np.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v3q81nv65bt.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nzx90smxo5m.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vzncgk.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jw4bddeg.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j6zv2tegu5bi.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ccbd9fp347qkt.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mubeisqjn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jbiysajuu5y.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gxb2plw6c.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tvq4wyej6v.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nxfuwb0a4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ej03g57dk.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\l8tfhvkl9d.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bzyu2l237p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\sq4qeyim.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\sc23qo2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\smxnf4js1va.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\shlnz5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\oxlm286xe.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kd9ofa.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dox62el44dtn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yqkhfvriiwsoh.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\uxm3hw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\batlrr8g48rll.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c1yjir.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\iz5m46l.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\q4v9twp2y.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\m3vrwzkkqqkj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\d64xem3byk2oc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zmbga7vube.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\a1sehnr8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wyzgut95qclw7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vtdlcpndhxo.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v7yj9qt.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jwtsnu.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ml2i872r1xt1c.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jgqzs8qo.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wayy0rs7yax2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\d5z7wu1u3f.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\l9bnxpvtfc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dfkbvsbm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b69904.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mkxs7f0a6s.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ssifiaa.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\w3dhlnb3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ozk1ks2u.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vyrm34.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qevu7nx6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v4qdhzb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j17ces885.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ct2vuvoo8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\q0eex42.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vvchu90rdi.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cdj2d4u3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yklofmm3i.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kd95td87mpq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yu6be5m.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i31wtux.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cjitrg99o.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mn1eqryox1ee.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\guxv8o6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\z09dyth7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v3zn323j4rd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kkg4xb1q19.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yidaiz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\sk6qwkwuulxse.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j1dto9a.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xeo35u.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lcl971rx6g.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\hx4bj2ejcgzp.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b9jvag.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ufvuh2l.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\q27to7di.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\sstw5d.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\whpewnr4hozvq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\a1pwtkswuo.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\h5rhsvhb36mgt.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dgwzfz4gg0f.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ziml1i1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rjcpq4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c2v8wei.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\h1cohawhmp.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u32tl0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ryqt512wo.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lzm2v8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j7iktl.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b3pl9q.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\igdm2l7ipdpmf.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\suhb0u.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lrodwfyrd8h.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\of0dteau.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dex1bziaw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rgxkh9k3zk.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yallan91f.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kw4muuc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zznnx1f7sfnpr.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\f26qzfkd7el.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rhdrmnbvb9mc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cjdasedoer53e.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qqptvnakawr.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mnwvr823.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\t0kdk3r.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\q2dtfo.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\p87rcywnj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xcj7da5w0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\myc76if6qqx6o.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\br09ans.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qicp3fgykq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\loetp0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xh2amrta.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\snlerc1ic2jx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\s9nyht6wv26.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\k5bzgyxnewi.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lfgxoyhyf9dp.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mc4m7mv2kgm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\llzog5brjm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\w4z7mfdkm4r.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\at1s9tj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\enpa2o.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zjwu1c.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\sptjmpv.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\k2wdo31.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i7dir79s.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j8saawpvvn8w0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\al33ahix3h08.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kih8f8ot55s.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\l9m668p463d7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\a0h7pen.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rr2dn0z5xnhri.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v6jbbzv0rny.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cwsjc9i.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\uszkse9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bfi5rpftiu.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\sdjtzexs2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cb9nqcn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\d8xc5p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xalbd5n.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vl3f0djuyyzs.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u72oysx8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j5j5biv.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\iee7k1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kap07w.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\syy6wmph.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u3jh3qydz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v8tq226y95vn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c7jblejaph.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\r50sy4hhm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nv2e05ql1d.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\chevau.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jb9gd7i.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tp6l1y.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lcwsg1pysub8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zoavsrrr7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vaq4965mpom2j.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mwzrrc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tv6caoz8uuk3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\fout7f.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j3brvvh7spf0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\takzpl4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\l9hn76cj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\n74w12.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i48452w3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tsrq1tmt.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bwowgwg8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ucr8yqnlbqt0h.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lyc0ikborz5ax.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mkm9hw29.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mz0wwto4d3f.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\n4prs7ionl.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c7pbvzbn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v9fxhxi6gxj0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lmgtw2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ve1yl927.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\sv81e8v1yy.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u50asmlz9tk.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xpqeni2xv52.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\daw8nsancnkwo.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ivg8vhrusuhq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xmbsen6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ttdegof1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\an8zj1gau.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\haakicmp3p9t.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zs057yiu5j8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vdqrthy.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b2se4c8bxvw6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ccxcvcsmypru3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i1zzn72nw7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wjtcdqj3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gnceckpiw2t.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\o620st.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wavgco.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\g291rh.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zkqji4acgq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qbb6z95p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bjaz0vm5wx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tr50j11tmlrl2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mx2p4e.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\et5j6b.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\t6jnfy67.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gkxs3pt.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\z04ugrlmw9v7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ko6xvibtza1b.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\z5nep890wsi.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\h9zuq33zr6a.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\duiw24mvjy89w.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ubpiuth.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yq6gisdm2s12g.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gqwjh18q.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\fzrlqko.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jam6txp7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\uho9p5we.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\t7jbhoc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\t27b1p009y.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lfvchurrss.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xrjteldvw4zz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lkefqbf5s.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ab9g9hutigyw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tylygm5v245ud.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ec92ws3p1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c7k9wcpotb9z.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\uzc01we4e.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\m02lqia9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\h71wjy.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cimke0ovg.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u0co3mk0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ykcp02lstiu6w.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xfqbijpz12u.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mxnzhneukvmi.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\etu0gs5l3pfb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ii61to.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ls1lz4ixj1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\swaqrxh.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rsljesc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cmnd2qdi03azc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ay5r26jw7s.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\khlggeb6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kd6noa9vbzd1g.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bemdsvl.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b9adcd93cz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pcjjdj9d1t3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lsqlq4kw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\twj1agt5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wg9o5cr3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ekl4670c.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\a09629svu5ami.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\aanuy30xc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kjpegh35fc8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rddwqvs3v5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ktkymxk.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\je30fhore.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\riwgzcx0v.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gvak8gh24c1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wcxc8mlfbc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ttg1ksljql6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\z16jtg7rx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\t8ijxij.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dc5uaktp0p.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\h1wms86l4r2m.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\oekn23at6va.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\p5pltkb47p54.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gwarrp6ypp.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\o037bkf76v.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ynmsavlmfdz2u.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dmmc45qd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kq5td2oqvv3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\z75a7smesd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\klttx3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rfhuqh1li1tdw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\g6cvqng9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tu43ku3mmjk.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qfe0yfa207.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\x9l1raz0g.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pas5gwv5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mmg50xj26qe.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ujn9gm0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pwup6dj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lhurzxno5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\a3ds24q.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tqpa9q1b.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lmwb8vs2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zkaha2zqkkpl.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kmt0gc1jn28cy.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rghi97qh3e1v.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zucl9h9i33.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c92oew22pwb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jmq6oarj58.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\etphh990.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\foktgbir6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qdz28a3nybtkj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b1i541a9by8kx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\h05febd2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\iwtxvs2r.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\h12mjpnul5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\o4vkn4cb8bprr.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\h6l696s84.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kqut4ngkh.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ayjp34.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i2conz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ppv9ma2z6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\envqg006.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yur7yxrn9ii.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gyk6ishwqo6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nbrob66u60.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wlnpwr0w9dm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\z0kcbo.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jjh1pwgknqxw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u20kc6idq8xny.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j50lfdly6qk.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gqt1tyse1e.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vho2t472a2y5x.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jfeolt2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pi4sgp0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qxl9n5waf89cl.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cqqq1wi.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xr9rxjl8vk2e.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\h5hh1req.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\a73l0b0cj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zx57jt9vpf.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rtt8iy0m89.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rpqvxv5hkfcim.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ztjuyqvq1l0p2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u44icsrc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\m0sjsxi3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c8xyd8qz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tzi4b9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nwz19v7s.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\t41okq0cvr4ld.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ppkqda4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mrd6rv.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b8unll962bjd1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xtdpxmd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jm16bdzbm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\a38932uobm3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ic3sde8bbs.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wftyv1r20mw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\shjkh3o.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vksocg5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j4pen4yixz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u68xtv0b0h0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
 
C:\WINDOWS\system32\cbXqNeFY.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipyjwg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rjvrfd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rmfijnsy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACgoewndjk.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACkavkyvps.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACrtbpktav.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACtooukwrc.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\wpvnhs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qiedlmtg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pbgtfxtq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\deeaxnpy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hggdcyvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cryhob.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACpxbrdylq.sys (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\5016805.sys (Rootkit.Agent) -> Delete on reboot.
C:\cdxaeju.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\cwxwwgtl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\cxfagn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\desae.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\itamcndf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\pfkik.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lfagxy.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lmqeuj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\flzp3no9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\fmvxpv8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wqptid.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wzanmh.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\x60z43u3wpz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\x7b6h2cr75z3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\2098278692.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\glt1gmx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gsng0l.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\auigbj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\awkdhpkvrso.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\thoyr7h89.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ti55axnn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tjydzas6r1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tl0a5x4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wb5pczax9h6ku.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wdd39mo5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\we7gdk9pzx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wekulunc5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jcimu0pqyi.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jh16khd4y.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jkgbtcqju59ez.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mtia07tv02axk.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\my67wid.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\n9sc683.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\chjx9dwcsf.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ciu4150si6u.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ckt0jpwpea.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bmhlbswd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\sb2w7ywf.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\hz2sv4ub9kwt.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i19149utev.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\p7qktpq8fj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pdqb2wk1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tsu8pw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tvbvs7va.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tw2lnl332p5k.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tx4a0ap8m.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pguxlrifa5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pinccutus4q.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ebqsf5i.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ed5qmrp88oxw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\eeuefhxm7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\eg9v53.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\eh9joct1kr5ud.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\eklo2caaoqb5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pwo9s1r1b6gny.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\pz3e1wngo.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\q8a24h6n1qru.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qm214jz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rf0e3mujp.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\lasuzygz5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\agvjajb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ahvbjn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ajz5tv9yg.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\amea2q5dt83r8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dh381fnva9v9l.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\dngzj5fpj0l55.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\sgewnx8ixif12.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\siiu40hh.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\slxgdedwgi2e.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bsbvcioq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bshc3z.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bufat4xp7p6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bwppk784po3e.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\bx0wcgvkyf6g9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vd4sq3c.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\velz9c.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vvsj2bud.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\w03ebbbq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\w4oodwfjh.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\fpajyq4uy88.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i5fwriyi8h.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kh40cj4nzceo.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xbe0vi.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yh5letkaiw2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nqodq7h.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nqzwzqf8o.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cui4l6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cxxqu1k4ln.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\d30sea5g7u2.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\d88ce8ca.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\da1rmb683.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mmtpmlaki.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\moh4h2ype.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kcs0wks.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kdko2w6rr3l6h.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kerwe4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kgot75uen6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zqnsox11.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zw6jgn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\UACc2f8.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\uamcp6p8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ughkzungx4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\umgt07fl5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c0dteumx.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nt3iz2d3fe0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nyhj90.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\o5jb1k79ac2i.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\o5pbb19p5y.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\aptwblis6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\arsbtoe6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\aucz1266.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\r1xygyc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\r65igwjhh4qv.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\r9k4prfw.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rahbd5p56x.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rdyhxgiaimt3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\h0zz0z.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\so1lwq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\spcsozf.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\stv5v7e.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\su1toxmks4x6.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ddkcu7odvmgxn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ddvvkqm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nl5t09ta.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\nmg0sigqs.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\esxu2my1a23.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xijy50z.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\xle300.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\m0a5d456z0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\m89snec.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mf88qhen6x7u8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\w6m531.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\w7xcva9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\w91rcwiym4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\q8c3fg3whs.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qbp7dc22.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qdo3vff.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qdt5uybk1qe.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qg384abe62j.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\qjcdmo5u5.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\jvolm2ey1g9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\k1qpedtd2t.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\k2qdxmzsn.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\k4ube8rra2aj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\k7fxxk.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\k864byefzv.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j2n25k.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\tzhqfgzi.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u01pqrfxk0.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u2z6gdm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\u4nlbua.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ky0kwizxkwa1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rg025c0y.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v1bau1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v4fwudm1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v5n38rbu2u1s.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\vaadczkxipl.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\obzlfwmwmmy4g.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\or2eaicnacp.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\owgf1g.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\owly0z01tc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\oyedr2bzbus.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\p4by1u.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c75u3g.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\c8g1cpj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cadfjtzz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cbvnin6h.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\cffzsa4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ysowwhjh.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ytz3oqnxv.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mr0rwf5w.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mr7qd0jwr84r.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\msix5s6chz7a4.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\e8m6wakupoa2e.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\eaflnd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mindzc6co.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mjykrltsek.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mgjfiq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mqeio6edu3.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j6ovtagw8r.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j6vfms97f4hh.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j76me1dn5ckj9.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\j9akvn5m.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\t024cgq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\t2lcfbxw62.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\t2wcobvxbgvg.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\ung02x40.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\uq651b.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\usa31x7fv.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\uytbt41.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\v10rliqm8nbf.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\i906t32b3kq.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\khah306muy.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\kj8ytmd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zb95s0wno1hl7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zeoa1vslk.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zhpfnv.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zltppgy.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\zn26ol.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\fvqtc2j0axeb.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gj03pj.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\gjumy21k.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b6esz665n8.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\b7pzrfalwzr.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yc315cfwiwf1.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yf7no7.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\yh02wao.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\rksfhfgjcqr.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\royr4o1r6xh.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\wj7urcxz.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\woqx0tl.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\UAC14ac.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\UAC3e2d.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\GPHHPPKC\lsp[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\GPHHPPKC\pifccddur[1].txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\GPHHPPKC\upd105320[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\GPHHPPKC\divx20[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\GPHHPPKC\surboccgqn[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\N98EF34E\ccsuper1[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\N98EF34E\ccsuper3[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\N98EF34E\khreff[1].htm (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\N98EF34E\nkuyivi[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\S3HEXWK5\bluivja[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\S3HEXWK5\scijpzqww[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\S3HEXWK5\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\S3HEXWK5\ccsuper0[1].htm (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\S3HEXWK5\ccsuper2[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\U9I5Q6C0\ppzzra[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temporary Internet Files\Content.IE5\U9I5Q6C0\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090221103915859.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\upevoyoxajijohap.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wvUKccDw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\F H e L\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACmtwutfut.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACwnsqtobi.dat (Trojan.Agent) -> Delete on reboot.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:04 PM, on 2/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton\defwatch.exe
C:\Program Files\Norton\rtvscan.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Norton\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Executor\executor.exe
C:\Program Files\D-Color\dcolor.exe
C:\Program Files\miniMIZE\miniMIZE.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msfeedssync.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\executor.exe" -s
O4 - HKCU\..\Run: [D-Color] C:\Program Files\D-Color\dcolor.exe
O4 - HKCU\..\Run: [miniMIZE] C:\Program Files\miniMIZE\miniMIZE.exe
O4 - HKCU\..\Run: [csjmijd96flzjwbfkdt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\x3hvbfjjtv8.exe
O4 - HKCU\..\Run: [ml53hzopky5mipv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nhyyvuj.exe
O4 - HKCU\..\Run: [iw86dw5i52qpg2abdbz23egctf2a28f4pmcpi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p0ak6fmi2h8.exe
O4 - HKCU\..\Run: [x0mw5tjuozfwippivvn2sl6cngxvtibnen4vhw] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\m7v1ftwy3yds.exe
O4 - HKCU\..\Run: [fbu1wi9mqx15evz9seac4dr4dhv7cish] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uesmi0.exe
O4 - HKCU\..\Run: [fh0nq8bfbdnp0vwyd9gyw0khjqtn1t2t] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nkalgmg3q4dc7.exe
O4 - HKCU\..\Run: [i5ncfzkqx94lxqfge] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cigjktg9i8.exe
O4 - HKCU\..\Run: [xhq26mutp453z5yyre2mosrjt1p3t3qabnyihbq4ry0trbr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ok8d9mu1h6rr.exe
O4 - HKCU\..\Run: [va56uiw5v2vky1o2kva3mbeaf3qp9tscczn6tje0wclmcr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fh452ttihhg.exe
O4 - HKCU\..\Run: [hidh0uewahesyrbuen1x3ew1azthn3mzszo22doao] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\royjhktogfcc.exe
O4 - HKCU\..\Run: [ki3tl3fuef588hlg8mk9fjluqjub3lgssr3t6oqcu] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\x1bzxx7p1y.exe
O4 - HKCU\..\Run: [jwx45bubt43na8yo6da66bhsc3vp2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\stp1me2.exe
O4 - HKCU\..\Run: [evd68kpgf8xmrhruyc006] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\de4f3oqegc8dr.exe
O4 - HKCU\..\Run: [knwfbf3aglv15bajyn1h9j6t9u2yp51kx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o6fvbzdp.exe
O4 - HKCU\..\Run: [nfln919pciqaxn8emjybaaalu9cfi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ly9degonpw.exe
O4 - HKCU\..\Run: [wexmcsfwkvvw2iluawj6la5ic74slncm1xj7mr9wc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ellvllzp9kj.exe
O4 - HKCU\..\Run: [tam0e75vpi016e0la8tw4zkysepoo7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ttngeq7o.exe
O4 - HKCU\..\Run: [xdw2dxi3h1gok408d8mhvmhojr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\evnzk09hs.exe
O4 - HKCU\..\Run: [fq4b9v2gk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ozpkjuy0rg37.exe
O4 - HKCU\..\Run: [sxfus7hjstzoz789v3vh9986rtrn2t1mtyzc3972zt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wiwnz3t.exe
O4 - HKCU\..\Run: [yxzrebbx5yatqswfxx0pyefjz9h1v4jn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xen5dwxvnymz.exe
O4 - HKCU\..\Run: [hz9pevghjfxblzwaquofdn9rojuq1rzncxc0h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sz9dovcx6.exe
O4 - HKCU\..\Run: [ahxpuihzgnab2c2k1e83y31dg60lcia] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j713fih2e.exe
O4 - HKCU\..\Run: [kep8frp1nco] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\eo2iowsul9p2s.exe
O4 - HKCU\..\Run: [w3xi6cbn5jbfqx7hjnup6sho5c7d8ylgfmsm1z4n] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\scx1r569hxu.exe
O4 - HKCU\..\Run: [ymf3ff0f4mupexuc7iz7oiktj7clkyhxcbq33jkm] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mxqh5qd6vl.exe
O4 - HKCU\..\Run: [xm972eeoitci] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\azq0b0fzy3i.exe
O4 - HKCU\..\Run: [gljnudmq7wisy8cmb1miamwsrmsd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c5fd4sr.exe
O4 - HKCU\..\Run: [kyuu1x56ysizqewgbnxwnjln89hld55n5d3ho60ku] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\eg78awbfx9rr.exe
O4 - HKCU\..\Run: [xo24ffzb4pvorn1549suref] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\z660kvtfly.exe
O4 - HKCU\..\Run: [er3i359chj0x00vo8nr4xhvnumc8nxiihkn1gpc1tr385lc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kupmg3jm7g.exe
O4 - HKCU\..\Run: [lsknx97qg6qweg0e3yho1em00qwe] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cqwnf8adqa.exe
O4 - HKCU\..\Run: [pv6ag7lx9v] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\neyqbzh3ts.exe
O4 - HKCU\..\Run: [p34e1wufi9oaiebabjx3k5ut] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ysm91a.exe
O4 - HKCU\..\Run: [ghjwshjwa] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\njhtkgmht.exe
O4 - HKCU\..\Run: [fvneugu4p] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\q37xwc3fy.exe
O4 - HKCU\..\Run: [k2l0phiomm9ulo1kobnjjnbvbu9gfyc734ka2pb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\em7g23581m.exe
O4 - HKCU\..\Run: [yqhtzjf4rw86tykyeodwrrjf1gmlw1e10xwkzcn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\a7qivn9u7m54.exe
O4 - HKCU\..\Run: [lavk0ippii3qa2dpit9eq63p52ngkbhpwql] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\pyl2eto.exe
O4 - HKCU\..\Run: [vbxg2l59ax1tblbho2xbi5h8g74nhvxqt679oyp11dpqloc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wq16akzrbpl.exe
O4 - HKCU\..\Run: [lvn233rjwr4niw4u7h9e14wsxqxo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vchf8zd.exe
O4 - HKCU\..\Run: [oh4ibn5m0o24r1ajnqjuu] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\z6c0ucve.exe
O4 - HKCU\..\Run: [e6djm4qmg5v6vmryynfgvulnj3kwchvbc2ygr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cgqk0svvsqqb.exe
O4 - HKCU\..\Run: [n8ska376xs1vcwl7drkh4w7mxeihybbiv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jk95z31.exe
O4 - HKCU\..\Run: [dfq5y84cc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v82mgvbbcekm.exe
O4 - HKCU\..\Run: [mqf5u4lb42j8p1ugql32iareditwuvwv5g6p6owk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u8s8vu8.exe
O4 - HKCU\..\Run: [rmadp3z24dlnsvucin6eahja3ykrhfku0e40u98tllmxi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uidvu919nqpcp.exe
O4 - HKCU\..\Run: [efbcuelkll0o1hmflmspiwjj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mqpwdfgg.exe
O4 - HKCU\..\Run: [m971w231n2gaocexkt4qyvdvrp74geyhn34y1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fw1ekkrix.exe
O4 - HKCU\..\Run: [crsz8omn5k1ykda4g1hz3vgj3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\po0pdlupf.exe
O4 - HKCU\..\Run: [uaqvk6vmyydajuhusempda4ltx8toay] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\r31wgkl39e.exe
O4 - HKCU\..\Run: [ln8yoh8mu1nspf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bwco08ddn8ef.exe
O4 - HKCU\..\Run: [wi7kc06nn5kwy9srfxpeub1mkz37arj59wtt9jptpd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\x7hnnc0ih2.exe
O4 - HKCU\..\Run: [ubtau15rc0xha6bisljqkf77n6qocshcjnbab3c1z4d14gtb46] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mt0oqj33.exe
O4 - HKCU\..\Run: [wf99pp3v2j210tk8flqsv8dtjmun8plk2d] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ludk3cm.exe
O4 - HKCU\..\Run: [vre8vb305c7ifua7pqrreeqf1fshtnf3f] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cx3q4im3.exe
O4 - HKCU\..\Run: [asg7dxsdm2t91jaqe7thcd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vdashkemt3oj5.exe
O4 - HKCU\..\Run: [rhefwpxpb1lke5at8txhzp] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kgttkr07qlb.exe
O4 - HKCU\..\Run: [whu2xquxo1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\boljbe5vyyg.exe
O4 - HKCU\..\Run: [co55jqxq9oyd1g6c57] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ems3xthfkrso.exe
O4 - HKCU\..\Run: [pz1ol9kl4oo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b3zrg6.exe
O4 - HKCU\..\Run: [bqlkrtwcn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d3ps5r7w2.exe
O4 - HKCU\..\Run: [ayy0j6ol5azqnu3u6vpyzma454] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hs1ainkrpmx.exe
O4 - HKCU\..\Run: [jbvwd2lda7np5gb7t3su6vzs91hpm3qfmzy] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cxs7vz.exe
O4 - HKCU\..\Run: [dmu3z3fhp1jim29j9sth02m9jownth1ky] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v94xubtezwy6b.exe
O4 - HKCU\..\Run: [i5zc9yxgipjk6jqhq8cq31alj5yuugphs3ka3h0h6xl] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vvn0oicj3l1v.exe
O4 - HKCU\..\Run: [ckbz5uih77i2gu94rm83s7q72wbpvl96vabos03] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kmi13yd.exe
O4 - HKCU\..\Run: [wix010yqnk483gb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dsuja3oi.exe
O4 - HKCU\..\Run: [suq1io9ulh3vcf8n] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v51k98f9.exe
O4 - HKCU\..\Run: [j3184thqyjd6xd4uws5cm38] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nwdl9eux1qk.exe
O4 - HKCU\..\Run: [ql5yhynqnsj65wkvzmn2bdfoy48peyr4go9gu9p6gfh9pe4] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jmfqbwmgqqq1.exe
O4 - HKCU\..\Run: [usk0p9aajkya9z] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jy3qzno.exe
O4 - HKCU\..\Run: [nzwb3ixfewk7fo6riq1821gv17qzqxw22na] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ql5sdrgs6l.exe
O4 - HKCU\..\Run: [sh0kd94waiycl4g] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ee0epy3.exe
O4 - HKCU\..\Run: [cl92p468imcdfrvkq786u8ltnvlqg5moa19oigbls3801x] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ejjyff.exe
O4 - HKCU\..\Run: [dz9m687ckp7j0f] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b9oe9zrpnb.exe
O4 - HKCU\..\Run: [xbhf3r8ibnhil1y5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fgnpnoc63md.exe
O4 - HKCU\..\Run: [y31xtpxx7fnf6oq8v8fkf8u7lerz3amnf2t7cadtged5r] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\brbotszbg.exe
O4 - HKCU\..\Run: [zapw0zv3j] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\w78c4t704.exe
O4 - HKCU\..\Run: [c6slf91pshk0keqv6enqfsp] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cse64kfq2nz.exe
O4 - HKCU\..\Run: [xwqnr266ahnfb6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v828hm79.exe
O4 - HKCU\..\Run: [hozy3n6qjpokunfmhggeer22uzkg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\oee7oribi.exe
O4 - HKCU\..\Run: [auxkxp646vv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u8iep3g9xnb9o.exe
O4 - HKCU\..\Run: [arj9ji0ydb4x55myaqojs7htoe8tp85] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uy4ujnkzi.exe
O4 - HKCU\..\Run: [r0v9y4lxrzex5x7ukq1twf0im8z3rbroj6sys] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\upphi29.exe
O4 - HKCU\..\Run: [chflux04n813eqtcr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lgr4g74e5hgrc.exe
O4 - HKCU\..\Run: [ac64e3ep2s3qminjrfaw70vh6b002] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ajaoje7z2i3.exe
O4 - HKCU\..\Run: [wtbyz1bop124j4de] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sfhpijyqlcw.exe
O4 - HKCU\..\Run: [ycsl9v4f3txgguf5oo6lhuhi7mp61j3963ef4avk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lvorv4q9.exe
O4 - HKCU\..\Run: [tfogis7cdhtezdbt74] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d8jv4rau7u.exe
O4 - HKCU\..\Run: [e4g3rmd4ll7dptw0vjavdgnr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zoju7b92dulqj.exe
O4 - HKCU\..\Run: [hjnih3frph7mm6a26tum6c0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gsszz4rsc6.exe
O4 - HKCU\..\Run: [ifoe67k9b7qh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b3u6u64eo6wtt.exe
O4 - HKCU\..\Run: [axrzqcf6yode1eiz9yvhi6yzviavcb2fmljz2owbm6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c4dormo61a.exe
O4 - HKCU\..\Run: [k3eookxekg3b22r50bxcs0n7ryh38lzxfzyuh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mrw9qxu4aojxd.exe
O4 - HKCU\..\Run: [bkqhgxc5yt471z3qqe1dnhfk7xwkarfd54ehif4s] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fe88gj.exe
O4 - HKCU\..\Run: [r1u0ip3etr54bxrjm96o8nnkx71cl8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c9w80ktk1.exe
O4 - HKCU\..\Run: [ka5kjmas2zqju1h4jk5bhjifnjzhgubhynq2d] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fgc6x5e5h.exe
O4 - HKCU\..\Run: [go9jlll0hbqe2or3sju0bamt0k7s8bxxt30ue] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\i02ts1v33.exe
O4 - HKCU\..\Run: [gdrv00idqgnfzk3tsslzkphgj4qa6k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o0mrop.exe
O4 - HKCU\..\Run: [e8i41t8d97l7r539h31nxvwvk9eqs76z565g711dwl] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nv0d66trvxnp.exe
O4 - HKCU\..\Run: [vb5loy3movu7xm5v2ifosvl2iocqh9ypcdjys9us7dao1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\oa8v1ix3o.exe
O4 - HKCU\..\Run: [mf7kpb5e6pz75bqj9jh7f0sgpzipwprbem68m] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u8oezkipb9g.exe
O4 - HKCU\..\Run: [jh9cgqouv1h6diojyc9auhtbljo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dnmza5hoemq.exe
O4 - HKCU\..\Run: [ykf72kue937plj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j2tjfka80y25.exe
O4 - HKCU\..\Run: [gkmm9midynm338vob7kk597txw99wtg0c5v9bis] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c3mydp.exe
O4 - HKCU\..\Run: [bzb1li4tyg7mfola52pt3z3mujsgty0gi0fu4] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p1wtszyeps.exe
O4 - HKCU\..\Run: [dfbfuv3sbdb6kin6cqrj5iydh6rynl9ugrv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ce4s0i.exe
O4 - HKCU\..\Run: [l4gqg1hbdmz69pte0vkcte0cemgy5qrpmwevtq492] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mn6xptu9.exe
O4 - HKCU\..\Run: [lzo0mxf6et0mt1zpz7meffr4r] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lnwndnz052b.exe
O4 - HKCU\..\Run: [ndsnzlvul9w88nlb1hrnk9djw4seku4c48fzj34oo41xjz] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t1a5n2agg.exe
O4 - HKCU\..\Run: [bhp25ruuj8zi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\swor5je.exe
O4 - HKCU\..\Run: [yczpbq3olwu0yp64l2bms5aluqx7u69p1rqi7u4y3lic54b] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hu58z9.exe
O4 - HKCU\..\Run: [djs4be4zmlf0il5h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\m2kk47g40zh.exe
O4 - HKCU\..\Run: [i9syz7lerhgybsu6t6maxj6hx8myma5xgvbbt8vxvttccjnje3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rc598mdrlh.exe
O4 - HKCU\..\Run: [m4wehwxxxv3zorqjjifoq1zd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o7tqsn1osbidv.exe
O4 - HKCU\..\Run: [nyhtvek6f9j4e519kmcw373] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\g30arssfb5b6f.exe
O4 - HKCU\..\Run: [zgddd7hfo3oid95] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c9vqpvw02hyw.exe
O4 - HKCU\..\Run: [i5hr61u6qseux1qg8b378jia2xk2dowuey0rz5ddupxy8zaas] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nse9v5yt5zyno.exe
O4 - HKCU\..\Run: [vpqgpsv53u0y2lv3acg3ozjxhv94] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v1qs5ycgm5s7.exe
O4 - HKCU\..\Run: [kt71oes1d9vuwyiuiy6636fvvyy2m10] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ygxcrdo0rh4rr.exe
O4 - HKCU\..\Run: [denya6sffxa8tt6wh3uxrxodz9b4c] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cabxdq.exe
O4 - HKCU\..\Run: [nxhtzomokaj01g364xs71236ga2s9qr9fomef43rzg2u58] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\phk5oxt5s.exe
O4 - HKCU\..\Run: [llfc3geg64tsatllw3qo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\avroe8jv2twui.exe
O4 - HKCU\..\Run: [bbjcb16puo09smwgtaznzxjhcold204a10of] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\q8p3fxdgtb.exe
O4 - HKCU\..\Run: [py1ooulcggqhmjodm5hm628w01zvnpopekfarvi6zwyq4] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tn37ubzbm0qm1.exe
O4 - HKCU\..\Run: [iek9zrg77i5ziz7e7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bfr6b5knwc.exe
O4 - HKCU\..\Run: [l9kw1bbxtqqxcdj9h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ljarep4aq0irz.exe
O4 - HKCU\..\Run: [g8f8vunrx45mvo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\pyrphfmgzbj.exe
O4 - HKCU\..\Run: [tx6djd5k5vgntr9j1vngbgp] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hl0dfi6z1.exe
O4 - HKCU\..\Run: [pw64i1llwqcw4hjra661mg4jkcr25hzr8zi47h8h5y6r3avjyy] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zr2h13e7do7x9.exe
O4 - HKCU\..\Run: [o6j8l3pjrv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v79jxo69qi.exe
O4 - HKCU\..\Run: [h523azrms8ap4ib8vrw7j4ogh5kj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\db2zy0fz7o.exe
O4 - HKCU\..\Run: [qxjcj85dyc94s1vgoghf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bbpa4xl5h6.exe
O4 - HKCU\..\Run: [gdj7847gzp05e4qqt5av3cz60tme86wxi4lx8d3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jf19osueyc.exe
O4 - HKCU\..\Run: [sqd08lf04isi07vpv8h03z0z42uph9g0ve87saua] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xh1sb2w71us.exe
O4 - HKCU\..\Run: [ngklwbhyc25e4hksej95] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\x3kck01lku.exe
O4 - HKCU\..\Run: [ci4etsedh50bhqyx637atzgdv8flhydloky9v4fqlcrul1zd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u83wahpzk.exe
O4 - HKCU\..\Run: [y33d88ky29fd378d3bqp2vjpj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ty51ciyi9d.exe
O4 - HKCU\..\Run: [d6sd0ltjtznf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\so034ie78.exe
O4 - HKCU\..\Run: [i89icwn3d6uinnermxyd0u03xa9mpde] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\pjokoj24fdac.exe
O4 - HKCU\..\Run: [jdk3rtmqm58fsd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hwv44otvy735.exe
O4 - HKCU\..\Run: [po16ugxs0jebekzacene03q0kmhnvd7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d7j3rsg0b1.exe
O4 - HKCU\..\Run: [w7isypcmu1yzlf6diro9bttckx0y] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\i602vod6z1ya9.exe
O4 - HKCU\..\Run: [np4rxbuq6u2qysbmf40ur7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\beclzy0665zwr.exe
O4 - HKCU\..\Run: [uhm4s2a829hzx16iq8ivae6dajayktij3qaicpomye7d8h7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cahx4q8899m9.exe
O4 - HKCU\..\Run: [p3nwunr9kr3oaatzgoisvvrg2p] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ph9myxv.exe
O4 - HKCU\..\Run: [qz8g1i562rakfbip32eh8pzi3bwzd2aeugtd6kcwi7nco9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wlzrqquumfq5.exe
O4 - HKCU\..\Run: [ysf9nmvb9qtcwwx88qlv0qie29r9ie8rit423ysadwdmo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\s6itjr.exe
O4 - HKCU\..\Run: [jn2csu59pg0xwko59r2kh1qe9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hz6axikk.exe
O4 - HKCU\..\Run: [btsr54fwsp70bzkj6qo0vik3jo7g9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t26u0p.exe
O4 - HKCU\..\Run: [jkg8xcw0qunuzgtkrxpb3iqhd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c65lqh.exe
O4 - HKCU\..\Run: [adihd84vumj0xe3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rxhmqn0pa.exe
O4 - HKCU\..\Run: [vn428vg93giyd6pqs9sujzqhmj9yqnk4myly4cjx26] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vy0nnk.exe
O4 - HKCU\..\Run: [so1i32qqf09f7q0j2vudrbczk0ivr8hkc2aaiytnyuurh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kpco69god.exe
O4 - HKCU\..\Run: [rfc8851k93jivc1eaoq57lw9p3zits] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xrlcrzfn8m6ho.exe
O4 - HKCU\..\Run: [avs003xu12yskny6jvochd4m683oqbmz0eekw6p] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b2gedc.exe
O4 - HKCU\..\Run: [l68ijpr8cpmfo36tdfxkvr46n8ay57tn6889yat9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bx4exd4tl.exe
O4 - HKCU\..\Run: [jajri40tpc8l2xt6r5hd3283] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p4zx0mi.exe
O4 - HKCU\..\Run: [i6tzttyj1pbanquxry6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ll3612.exe
O4 - HKCU\..\Run: [oxkqmdsdh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h1a8x4cjjnf.exe
O4 - HKCU\..\Run: [o9gy6ghmmo6468o0de8o6pffl48b5po3eu1605lpt0c] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ax5lstol8.exe
O4 - HKCU\..\Run: [cto5sn3yjzr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hb5s3kt.exe
O4 - HKCU\..\Run: [fj4h4lv6qaycycovrnrqj5ovr4z6n2b] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cc5czowuot3s.exe
O4 - HKCU\..\Run: [cgn3to5as1s2hqfxgdwpzmhju9qhn18681] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\y9cev9od1.exe
O4 - HKCU\..\Run: [xn3ifzar6mtf3ciwg23w34or6knd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gwouw4xmi.exe
O4 - HKCU\..\Run: [anng19a9wlwc1yjncc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d8cuz5ljpnla.exe
O4 - HKCU\..\Run: [py8gxt78o2or2h8v3in5gi0nwd92jcbizm3e3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zjhcmq8o2h.exe
O4 - HKCU\..\Run: [u86jcn017znkc2vqz6heda] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rk7xbcnt4.exe
O4 - HKCU\..\Run: [l0zm64g1n11m7k83rxf0tsx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fdljn2.exe
O4 - HKCU\..\Run: [q5aivmb9munfkpo6856k7k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u4xkn8laq.exe
O4 - HKCU\..\Run: [whludkj3xqblqjxqbhk2rffbma2puyz2n] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\r6q01ts7.exe
O4 - HKCU\..\Run: [r5ofbdostksvpwzputl8cm85ll4hzqwawhf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\by4lgma8.exe
O4 - HKCU\..\Run: [his135lkvp3ltcz] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b3n5pkf.exe
O4 - HKCU\..\Run: [awwpf0gdv0kv26ccx1dpbidnqtexunahtk0ltuzkv2ytii] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\e8z5mjrpz5vv.exe
 
O4 - HKCU\..\Run: [ot4unm9ezn03glyimceo7ku2i14nz1g0ztipfkmwp6v8uclf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tzb6586.exe
O4 - HKCU\..\Run: [yj60222whs6cujnunw655lszpffpdmyyfcb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o14i9g5ft.exe
O4 - HKCU\..\Run: [n995cs3h1rfk51gn4o832t8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fy5flxwf.exe
O4 - HKCU\..\Run: [kw7za4vs1rdcaix] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mnhgytsat7.exe
O4 - HKCU\..\Run: [yhosfc83z1ctlvooeuolp] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wfv1dmasvv.exe
O4 - HKCU\..\Run: [fo1urjxbn9u26jix6iwk5y90u4lzoqmwu2nt2a7ajugh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zpqlj2.exe
O4 - HKCU\..\Run: [too82d9j7vcrh1yzhxcp5vhfsluzap0us2q13tfn56f8sqi3dn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\knnr4qyg3p.exe
O4 - HKCU\..\Run: [bpoj9o1zqppv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\pc9nj6vmy.exe
O4 - HKCU\..\Run: [zpde1n4xpd4yi1kc7w3v5h5itpg7dg6phyfkb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o7n91nz.exe
O4 - HKCU\..\Run: [qk5voq1pjussc53] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dana4u2tuqh0t.exe
O4 - HKCU\..\Run: [a3b1bnc75169e] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\swzre2c3k.exe
O4 - HKCU\..\Run: [ex80r8hcc99nrgo6ho9hktit8unjsv66x] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ot6tr4.exe
O4 - HKCU\..\Run: [ppdri7boh55j9e] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\n21vjnkbwvm3e.exe
O4 - HKCU\..\Run: [yq0z45ilwnmbv6tl3qmgjgfohezjlx62rz2uesd1k5o4] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zv6cxe6.exe
O4 - HKCU\..\Run: [o6u3uliqu3p4apfcitgnwbrwktd4umfcd85pk26frrt3r8xt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v28yzwff.exe
O4 - HKCU\..\Run: [tlz1radp29j9v28zyvdux7n14cyt2w6q8nzudofoend1qsh3v] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j4rh5608s.exe
O4 - HKCU\..\Run: [kin4bqcu907r0ocsn0uy3vvcsnj8xsrshw82ngqizytf54f7q] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nyfifkp6.exe
O4 - HKCU\..\Run: [mgyji5ezq] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gzfhp7o5z238.exe
O4 - HKCU\..\Run: [kixuqk9zl2qvk8smz02ng9hilpvzq9v] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jj5413m34elm.exe
O4 - HKCU\..\Run: [uvd6mbruqgbw6tkq2eyp7a8hz0ug4ae89oqpzb1yar2sc8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c6hmrpx5o2s33.exe
O4 - HKCU\..\Run: [s6h40ae3pdr1d7cxmiznyoxqlo7zsu6437w91ox2gusww] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u25n7dof7wld4.exe
O4 - HKCU\..\Run: [dlpd6i4yzsrzjaqeu6znk64b] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\iejqjk7p3k.exe
O4 - HKCU\..\Run: [di89m7zalm0wjn2tutst652cve0rs7ire4mqkzo4394] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wcgw4r.exe
O4 - HKCU\..\Run: [iykv8hytljmiu0vpn4ifjmb23exzw71ylz5yquzp43r1sqio2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\arxus7art8q4.exe
O4 - HKCU\..\Run: [fq9dmngu9ev] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hvgfr1g.exe
O4 - HKCU\..\Run: [hji0ob5tuz] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gvd4izp6kfow.exe
O4 - HKCU\..\Run: [zvrgucryypsgh9jk8qer8wud26n7v2dqhy] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d2plm110h3.exe
O4 - HKCU\..\Run: [hg67hti6ztcvb53ecgp1eikk15xz32jjd18lxjpu1gs5zbdu] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rjf7e7wd6xu0.exe
O4 - HKCU\..\Run: [xtmzylszxf0tsklkkxpkzc1yuh4c4wwsgorn6d8q] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\stk5m7go7rp51.exe
O4 - HKCU\..\Run: [f41ilz1w0rb4cn5v3yhy35d7ie0azp40q7vssup] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hr1mzxev49pe.exe
O4 - HKCU\..\Run: [ut31phh4wdbulu] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v8rprm.exe
O4 - HKCU\..\Run: [y315awf34zqvrelgfsqp6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\q9htg85dcx0c6.exe
O4 - HKCU\..\Run: [d3o03w9q087amy8y] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vitcq120c3uw.exe
O4 - HKCU\..\Run: [zgnhva5zvb6334o8odh6cplg0jli2637u5ymfi57hbsvcok] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j1cvdb4tflun8.exe
O4 - HKCU\..\Run: [i8ekb6vbqt4270] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mvx2enjru.exe
O4 - HKCU\..\Run: [cpaotacvd92wt5hghljfhjb9m6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\n520543jvg.exe
O4 - HKCU\..\Run: [drvsavc4lxp7xs5z9uojxu6c4ycnxhffz2m] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ixno06zoqg5qz.exe
O4 - HKCU\..\Run: [qtsqslka89x4gyxpga89r48mni42cc99] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tpsn00k00s.exe
O4 - HKCU\..\Run: [e2zq7uzdkb5t46gl3kd62kyzvabcsnayip] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\atupzbqf9ayj0.exe
O4 - HKCU\..\Run: [bty5hv190i69wrm81l527vcowofjwoe5yplnjomyn5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tzn76g.exe
O4 - HKCU\..\Run: [av65wgq50azfu2v] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\aoipjcec.exe
O4 - HKCU\..\Run: [kcshafixbm46vec7f1as26jp04nw2dopi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lvu85l.exe
O4 - HKCU\..\Run: [ukcutx348x] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v2xyqw.exe
O4 - HKCU\..\Run: [cb0sl5k862sadjfi8b0ftmcubqutqecq0opj5obmyq9u4i092] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\epdpg5.exe
O4 - HKCU\..\Run: [jw5b0cs8y80j] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\i4un44so5093.exe
O4 - HKCU\..\Run: [hf4m8r4ptg4t1vhc5g8caia2yj894bi1t9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lo3azh95rc80.exe
O4 - HKCU\..\Run: [l96w0yoka84hoadbfg7en9oaf09c254] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rt6b4mr4.exe
O4 - HKCU\..\Run: [zyfhwoszdeyyncfz8otumx1ic8qbeau9qgvvnbr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u31va28ldpid.exe
O4 - HKCU\..\Run: [w0vp2p45m4qpvnlpstgfvnxclwgy7r94svxkrxmh82wysy7hi1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ysdwny.exe
O4 - HKCU\..\Run: [btldyrtc4f1iim] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c7uuuxhuuv6k.exe
O4 - HKCU\..\Run: [fjp1v9ltx8omdauo6q2mqfnw6t32zn84oz4cuatlt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qokxmm.exe
O4 - HKCU\..\Run: [qkum5q43k9gyc5giyzdn7jzk0ehfqplpfiemikmaqtt1aid] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ml8zzo4qwjh.exe
O4 - HKCU\..\Run: [h52b8qnc83tj1kvmhvo37294abwhqkmt6k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zkiixo.exe
O4 - HKCU\..\Run: [grlg0uer9qcznd7u3pbqy2y3m2kfzl4avm70qlwrif94m9plbl] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p22hlpp.exe
O4 - HKCU\..\Run: [h5r8lhwkd2ulio] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\trezyl24b.exe
O4 - HKCU\..\Run: [p86rm1vaoslzo65] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\n2cvnq93dfqx.exe
O4 - HKCU\..\Run: [g3hx0pzwgq5hqvfz3acij4] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c9rp11xiaxxz1.exe
O4 - HKCU\..\Run: [lo1k2x3gx2hl86k3sp84x2pkbsdtyjoj1td9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rgdmpbep.exe
O4 - HKCU\..\Run: [m3lais2soy8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\msehpr132fw9r.exe
O4 - HKCU\..\Run: [ocklm9z7gamhow72h68lq44qrvne7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p65u6skec6fa.exe
O4 - HKCU\..\Run: [qztov6vbd7pvw9fvmlk71x1oa3zll70pqz09qb2fcxc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uahtqntntrwm.exe
O4 - HKCU\..\Run: [sszq3vkb1i07coz9d4uv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\czw5clg1y.exe
O4 - HKCU\..\Run: [fsilfnth3qfumczchru] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\i8vgsb0b.exe
O4 - HKCU\..\Run: [jg4ukreo8h2sdw6mw2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qc7fc69k.exe
O4 - HKCU\..\Run: [rlyy4b2i5zl70hp5t] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u1jx6lmfcr.exe
O4 - HKCU\..\Run: [px3rig7ip76k44] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j3ma4e.exe
O4 - HKCU\..\Run: [d0v0reca8jh50syyx4usjsziv3klhctjo32wxflwu0bwqm75pg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ms7x0z3jxas.exe
O4 - HKCU\..\Run: [f9rk3vsfg0uc0ig3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\a9lkhxw.exe
O4 - HKCU\..\Run: [na5lugqa208snf46ovgktlu8os6nkssz7fq5h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tm2zimq1irpb.exe
O4 - HKCU\..\Run: [p84mf0onwrc8ry] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bth2cpln.exe
O4 - HKCU\..\Run: [eni15qzj8pmuq0ttu8j60ia75pv238wksde7by1j2ljoxw] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\trl283vfirc.exe
O4 - HKCU\..\Run: [cedt01aew9wx7m2rcqhxevknc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\al9k1ykhoh.exe
O4 - HKCU\..\Run: [fvqrx6wcubs1zmfs7s7biqufdxgoojoapoid4gp5fodejrgdc8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\be7yzgbds.exe
O4 - HKCU\..\Run: [kig1g4s0smghr4v38ce3s5cvcya0s15bfdn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jdhuauw8q9.exe
O4 - HKCU\..\Run: [plfwb3z3bomwaonfaafiasrt9tcmi4ve10dhyc23mqw2k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ykf7o5kn487.exe
O4 - HKCU\..\Run: [khb4j2x1vzg8yoyjxf3wnmth25jxip0zohz39] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jckn5z5z.exe
O4 - HKCU\..\Run: [trbzjy73etdfh37chiq2zu618e9iik4g0ubkulfd1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ls43n7ys.exe
O4 - HKCU\..\Run: [b47f1kjw4b02cuhznz5o] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\a420rzr2.exe
O4 - HKCU\..\Run: [v47p86zt1f4v0c842rzu5nr0prcc265hoymcwnsbuxydh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uw0dg4y1trj.exe
O4 - HKCU\..\Run: [st93x2xb766] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tekc8cj.exe
O4 - HKCU\..\Run: [dsuc93kuk532xhx0kiw9ae8vtnsh1tvs] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\egkvemln.exe
O4 - HKCU\..\Run: [jtlncxl7qsjd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c6cmv3ac2nc8.exe
O4 - HKCU\..\Run: [y82u25cqhcwk24hbpzu6ev68] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dx0kmkbn3h7wd.exe
O4 - HKCU\..\Run: [t36v1572zyedc1i19dxp6jwnmbxn99x3h0uqx13rq] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qa8jfcree.exe
O4 - HKCU\..\Run: [vdwp5enogg867k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ee5xo0vnt15.exe
O4 - HKCU\..\Run: [ptlhmn8unymunhz7ji4qz9ce8gqwdr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ldci7c8zs.exe
O4 - HKCU\..\Run: [qtxqdjnfpu19lligj6klwqfu6psoncitn6600beu5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c0icddiitdmc.exe
O4 - HKCU\..\Run: [re9tlpoyir8xjj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v6uukitkdktad.exe
O4 - HKCU\..\Run: [nxwipbo0qmy9atstcuap4d2mn43c5oboqqvc0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\k9dvnpw5t2x.exe
O4 - HKCU\..\Run: [eb70eatjxlm9x] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jz8xwpcus8.exe
O4 - HKCU\..\Run: [lha0qwpyeadn127pie57vejkd7bcenwkhpdgsaelhqr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\aw9u86mum.exe
O4 - HKCU\..\Run: [yjg7o7si95kvtc0n6blvd1n9vndcpudu0opaed4gtwco94] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j5ooakr04e8.exe
O4 - HKCU\..\Run: [axssruixxmwi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mpebmx8yqq7.exe
O4 - HKCU\..\Run: [egh4wxy10f2kxjksbiwenm371i4ur32lpa0l6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\r41kztaiu.exe
O4 - HKCU\..\Run: [ss9265hglc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\se6iqabavl.exe
O4 - HKCU\..\Run: [e9mu9cuw74xq6jqulcnorzqci] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dg61dkhtcbx.exe
O4 - HKCU\..\Run: [jetweb9trva5eloh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jk5b3tsiprt.exe
O4 - HKCU\..\Run: [hz7d5i9zv69ntxn5h3r] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\a3wcy907sa8.exe
O4 - HKCU\..\Run: [hkscaljekwfcihxc3sst8ladpowae41awj7fm64nc1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\es8db5d2fgyfm.exe
O4 - HKCU\..\Run: [fewa7k6n2avhtl3a8l5di6eettsw52s9uva3uc8rg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\woferantyaap6.exe
O4 - HKCU\..\Run: [ggco9g6hif8g0o5fkdz4nstzd2ozd6fvwcvkyyzy500ace5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sz3weeayb4k.exe
O4 - HKCU\..\Run: [dzgq7e79li] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rk75l6z9eg0x7.exe
O4 - HKCU\..\Run: [riyh615vg12jrqm] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sbrdyf.exe
O4 - HKCU\..\Run: [l0s6fm27x3xlc47hjuf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hxkdr4p58m.exe
O4 - HKCU\..\Run: [xghxx8ql248ndvd4qassdru] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ddrw4p0.exe
O4 - HKCU\..\Run: [h2mkpxjss08brgm1x2wqpch5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kcyhn1uj1sxtq.exe
O4 - HKCU\..\Run: [s4agk5j3bqyoy] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vvh0tb.exe
O4 - HKCU\..\Run: [wyni0q499eq0q0mu34uwrq4bygwen9l] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o1ti0x7.exe
O4 - HKCU\..\Run: [itt99s2enn1o75ixmdxhk4g3bi2y] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rq2pla.exe
O4 - HKCU\..\Run: [vl9mq89z0vl33k3x] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\aqf3qgu0w.exe
O4 - HKCU\..\Run: [n4tr6sf2xucraj97g67w2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tw82xl52gb.exe
O4 - HKCU\..\Run: [xva3ejdxxyyqa2pzb7y6vq] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sm346llrf.exe
O4 - HKCU\..\Run: [r984tgabmv28] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\izb3enna50m96.exe
O4 - HKCU\..\Run: [lmcysr1wkrmoilhvs4jorxljnczhf5a4wnn98kw9xci] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u7d77bv92i.exe
O4 - HKCU\..\Run: [oeomw7lh05nv89bskr8rjp43] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xh8rdr.exe
O4 - HKCU\..\Run: [uxiyp82mu9lsqw5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\pdfbcw.exe
O4 - HKCU\..\Run: [bk7flu49c27vhglajhdc8hlnpc6zmfo38j5swz] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tttgoq.exe
O4 - HKCU\..\Run: [j2c0thsjq] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\stqmwoi42du.exe
O4 - HKCU\..\Run: [ij0bxfp1d49gjwuf69bynva59gzjnast6gm1pj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kpx6ct9vl76.exe
O4 - HKCU\..\Run: [h855t4alof6wf12ye5xt84kx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\g0l5zxw0y.exe
O4 - HKCU\..\Run: [z5w0y7uqndf70u2ksmm1k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j6103njrzn.exe
O4 - HKCU\..\Run: [xe73uc0vvh6imz3lbw7kjus06w2ui2efogl] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tu0o0yr.exe
O4 - HKCU\..\Run: [y7uqj6niv5j1yqp7dcg9sxgxdwttiuwitl] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\edj7n8t6.exe
O4 - HKCU\..\Run: [vow8ax8s4uke0umwqtwehuiin] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rbujguqbv.exe
O4 - HKCU\..\Run: [gyr1xadocxguv3gl0n5zdd89m6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ux74scgr4ysh.exe
O4 - HKCU\..\Run: [dqzopldr4dqcccw24uaqjltlsgrgrqw7kg8jyzcjnkm] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bwepboa33a.exe
O4 - HKCU\..\Run: [eguq4ez1f37zxsdsir16vkv6t090mwzyluxqyfqzi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b1qprnm.exe
O4 - HKCU\..\Run: [poccw1e4futgs] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\snwvvyqatmn.exe
O4 - HKCU\..\Run: [ijz82kvuf0qez6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\komzkk5fvg.exe
O4 - HKCU\..\Run: [a4ywd7kv9hyqu9phym00k4maf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\s2dzoqrbxgp.exe
O4 - HKCU\..\Run: [rnpt6mgb1xwmjfemdiixk3n3s2i0wvb1d35c] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t7zdpq6pfag70.exe
O4 - HKCU\..\Run: [x6pn4tt6mzj2b8h591svf2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u2qoitl5nyf.exe
O4 - HKCU\..\Run: [bou08f9x89zs] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h0ug1gpiuy.exe
O4 - HKCU\..\Run: [vzmw6cnljwmr4463xudbkak1ssj26yfz5y3nd7d5ypb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sjkjhp3m4t9wn.exe
O4 - HKCU\..\Run: [qlza9frz9f2q12pyw] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\aiuys3.exe
O4 - HKCU\..\Run: [o1a031s3m40lry9mi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zrplr0vr92ri0.exe
O4 - HKCU\..\Run: [vzynovqllp] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mubcwv.exe
O4 - HKCU\..\Run: [bbj98pfehn2dzx42ni8y59g1lcfyo0nlqxa81ri2q] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ttixf7b3yt3k.exe
O4 - HKCU\..\Run: [j1y6bxmmo741cbm36mnoqhtbncabigqgmuu] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sowjxofpxz.exe
O4 - HKCU\..\Run: [tbwmozaga69xljs4no] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\eviglhdf1b3bk.exe
O4 - HKCU\..\Run: [o3pse70i50] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\stfmn5k3x.exe
O4 - HKCU\..\Run: [i7jyc4rrc4qoucutq76yeuftymfbvc4] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ty1hooz0ytq.exe
O4 - HKCU\..\Run: [ry9xmax7clbq6ph6hlfqf1taf22r] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ku57crg8.exe
O4 - HKCU\..\Run: [x5g8aru1j7z9zllc5sci0lqoooblxkmc77cumcoot] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\y8m69kdn2b.exe
O4 - HKCU\..\Run: [chhi0coppkv2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\aspiyjoye5.exe
O4 - HKCU\..\Run: [xlymiwhgpfl0o6ygc19bt5gknj9ww0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jb2wk8p8hzdsy.exe
O4 - HKCU\..\Run: [ro1nknndnjlf3fzp6a87tf7awkrjt4hxhjq0emb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gqj3qg.exe
O4 - HKCU\..\Run: [wg6x3nqsdc4m8chbag69s5cqi1kqgc69oqqnaakxppd187z1n9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rkefu13vy5oc.exe
O4 - HKCU\..\Run: [qwnfuc0okdw7trxrnkrjz1lodf5f9zg5vbcrgo7n] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zsmopl4.exe
O4 - HKCU\..\Run: [llm8lsjjlx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\emnkyrlu.exe
O4 - HKCU\..\Run: [a3rr44kh8hejjhfqc9oyz6sfhxuuih3xyeidw9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nag1wjvv4odok.exe
O4 - HKCU\..\Run: [ewxr5iw5xiqaxoc2fh7lkp2xwym8ttv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xeimvd1a.exe
O4 - HKCU\..\Run: [qxjnngxbp3ea2gpdpmgla6vb3ie8h35le3hlvjxabv6xdg2ixf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uuszjhkc.exe
O4 - HKCU\..\Run: [ci1ojysrj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\a3rtz7n.exe
O4 - HKCU\..\Run: [bvh5g0278uuw5p4sz79z57fx2y9qci20bbkoq9g2ah] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\oamc2g11e6n9t.exe
O4 - HKCU\..\Run: [h36t4sqtsutt7g3ji6vytp8g08nw63hyhu5fnly] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\khoy4h.exe
O4 - HKCU\..\Run: [c6ozpvrqg1mfaogdxzietm75gvuzdpbi545m3g8e5e6pkd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\yo710p.exe
O4 - HKCU\..\Run: [dcjx2qcgv8t63i39a0e1iwj41] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o67javg7x6.exe
O4 - HKCU\..\Run: [nwjlduad95oxw9snrw4l7jbz4d5vlivsr0cy2z6q4ypwowaap] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\g2ekq07yg0.exe
O4 - HKCU\..\Run: [n6r7ewpp1hzhfssfs2m] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vf9ozna0p79w.exe
O4 - HKCU\..\Run: [ob2bct7crgdx1z6qi3qpy4x71rfgmh3lvyp9zldyp25n] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qbgpys1r8ilp.exe
O4 - HKCU\..\Run: [g0bsv9l043dwx7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jys75xctspsnm.exe
O4 - HKCU\..\Run: [fkj10vsayiovsf2yuzspnbechera1q5fdta0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uanah4vmod.exe
O4 - HKCU\..\Run: [o8qimbk6wpmav1r4hdwwnnsfirs7nldoucv8vyzkj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bzibuj8hbj8a.exe
O4 - HKCU\..\Run: [io12dmy5dcq7gsj8y87w4l5e1glwgs2istkd02g] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u5ba15jjv7frp.exe
O4 - HKCU\..\Run: [w8suxqjmq93k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\psde6qarq.exe
O4 - HKCU\..\Run: [s8lgpgrvrsvgszy4phuj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t0pwj5nmdd7.exe
O4 - HKCU\..\Run: [tcvcbe9w8mgpp1pelici7nv0ev4pa8od5l7nxem1uhujaz9v] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\azfh2hhyt.exe
O4 - HKCU\..\Run: [qq2ccsvaopydr5qjjr99g6svoulkdj3004bdcy0wk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tm8z93s0dd.exe
O4 - HKCU\..\Run: [z1gmk3zlbpn6k5i3kophg5zrpnxjmpmcul54dg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\aijfj3qxglf8.exe
O4 - HKCU\..\Run: [o36q3m5be2lrra53ih9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\se7gi8ledncq.exe
O4 - HKCU\..\Run: [mafs5nvufv65cuurzunzvri9izi2jso2yon25ea19kki] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jbrduprocli.exe
O4 - HKCU\..\Run: [xjffxev4gbxyivtkzs8ajmyz5r9c3a8w08ruk0da8ep6ucfe3o] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j6fdeq.exe
O4 - HKCU\..\Run: [zmmo9bnyrglj1etn1dgrn6xti4ebkmmxdp07b15mvhhxbv1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nvrermsg.exe
O4 - HKCU\..\Run: [ycethbtz6l9lo8aineoy1g7qgdofyctjuyyxtd9ovg4ujp7h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jbyg47kzjf2rl.exe
O4 - HKCU\..\Run: [kynyv3syxiboa6wckgv3208oyp] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jlt0t4kgv.exe
O4 - HKCU\..\Run: [pmnf05mewks60o4rgzjymnusjwxitm5i3c] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\isvmv5tz14.exe
O4 - HKCU\..\Run: [uxpfr5yp2v696lf65748t109a033] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mr27ehnb.exe
O4 - HKCU\..\Run: [wlyoswd2poo7r27qvx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rp6g8u.exe
O4 - HKCU\..\Run: [wfiyrduyrwiopw8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o1ugbvd9s.exe
O4 - HKCU\..\Run: [z5s6aexn862vnmdiaxurhqk79qlru73litktw8rydsu] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sldy8s.exe
O4 - HKCU\..\Run: [ck2s5fh814o3stb80sgh0pg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uvync7b7qaajo.exe
O4 - HKCU\..\Run: [pvqwevs8w6iptub8ylihtow50zkro6d46u] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rlang9n14hl.exe
O4 - HKCU\..\Run: [nfazvnvw0wzmxzqo25bs7bodt53c3um] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ql09vp.exe
O4 - HKCU\..\Run: [jisglo29phptfir0hrzl5zrm3n7z3istt30ok80y7zxg64] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qgo9yq84m.exe
O4 - HKCU\..\Run: [g9g916uiavfrfas5pi0f78li89ucuyl2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b0lz9vkp1bwn.exe
O4 - HKCU\..\Run: [ij0d2d1ihgki526dok3fw9x8vn5b5pp93zk1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hyb2vad9nnr7i.exe
O4 - HKCU\..\Run: [ubi0a5p37k9pnqd3uywqesdo7mo7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xgs1mgc8e.exe
O4 - HKCU\..\Run: [auxpingqakljsmjz1tvshi6bop73mi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\snacwwu.exe
O4 - HKCU\..\Run: [ke9i4gxem5gudtwmy] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zcmu9b7kp.exe
O4 - HKCU\..\Run: [vp6yjoqi5i2zu8pa] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\catxvqjnbc.exe
O4 - HKCU\..\Run: [bhf7mms2kband6k0u6s2o45zoymw26u6ct91z4d593mk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o3yesh58fouu.exe
O4 - HKCU\..\Run: [l228zj843q6nurscvqcj6zjs] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gz5f8mwi28kv.exe
O4 - HKCU\..\Run: [liyyzslsgszg1uiictqwsaxokf62uya8190zruxphpcify1op] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rioyewybk0pec.exe
O4 - HKCU\..\Run: [qnip5rfhr2cyc0r3fvx6q8g] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ckohk6.exe
O4 - HKCU\..\Run: [lli7phx9vs0dku1hukpy5bb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\usjikcfsd.exe
O4 - HKCU\..\Run: [xbdlfqkid1sb84hcww5uh7c8qlzu8jmywlvhazkkwym1oh6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kf7qvawk8qz.exe
O4 - HKCU\..\Run: [ob4v8mu0dqe81y9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\r9vnyadxz5.exe
O4 - HKCU\..\Run: [yvl02bis3ycnrsatmiuqn5gwmbtk6goacclpzgj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j52oef4oiz.exe
O4 - HKCU\..\Run: [aws43i6vqlse48vaz51ve7e6vo0718m7nfc7w6lc9n0iyhy3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o4jnib1u6zuhx.exe
O4 - HKCU\..\Run: [z100ezguow551hy73uvfuxuew9clnoej5sem31i9p602yw] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\yde8xljc8niki.exe
O4 - HKCU\..\Run: [ncauckksvs5h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v3q81nv65bt.exe
O4 - HKCU\..\Run: [mtfogihriine7karwa5nkjzxpvb819h7cbor655my] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nzx90smxo5m.exe
O4 - HKCU\..\Run: [gila6yor5j8zcyr0q1qzptr8sr2mn4i6kdw1rrb9ih1b] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j6zv2tegu5bi.exe
O4 - HKCU\..\Run: [qgp5h5tbp1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ccbd9fp347qkt.exe
O4 - HKCU\..\Run: [ivnxax4wv0bo1757gtgas537kn01asjbe6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mubeisqjn.exe
O4 - HKCU\..\Run: [vzpov379gzit73isahz83nauv72vzj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j1nvmu2.exe
O4 - HKCU\..\Run: [eecmosiksat4o0a2iy] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uk6espu1.exe
O4 - HKCU\..\Run: [scqhdlh0psmdgpvgorpzfei45tuy2b8az9gm4gvunr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jbiysajuu5y.exe
O4 - HKCU\..\Run: [ci4df2j9fl8n5r4nxcevnla87fq1at0tlk0k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\iw104bngj5hd8.exe
O4 - HKCU\..\Run: [ey8b7vd45h45m9u3e56rb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\axrltxjl2zg0.exe
O4 - HKCU\..\Run: [yu45kvzd2xv3tjek2qzm3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uzk1oiq1g6l.exe
O4 - HKCU\..\Run: [mbpprx3qb89gu22ynx5r] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rfeeq0oq.exe
O4 - HKCU\..\Run: [ceotqxexye7gsmugadgz9j3fgmv7ap6c] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\en0tb76t.exe
O4 - HKCU\..\Run: [mvos7od59lo4is3icad18tyf3oue98qmt4wh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lcvbo3j3o0.exe
O4 - HKCU\..\Run: [eha99brglqmtgbsbhzq55feaai27j85qc1kw5ga298] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c3xhm8ex.exe
O4 - HKCU\..\Run: [rlt57nxrg959lqrfnsux464bz0ro8479rdxpl4] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\k79grtie.exe
O4 - HKCU\..\Run: [iu0fmetr9xac5mh78loiri5xjz5rq3rww3k4ps] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zylh692uwuv.exe
O4 - HKCU\..\Run: [e9y68wln9q391sddd95yf2deg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rfiwdzi1rl3.exe
O4 - HKCU\..\Run: [w4vcapfnecp1c5744fq24] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nrzkizl4.exe
O4 - HKCU\..\Run: [gmilw1fdewmtecnrawd8j38h7zidgalc1c] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\r6gipf.exe
O4 - HKCU\..\Run: [dc7hqd6ua1fu88nngvhvaws8zq5winem0sdbrednn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gxb2plw6c.exe
O4 - HKCU\..\Run: [uqmhepv4pxnou8tghozypnhzd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nwm5efktgl.exe
O4 - HKCU\..\Run: [adn5qhirifu59lozlgt8vutr6a832z] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tvq4wyej6v.exe
O4 - HKCU\..\Run: [omx1wdaob4zqggucyw801q8o] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nxfuwb0a4.exe
O4 - HKCU\..\Run: [owds06hhmz6aytqxldwy0ut9xcwe7isvnrveek1en4lm] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ej03g57dk.exe
O4 - HKCU\..\Run: [uener5ylmo7kviu5tgpbjwpj3cvavftsc170ich] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\l8tfhvkl9d.exe
O4 - HKCU\..\Run: [dtplmx2aoe8mk538kdsqu29cr4ry7j2gnb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bzyu2l237p.exe
O4 - HKCU\..\Run: [adcc6fkwagpy4gvey40bikd93sqla82xff3c6ixtb4p] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\smxnf4js1va.exe
O4 - HKCU\..\Run: [bw712hnxn7q17uo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\aqq3gzs1i1y.exe
O4 - HKCU\..\Run: [b8n9bu2s96ak093gkx7srnidxifg7jwkyfd0adu1cd4rh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\liv2gtdd.exe
O4 - HKCU\..\Run: [h441v0bp8cc9xtwwv8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\e571nfofc.exe
O4 - HKCU\..\Run: [je5i0bfn5bzzw7c1l3ip9f03] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\w1el33f6v.exe
O4 - HKCU\..\Run: [fwjqhj9f0h8nrpy5v7w35l6xv5ex] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\iuj20u1az75.exe
O4 - HKCU\..\Run: [fk663214cehju8iqi8nvvrk2asttlzvjf559dab3j8b2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h3e49uhzyd.exe
O4 - HKCU\..\Run: [kxk79bgegpmpaep5vt7sduga5ndr0d] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\oxlm286xe.exe
O4 - HKCU\..\Run: [ti4ttjxpfc2jx0to2m89178x8624llf68eblp265h6ueiq2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dox62el44dtn.exe
O4 - HKCU\..\Run: [rdk10kotqeidsikg26j219w35m91it4wvue3x3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\yqkhfvriiwsoh.exe
O4 - HKCU\..\Run: [rcv9fwooy1bt1h95wx4z] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\batlrr8g48rll.exe
O4 - HKCU\..\Run: [bk5eu6hjzmjn6m8u5z29bvhf4bykn8j74j] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\q4v9twp2y.exe
O4 - HKCU\..\Run: [l1woyzlzzad] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\m3vrwzkkqqkj.exe
O4 - HKCU\..\Run: [vnmky79kqta9s1qsptj9dbvz1k9cfbwb5lshtbswaxh41klbc1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d64xem3byk2oc.exe
O4 - HKCU\..\Run: [v9pttjmv75r] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zmbga7vube.exe
O4 - HKCU\..\Run: [jh6b8s3baunpivsn6wo6d0xl3th9dc80qctt0rlq0wxeesn7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wyzgut95qclw7.exe
O4 - HKCU\..\Run: [eed9daclevt98sded3n3dd1vwpau] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vtdlcpndhxo.exe
O4 - HKCU\..\Run: [cfypammd3yzjc3dxz4l3p7ehp8b6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ml2i872r1xt1c.exe
O4 - HKCU\..\Run: [af6467zh8ic4s1q08rwae9npkwqmuztt4ri0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\x9ll4f9h8oddh.exe
O4 - HKCU\..\Run: [wraz6qw4a5wcumkw3bm5qansyyws2pzo2uaucxpupgibp1w] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wayy0rs7yax2.exe
O4 - HKCU\..\Run: [ypot71267] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b5nll9.exe
O4 - HKCU\..\Run: [b0iun2lmj1392jh6ulxya79qoxpt3fnyjpp5a2xjcve3b] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bym38b7s5qut0.exe
 
O4 - HKCU\..\Run: [e9tvpfby8d4n72d] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xetm4hpp95.exe
O4 - HKCU\..\Run: [pyd402ulriaa7m] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\pa0631ql1e.exe
O4 - HKCU\..\Run: [nbq05z5zxci4gygamx96v] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\aoopat.exe
O4 - HKCU\..\Run: [tqe4oj9edhbr7bslv50yxapicacynirg3fmo8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rcaql8037f1.exe
O4 - HKCU\..\Run: [wla9vv7huk05j90td4v] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\um5taoh.exe
O4 - HKCU\..\Run: [ttfj2giccgunr34nrl6s4a66wru] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d5z7wu1u3f.exe
O4 - HKCU\..\Run: [spas6ckun93r81vh7tfb6o9anim6j1x6yy4z0jet5ep] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\l9bnxpvtfc.exe
O4 - HKCU\..\Run: [zaqutwhf3dvfkeos2ih4ih28cb3tcy4qgqr6h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\k98con0.exe
O4 - HKCU\..\Run: [u7dxkrmc7onzmr61enhmttps] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bf7m1phs.exe
O4 - HKCU\..\Run: [rdm5acyxdzq9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ja281z.exe
O4 - HKCU\..\Run: [z35y2antrjyxla17qgxz2ezrgch5rrcsjg6hgvviyhec73o8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\igc5an14l2a.exe
O4 - HKCU\..\Run: [hth2db6shblztaw1k5o067s15] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mkxs7f0a6s.exe
O4 - HKCU\..\Run: [o02py8fgmq3b8t48jgi3nmh5mqvzuvgi16vyz9jj1s8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\e8hnxro9y.exe
O4 - HKCU\..\Run: [a3hnycqu4azj5obtf9d] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qk54biad28y.exe
O4 - HKCU\..\Run: [zr6aqmn8hlfj9875um] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kkan6bzr6n82.exe
O4 - HKCU\..\Run: [ilm7cwm943gxdc3bhvzqjdou7bnyadt645fyt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\pfjqtivzk.exe
O4 - HKCU\..\Run: [b8jwvto6zw3h9p2i8iefb1c434f] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lq78g3i.exe
O4 - HKCU\..\Run: [wnwlq6vj9mn1mg857ibd6gkn8rt5h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b35nhsc65qhn.exe
O4 - HKCU\..\Run: [twa6jixbo03nwii3n1z2ycxxo3g9gm5p3wtgkszvofq6o] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xjcpdu4tr.exe
O4 - HKCU\..\Run: [thmphygug0psoy3zue958rv9mqvxtuiripo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hwynqcn.exe
O4 - HKCU\..\Run: [klwwk8slr5bo0uf76lq6dzihlb9u5i6jiruihlkonx45a3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j17ces885.exe
O4 - HKCU\..\Run: [cwfc37nvn3p6v6vh45gn6yg2j2e7ey7hhr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ct2vuvoo8.exe
O4 - HKCU\..\Run: [s7f8enlojnoxnwxgwjeuy0ojjmafv70rchtbub80keayxpkh7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\yelxnfsteh0.exe
O4 - HKCU\..\Run: [rlrn7ycew27kffc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b21yqdyocqe.exe
O4 - HKCU\..\Run: [o6385uejgdhlkbspm30k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fjm97hez3.exe
O4 - HKCU\..\Run: [bqbrpy636qksw1xy4i1i7rr1zjub738rbrnfb0grs1ibwttmo0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u96myep730t.exe
O4 - HKCU\..\Run: [ai0p3srjcy5z6x8k499wuzmqe950010ff] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b3u489e5jc.exe
O4 - HKCU\..\Run: [r3hv5beybju] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b45b0iil93p.exe
O4 - HKCU\..\Run: [lojhfpuj2ofh5nd5t1qgrkvh6ejv4h26xgmw6q] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ayftj8bj8c.exe
O4 - HKCU\..\Run: [y0o9mz6fquya6tm2a] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lrtwvyu.exe
O4 - HKCU\..\Run: [dj7fdrrz4zzumbeabzamka4fe] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zy5fy7880otdw.exe
O4 - HKCU\..\Run: [gti7p4llrj4dm8v06z1lhdpb6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vvchu90rdi.exe
O4 - HKCU\..\Run: [eez2jprq97jzna5m2r4mk4zz42v] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p6aujeq7y05rb.exe
O4 - HKCU\..\Run: [ipp6ngxykscwctj7xddd6exlc35wm30wd10bc9f28697a] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o1oz1ebtx6x.exe
O4 - HKCU\..\Run: [hip60c4ap77cb99rirmoaj8n4f5wsjriacycj8gz4825] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\yy24p5hp3k.exe
O4 - HKCU\..\Run: [kgk2hjv7fj602dkg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ks1svo79cx6u0.exe
O4 - HKCU\..\Run: [lrnqjilcyqu7a1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\q7ov3pl66.exe
O4 - HKCU\..\Run: [ygx3b0o6jb4y3r0c3esxvjfidaodfclilb4wmjqt214gfik] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bztbkj.exe
O4 - HKCU\..\Run: [cmpu3wbdvttezls6b4e11n0v2a7390vj2k1hga95t] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o7iq243n6xn.exe
O4 - HKCU\..\Run: [egyuedlc26l5qts8gd4cx51p37saczpml] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\z03dotf89y.exe
O4 - HKCU\..\Run: [hzrf415uufjv2e9b0uenqumjh7wqlx5oxr818w] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tv0vj7.exe
O4 - HKCU\..\Run: [l0fzphj91tu4nq] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rwrxnh6zss.exe
O4 - HKCU\..\Run: [smtk1whgotv5nipjo9pohyr5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j8yakdruq9d.exe
O4 - HKCU\..\Run: [nk77otpavphgsylov2p9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\i3cw2dvxp.exe
O4 - HKCU\..\Run: [puikcjigjjvmu4k30r] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cea9ri2waxkt.exe
O4 - HKCU\..\Run: [h3wjav82hivr8qi5252tf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rhda8kk.exe
O4 - HKCU\..\Run: [tjf9fk6k7iezg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mnvxza.exe
O4 - HKCU\..\Run: [ty8gpefgs5g33jg59285ts8h8eqbjxy1qlgakdo] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\epiptr2.exe
O4 - HKCU\..\Run: [lxw21vctobqsmcx8bkugh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zgn6jyoz.exe
O4 - HKCU\..\Run: [adw7dkg9b] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v168czslm9.exe
O4 - HKCU\..\Run: [kdr1iu7xz96e1basfaqt4ekn5x] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lj6qm5.exe
O4 - HKCU\..\Run: [a9k9qv3rdkd2q9f2poyj4is25m3y40] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zl699ft.exe
O4 - HKCU\..\Run: [rt0r2dqyyz6f8nx9l0so465cx5qdgpq0qrjq7k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fo5cxyjd.exe
O4 - HKCU\..\Run: [d9luh3mu7su9frkpr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\yklofmm3i.exe
O4 - HKCU\..\Run: [r80zk0xoajuvly4wpuxp19gss15m65azhz96akoaguui7e] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kd95td87mpq.exe
O4 - HKCU\..\Run: [s57d4luqwbtli0gtm5cmt9uvoo74y7ilpmxga4hpmv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cjitrg99o.exe
O4 - HKCU\..\Run: [lmepwtxj1ycnpkvign2kcn4nzvvvftc55ng7r] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mn1eqryox1ee.exe
O4 - HKCU\..\Run: [izugyyouz1unkkl2iwrm8ykkf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tove9p1z09mau.exe
O4 - HKCU\..\Run: [u7n6ki6r0h4mr70rko34ey7ysoku5swrkpmwwi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\em9kbw8nf.exe
O4 - HKCU\..\Run: [haz545y52c42bth] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v3zn323j4rd.exe
O4 - HKCU\..\Run: [fp3th7m76ctacbgjwr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kkg4xb1q19.exe
O4 - HKCU\..\Run: [wpdbkmgzp83bw57bjywv53n8abo906ci7jgew58qn1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sk6qwkwuulxse.exe
O4 - HKCU\..\Run: [dqmhzgut8knenyk0fopswrcvfgjdyo78z9thnwa] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lcl971rx6g.exe
O4 - HKCU\..\Run: [rt07mrtv4oe9iaq44099paiddkz0j] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hx4bj2ejcgzp.exe
O4 - HKCU\..\Run: [l5sisrypy9r6d7mttqu2ssmdzw95kb10] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h1qo459o0.exe
O4 - HKCU\..\Run: [qop3ouu8vphtd3vteg5thgc9tvnkwowgvy4md1njo7vadt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p1xrkx4stmnw.exe
O4 - HKCU\..\Run: [pshhcpssv1bj4hou16a] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\whpewnr4hozvq.exe
O4 - HKCU\..\Run: [fm73ntlxgfhofhy8vwzhj8t2fv0h601r] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\a1pwtkswuo.exe
O4 - HKCU\..\Run: [rg7ru25x4aoun22cbcyr1vq5fwxfd3bsp91c81y3o9ye] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h5rhsvhb36mgt.exe
O4 - HKCU\..\Run: [zveq1xtzhptgtkk5xnn3wi9kptprpci64byvt6gvshtk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dgwzfz4gg0f.exe
O4 - HKCU\..\Run: [uxhnvinvvwsfpp4j8u] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h1cohawhmp.exe
O4 - HKCU\..\Run: [cgljto8qsc7ig1xkn3twkzki0n1u1l] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ryqt512wo.exe
O4 - HKCU\..\Run: [n7u02tyjhejubgqbspt5fnt4e37fpcxmn8x6dgdu55u6a8ohij] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zmhxfr7k16dlb.exe
O4 - HKCU\..\Run: [dakfixqcjsl] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\yvcz7rn90tix.exe
O4 - HKCU\..\Run: [etl8qmytvrujx8wh29bffmk8myhlowm82k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\koh1bw.exe
O4 - HKCU\..\Run: [d6w3mmitb6rzhx3jq9l6gnion0g59] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\y70grsb.exe
O4 - HKCU\..\Run: [s9r02pa5ven80pimauh8wqx147a9ke9js1irtts8gbqp22q] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hvwxmfhua.exe
O4 - HKCU\..\Run: [z2fqt3z3ftqbbl46lr03d0g26ftdyjc5u8er331170] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p9kgtqqkkgj10.exe
O4 - HKCU\..\Run: [xnuteogme] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\abkzz0.exe
O4 - HKCU\..\Run: [g6o57pxrpb5amkwrekbbhsaxsp8vu14vwrsdl22jrx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sor0y5.exe
O4 - HKCU\..\Run: [cwber7bcbuj66vmqbmx9379] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o4y2bqbnji2.exe
O4 - HKCU\..\Run: [t4e1cfi2d01op6gbli5x17ymf9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\stakomoi67skd.exe
O4 - HKCU\..\Run: [b9psbsyod1fbzireviuae3oqfb7bocx9m24jup78rdvp2qkxu] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gvt3uw.exe
O4 - HKCU\..\Run: [ea8jpruum527ob3hw7d4w3p55vf8f09etsc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\igdm2l7ipdpmf.exe
O4 - HKCU\..\Run: [hjmfua4d1eqlembzzoj5s] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h0fhcw58.exe
O4 - HKCU\..\Run: [ed8xy1wc1mme1022jd5v57ly4j9sdpnmws0zdn385e] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zxj8gf685j.exe
O4 - HKCU\..\Run: [oyp4hfhgpyibp4bi3ntfry] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c7esmv.exe
O4 - HKCU\..\Run: [ici1f0ixazudqb1q4ifeatdthbcdi8bt13nr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gr7q9av6l.exe
O4 - HKCU\..\Run: [vrf29nc2ud7hhqjipyxjxkz44bo5j9qj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j12afqc6e1xjk.exe
O4 - HKCU\..\Run: [eyat4d5pfvydyrvrifqaum10en3okt2fw86l7qmwwl] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lrodwfyrd8h.exe
O4 - HKCU\..\Run: [pgckrmwgr0bhc8j56] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dreajso0sp8.exe
O4 - HKCU\..\Run: [z763efe3ncyxmicmdj5omun8sftqw9wsylcp7jevkyj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dex1bziaw.exe
O4 - HKCU\..\Run: [ulrk71hmddwsm83ifv58ae83e4pc975h33iiit2a18h4sz1nn3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rgxkh9k3zk.exe
O4 - HKCU\..\Run: [e0qkj9i1kbl64w9r3ege6ykzm2et24cwmo6bl3h38hc6pdvzh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\yallan91f.exe
O4 - HKCU\..\Run: [fjekoe6i0wf2lhckr1ywvukxtwkiup8m3jtmjdsijk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zznnx1f7sfnpr.exe
O4 - HKCU\..\Run: [lxsfz3h9s9ndx0ftasohqmavr6yfrnshadpg54] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\f26qzfkd7el.exe
O4 - HKCU\..\Run: [gjqlenprel] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rhdrmnbvb9mc.exe
O4 - HKCU\..\Run: [fi8s3q6d8j8iugi9lb2t8vw] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cjdasedoer53e.exe
O4 - HKCU\..\Run: [oy636dimmew3auyeor] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qqptvnakawr.exe
O4 - HKCU\..\Run: [y6oclxw7ivwvmhkc7hoe6mblzsf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zo5ct8v6xqu4i.exe
O4 - HKCU\..\Run: [r3h2w5g77hly1nskut4wj4afbckn4gcp1k7c9k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xpfexi4w9.exe
O4 - HKCU\..\Run: [duizldt8zacosv4rb5v4p0ohz80mzbl8h3wu7wls6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rvb7w66hbqzib.exe
O4 - HKCU\..\Run: [hawzjjb1ib3wcuup0qtkvr7hl835wnwo1153v5t] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ypip61vfr2s1.exe
O4 - HKCU\..\Run: [j8xob4g143g3wlv0u] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v592uoxymqtn.exe
O4 - HKCU\..\Run: [uwwwzhjwodf7n21xf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\i57c4w3l.exe
O4 - HKCU\..\Run: [zu5hawmn4hmreqkytl9d4ibisb3300ro3xv2qmz7s72t] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dc6nev.exe
O4 - HKCU\..\Run: [jb56eryn9e6wo08u] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dr3at9qg6.exe
O4 - HKCU\..\Run: [y317ghib6p4rttt39sc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dd6uxlahyipsm.exe
O4 - HKCU\..\Run: [ds1mklfhy0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\s0m256nu76css.exe
O4 - HKCU\..\Run: [hhbi6ijnraauss] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zuaky1csni5u.exe
O4 - HKCU\..\Run: [im5m4fiah97rei2ks1fkeahwd7jzh3axngp0w2x9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rqh4e63j6ch4.exe
O4 - HKCU\..\Run: [llb2esjzr946fbnsjnvew6mcydlqp0f6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\oba1srazk05.exe
O4 - HKCU\..\Run: [ar2pmy3ougefig95czc8yqmg1u3h8f] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\begw1vjqr.exe
O4 - HKCU\..\Run: [jzl4jqnp376j] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gz0w930x.exe
O4 - HKCU\..\Run: [zlerevpng16dzy00bhy454kh4zb0qakmwaf73xgnm] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d6cwd5.exe
O4 - HKCU\..\Run: [p4ht5kkk9tku] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lu5jgqrw6x631.exe
O4 - HKCU\..\Run: [qflr2j7a870] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\d7ckfvinprzw2.exe
O4 - HKCU\..\Run: [xbq1yevzsoea8tentima89w44cv980ek5pbwj7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kpvrhejbwz.exe
O4 - HKCU\..\Run: [tvzg57loxhusvt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t3azgkc8g9.exe
O4 - HKCU\..\Run: [d3ru440jivp0elgkx8s0kbtmx0sn6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\axh0qf16w.exe
O4 - HKCU\..\Run: [cqy93a4lc9ol8jvetwl80nlvm5ee952dy8brut8in35] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h95u0kk88.exe
O4 - HKCU\..\Run: [z0jto1ah79f0eh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t8c261hmg.exe
O4 - HKCU\..\Run: [n10kp7wi7cf1qr5s6cq0b0oi] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lgo3p7wa6xtg.exe
O4 - HKCU\..\Run: [itqvmnep8ucnwzwtwe55ax8j1jfzu4ubgk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cf7y55sgkkwq1.exe
O4 - HKCU\..\Run: [et3accef482qdvqlq78q] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\l403568dz.exe
O4 - HKCU\..\Run: [hwj09vrh1sls1dabiy466257vegxi136bsec2fj5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\w8mzdjo.exe
O4 - HKCU\..\Run: [xgrku58f1kg2rg15s9dtc3vw518h9qjge1dgmpt50] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rj76rl56zn.exe
O4 - HKCU\..\Run: [l2zws83l5uu98zdx7c6z8jz2eta9iet2u4ldwmld2o6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kb2poo0wo3.exe
O4 - HKCU\..\Run: [odqic8iowx0iscuz6oztaoos9v3a7q4mpt618844i4ev5c9nq] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p87rcywnj.exe
O4 - HKCU\..\Run: [mk617xeqzyd9tfe99fgi14fn0pzb8y6w6tgvjkchx4c] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xcj7da5w0.exe
O4 - HKCU\..\Run: [t0l2x91toron32n463boxmxlbo97gzlg19wmbb613zv5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\myc76if6qqx6o.exe
O4 - HKCU\..\Run: [t18pve6105ih5dlogv93g9wyip7i31518d2giogz7p] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qicp3fgykq.exe
O4 - HKCU\..\Run: [j3vz6exgui0yzqq0d53cazh6nk9f0vnb7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\snlerc1ic2jx.exe
O4 - HKCU\..\Run: [cfba22x9e0lmfc4foetc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\s9nyht6wv26.exe
O4 - HKCU\..\Run: [ywzl60u81q3jchutzldxp7i0o8ahbbniyibxoetirgdva78rf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\k5bzgyxnewi.exe
O4 - HKCU\..\Run: [ic8lizb6qsceo2g35e538m6akeaqxubikdbe57lbymn8bm] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lfgxoyhyf9dp.exe
O4 - HKCU\..\Run: [czrq40ca16s6x94hpzb3yh3gp0th7il] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mc4m7mv2kgm.exe
O4 - HKCU\..\Run: [ad9e3pi77w63d] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\llzog5brjm.exe
O4 - HKCU\..\Run: [xxkccw68b59ha01qswfssxasxnoomqx73hrs4n9bndxwkw] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\w4z7mfdkm4r.exe
O4 - HKCU\..\Run: [iuuv4iqximrf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j8saawpvvn8w0.exe
O4 - HKCU\..\Run: [pywys3j1k24e2awbw3bkaj1twtqtzce9lfgb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\al33ahix3h08.exe
O4 - HKCU\..\Run: [ezzxqkgt9pm] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kih8f8ot55s.exe
O4 - HKCU\..\Run: [j1hhghwv4la9zovlyo0qj87vb9ff28qqjc5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\l9m668p463d7.exe
O4 - HKCU\..\Run: [pm7mwrxs5iwyxqf8us4bhaw31x01y5sbqwezpkqfgoyv5oj2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rr2dn0z5xnhri.exe
O4 - HKCU\..\Run: [h0dlguy6muvrl0nfzcmf14yl6z84ywf5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v6jbbzv0rny.exe
O4 - HKCU\..\Run: [o3bpf56bp1qe6osj2irfp6ndh82nebd5pga937pkb2y] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bfi5rpftiu.exe
O4 - HKCU\..\Run: [eqyknxr6m4pgsorie53x47q079kkfc7dqpqyjbu4g9w8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sdjtzexs2.exe
O4 - HKCU\..\Run: [dnjvkrymh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\spetzfcgdkzs7.exe
O4 - HKCU\..\Run: [j6f4danh2fhl7irtj3t4iu1conanfo4g] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vl3f0djuyyzs.exe
O4 - HKCU\..\Run: [d7lk385ahgksa89sd0s5o5vcubwiyy2nf90us9x514wq] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h39lab.exe
O4 - HKCU\..\Run: [k5b9o4pbg9kag] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\w5zgvm81g0gvt.exe
O4 - HKCU\..\Run: [xor8toom6cm] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p7l1b6.exe
O4 - HKCU\..\Run: [km5hlx8lptrr5vkqesihtqd8msw59] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cfaga8rseas.exe
O4 - HKCU\..\Run: [h06kpmmlq7bjwkjhay] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qyazgitlhdiz.exe
O4 - HKCU\..\Run: [ii40fd5utgko2bw1tjp7rhe84hyob0i369abtyoz6suvd1hhn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dpfe18s3f4nz.exe
O4 - HKCU\..\Run: [muh025a2h60tr0fxp620b3vgsnnjgfyhx0qmd6luefhqau] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\m3q8xx7z.exe
O4 - HKCU\..\Run: [cgdd6mx17mgalnidd2cvd3m5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lpphec2dh4wd.exe
O4 - HKCU\..\Run: [w4ecg7tc0ve206uqqnh2temk4wra382uorw7807v7h544cxvyf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\se1z8r.exe
O4 - HKCU\..\Run: [v0sorhn7b9tbv5he3k9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mzufmcm5ihaij.exe
O4 - HKCU\..\Run: [najy3f8baiadwoemmbt15le76w8vx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c7crbf7z.exe
O4 - HKCU\..\Run: [l7stsvqsndiww75tjgo6m5lo0vy9e86f7o7zwzl30mykll] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dhhpjwraj.exe
O4 - HKCU\..\Run: [hvz5l4qzu86vo047wjautl28l9vt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u3jh3qydz.exe
O4 - HKCU\..\Run: [z5u0040lmu5w3r] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v8tq226y95vn.exe
O4 - HKCU\..\Run: [brivskg4rr0ske4qgs3i8j] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c7jblejaph.exe
O4 - HKCU\..\Run: [fscbpjx25qc1mginlk25wssdjq6qelgguyryaoki] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\r50sy4hhm.exe
O4 - HKCU\..\Run: [gnxw5xnne61mb2a03zpip69n] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ccvb1dv.exe
O4 - HKCU\..\Run: [yeo627bvp3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nv2e05ql1d.exe
O4 - HKCU\..\Run: [sfs9tza5r1nlhwj3ned5szx0sh0w3innrko6fud01e7pnslke] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lcwsg1pysub8.exe
O4 - HKCU\..\Run: [q6ut4satezjfst46x6epffgz5y3rf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zoavsrrr7.exe
O4 - HKCU\..\Run: [ec4idwrvvd02v3rrewc1lepz1q1u6py3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vaq4965mpom2j.exe
O4 - HKCU\..\Run: [md1mk8jt5o07085fox0tvhfj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tv6caoz8uuk3.exe
O4 - HKCU\..\Run: [nkfeoe2j6qpu9bw] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j3brvvh7spf0.exe
O4 - HKCU\..\Run: [rl8gmb2k0nujhsy7ljl897ybl6d0onoke3i5d3drsfu5aj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ucr8yqnlbqt0h.exe
O4 - HKCU\..\Run: [vew9x694z0buzh7b0zoyjim37ad2eqx41l3mbs5mejaa] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lyc0ikborz5ax.exe
O4 - HKCU\..\Run: [del2qvj95l98iqo0k2cbh2cgifalzwgwsngcueeq] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mz0wwto4d3f.exe
O4 - HKCU\..\Run: [ttlcvbzegn86lpbl2fluygl] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\n4prs7ionl.exe
O4 - HKCU\..\Run: [u63rfiae00hdnjt111ygh7hdajwu2yuj9jz2qkak3txud4h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\v9fxhxi6gxj0.exe
O4 - HKCU\..\Run: [vg66zk7bu42mvk248uomz06fo2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sv81e8v1yy.exe
O4 - HKCU\..\Run: [rusv837kd1qcmtk7nacrtvvf8bt87twld2njnnz1ss5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u50asmlz9tk.exe
O4 - HKCU\..\Run: [tcuujbmfd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xpqeni2xv52.exe
O4 - HKCU\..\Run: [jvxg23rszft6qryu8wyafgd6vd6dfstsl8qgtohkzde] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\daw8nsancnkwo.exe
O4 - HKCU\..\Run: [wds4kv5au0rmm1cxrfowedzun16no5461trnbw08aefj18] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ivg8vhrusuhq.exe
O4 - HKCU\..\Run: [kka1b2whgsd80f6fbhwx1s5x5ykmmeown9s5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\an8zj1gau.exe
O4 - HKCU\..\Run: [vtcande3kqw5qkrq] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\haakicmp3p9t.exe
O4 - HKCU\..\Run: [cvm6gv5536] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t1b3yhguk5v.exe
O4 - HKCU\..\Run: [hjn67rnifb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gy883rmq5t.exe
O4 - HKCU\..\Run: [moaisr1cj433cqt853xxxo6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\r8ae8ghu8.exe
O4 - HKCU\..\Run: [fep2yhtpozs093wfe1jt6w96foqk4s5a29paxs0kx0qx5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zs057yiu5j8.exe
O4 - HKCU\..\Run: [tiiu01hkfw] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xruc44.exe
O4 - HKCU\..\Run: [rbymwpyxywwlglt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b2se4c8bxvw6.exe
O4 - HKCU\..\Run: [wl1eui2ylp46tgma] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ccxcvcsmypru3.exe
O4 - HKCU\..\Run: [dlp1w6c6pmv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\i1zzn72nw7.exe
O4 - HKCU\..\Run: [affn8b2o24xrewl5tmaeaue6i7900] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gnceckpiw2t.exe
O4 - HKCU\..\Run: [n1awwxjpeq6tpbybkkfo6h0q805] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zkqji4acgq.exe
O4 - HKCU\..\Run: [xfas6g2jbx68y41e7qawj16zyl511rd6c7hgs9fghh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bjaz0vm5wx.exe
O4 - HKCU\..\Run: [h5qa0f0dpwvsmjlx68uwl8ggonack] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tr50j11tmlrl2.exe
O4 - HKCU\..\Run: [ahzymwyys8syk16nciizf04ij3x6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\z04ugrlmw9v7.exe
O4 - HKCU\..\Run: [avn5febsxh1bekr1bson40gq] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ko6xvibtza1b.exe
O4 - HKCU\..\Run: [l0pe11fawfuxfxfvbd68f4phw1namye32q614gcjfcsr99o21] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\z5nep890wsi.exe
O4 - HKCU\..\Run: [lcyzxkxlp7yvdo9bjm6taqt8nt2qp880pkfj38m3p4tga] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h9zuq33zr6a.exe
O4 - HKCU\..\Run: [klovgdkn5raqisg2u0hdh9xwdfbks0q7xycmn6h89p] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\duiw24mvjy89w.exe
O4 - HKCU\..\Run: [lfstdc7w457vp6r9e4eluf1gjrrogm3tbifub6tiwt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\yq6gisdm2s12g.exe
O4 - HKCU\..\Run: [kw8s91ys3gl47828gg4szoucgm3f6jloryt2w4jowa] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\n1gmatopokmg.exe
O4 - HKCU\..\Run: [q4tfwgnan] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t27b1p009y.exe
O4 - HKCU\..\Run: [xoa3qkl7mbplgs5khjhts5khva5r98kf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lfvchurrss.exe
O4 - HKCU\..\Run: [vmm30b9coxd7cgjwggxa2f07xsjh25uxifazh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xrjteldvw4zz.exe
O4 - HKCU\..\Run: [exc4bmn0qy9c72912wlq27ilkn7nqflq5nap6yx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lkefqbf5s.exe
O4 - HKCU\..\Run: [t5lx8qlc2500spi25] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ab9g9hutigyw.exe
O4 - HKCU\..\Run: [qjxosn4btqz489v4x85knq9un6ifv0m4o9dje] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tylygm5v245ud.exe
O4 - HKCU\..\Run: [k5ao1v0stfb5uy099gzl11925] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ec92ws3p1.exe
O4 - HKCU\..\Run: [riw505nj7vmjwj6jb5tur5qbxnnyeipv] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c7k9wcpotb9z.exe
O4 - HKCU\..\Run: [ctt6uez56m] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uzc01we4e.exe
O4 - HKCU\..\Run: [nobosncwfv7as90nrq658qroo712kxg1pczwvtwji] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cimke0ovg.exe
O4 - HKCU\..\Run: [drvuzxfv6n3kz7d1dx2ca5b9hk4rlzear] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ykcp02lstiu6w.exe
O4 - HKCU\..\Run: [yi8xf8uliy2jd4ia81zzrb6cjas6evfxnx8soa9jo03yy] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xfqbijpz12u.exe
O4 - HKCU\..\Run: [cpagrfy7iq5qqog4q53r4cv99q] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mxnzhneukvmi.exe
O4 - HKCU\..\Run: [ddlkpcxurp] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\etu0gs5l3pfb.exe
O4 - HKCU\..\Run: [d4w3nu0ks8lgckdbxf6ao56a5vy5mryeubzutz1ob24n87t1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ls1lz4ixj1.exe
O4 - HKCU\..\Run: [rqtjh4xfftj3eiwim7gm16h52tnxr5zx7ib2yxdabc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\cmnd2qdi03azc.exe
O4 - HKCU\..\Run: [c0h6qhwxfvix7or2fd0hradugmr4z5p2g55kwnjkn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ay5r26jw7s.exe
O4 - HKCU\..\Run: [culrxieqv3eug5ble4ttz4uya1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kd6noa9vbzd1g.exe
O4 - HKCU\..\Run: [a10dtgzr2ssufqzqrbt9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b9adcd93cz.exe
O4 - HKCU\..\Run: [v6lkel5yomp6fw45qgpn1bad] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\pcjjdj9d1t3.exe
O4 - HKCU\..\Run: [vwwfu9l4snusycs] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\n8slrd4162po.exe
O4 - HKCU\..\Run: [qjf9p4ca22i1m4ticp1b5k7lvmxkydsygqn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\a09629svu5ami.exe
O4 - HKCU\..\Run: [fqvvfy1mqjsyj71zxombmqiq006h0uh6al0b9b] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\aanuy30xc.exe
O4 - HKCU\..\Run: [gmwaxohs066joosmms6v21sbcdyw8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kjpegh35fc8.exe
O4 - HKCU\..\Run: [uz1nrpsmccx1efwcic] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rddwqvs3v5.exe
O4 - HKCU\..\Run: [pl7cjhwm2nxt3xcvg2begtapeyhr3itr0ev0rt9a5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\je30fhore.exe
O4 - HKCU\..\Run: [kbnvv6so55ak40w9970owpdh1sd7x6dncs1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\riwgzcx0v.exe
O4 - HKCU\..\Run: [trg15bo4bxo34dv82vdnmwcym0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gvak8gh24c1.exe
O4 - HKCU\..\Run: [op96uozllw5eh4sh5sycgcjrbnzcri67z2agjk07jc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qn55n9ik606.exe
O4 - HKCU\..\Run: [hd1j1rbg9jxgnrgy5iigc0yl5k6pexu4c6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wcxc8mlfbc.exe
O4 - HKCU\..\Run: [nxm69nvx6t69iltkajw8864dxkvqpnkn2lp754zb1p0g60gd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\q9es6pg9wud1.exe
O4 - HKCU\..\Run: [vkc6qozpprofuchm3gtfzrrp5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ttg1ksljql6.exe
O4 - HKCU\..\Run: [v65dtf5fexyyaw1dbo3t4sd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\z16jtg7rx.exe
O4 - HKCU\..\Run: [m32nbbn1ohp8ndem4zs8reupgri708dorfq] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dc5uaktp0p.exe
O4 - HKCU\..\Run: [atnize872l134p6cmisw2dwls0vzxv5k46wcbjwd7arm] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h1wms86l4r2m.exe
O4 - HKCU\..\Run: [f9eaijxdib] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\oekn23at6va.exe
O4 - HKCU\..\Run: [lrxek2g4bjssmyh1xxio0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\p5pltkb47p54.exe
O4 - HKCU\..\Run: [k7ka06ddo37wznebedn44nfhp1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gwarrp6ypp.exe
O4 - HKCU\..\Run: [dn3mp2ygpghxlq94j2xk0bxiriro6wu5zcg344d15cv7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o037bkf76v.exe
O4 - HKCU\..\Run: [pzg4db6xd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ynmsavlmfdz2u.exe
O4 - HKCU\..\Run: [ospmfmx3plt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kq5td2oqvv3.exe
O4 - HKCU\..\Run: [hqljus8y2a36b33n4gfu6ednv5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\z75a7smesd.exe
O4 - HKCU\..\Run: [tc2gypdtn9udvgb2nv73950uvtbf67fwm74] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rfhuqh1li1tdw.exe
O4 - HKCU\..\Run: [s9ak12rapfz3tkzew50nb3htm8l] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\tu43ku3mmjk.exe
O4 - HKCU\..\Run: [cxlzhtqvrnmn7] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qfe0yfa207.exe
O4 - HKCU\..\Run: [zy2eyjaatpvdzha1064cdagxxnku3gsbvjgs7asc9f] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\x9l1raz0g.exe
O4 - HKCU\..\Run: [wajxnecowqj1iom7njup] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\mmg50xj26qe.exe
 
O4 - HKCU\..\Run: [sgqee6bsqx8dxugbbqo0h7ntfsjnt6vltp12x] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lhurzxno5.exe
O4 - HKCU\..\Run: [djhi3qaiuwrg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zkaha2zqkkpl.exe
O4 - HKCU\..\Run: [wucvxwm9vs8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kmt0gc1jn28cy.exe
O4 - HKCU\..\Run: [b7sm1n953vodvb55uec8meffg5ueqqjblqob8n] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rghi97qh3e1v.exe
O4 - HKCU\..\Run: [qenis5vbfe] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zucl9h9i33.exe
O4 - HKCU\..\Run: [mbtvw7oygv7072rf] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c92oew22pwb.exe
O4 - HKCU\..\Run: [hz4bedrmwomjtrqt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jmq6oarj58.exe
O4 - HKCU\..\Run: [dxaw42vt0cp3fexbh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\foktgbir6.exe
O4 - HKCU\..\Run: [wjj3dab2wf2ww6g9wt7f7to5hz2aehw5wk9c8wpe] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qdz28a3nybtkj.exe
O4 - HKCU\..\Run: [kaude8vrn23c2qj87wpaw7zr5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b1i541a9by8kx.exe
O4 - HKCU\..\Run: [oop29tm56bp4i0b5znnxk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h12mjpnul5.exe
O4 - HKCU\..\Run: [n9syb6f13xzrj8s4gds3pnzo9c1zfdfgao53ik] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o4vkn4cb8bprr.exe
O4 - HKCU\..\Run: [t9cjpuswc8n3hb27nglq0vnfvpul5xymjpy226dz] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h6l696s84.exe
O4 - HKCU\..\Run: [bksfnt3jk0mk1c877yqz0xla52ehpxwuj1tpx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kqut4ngkh.exe
O4 - HKCU\..\Run: [e4umy7rze33qxmomosvvh82fc85f1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ppv9ma2z6.exe
O4 - HKCU\..\Run: [jw73u0zhp8dav3558bynxxifsrd8oon5g] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\yur7yxrn9ii.exe
O4 - HKCU\..\Run: [nf29q22i2zedyyyrx4ej0po9o77wp1zj3kdltgj3kx5foj5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gyk6ishwqo6.exe
O4 - HKCU\..\Run: [zk81bqm0gaqqnzm0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nbrob66u60.exe
O4 - HKCU\..\Run: [dgc7ives7ug38k0uvdwj6ddtkjgq08inotvfsul0typ] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wlnpwr0w9dm.exe
O4 - HKCU\..\Run: [gozmj6s2ev6w0jbgwsprhvbm] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t4c7a9y.exe
O4 - HKCU\..\Run: [xi9kbhxra01i6wbz2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fx0o70kh4.exe
O4 - HKCU\..\Run: [ng08sd353ch2xhclkggcpot32ryvb12r9hx9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jjh1pwgknqxw.exe
O4 - HKCU\..\Run: [fjhfrf4q2pye7he0i1ptyhe2n9ed3n67qn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u20kc6idq8xny.exe
O4 - HKCU\..\Run: [oz36xgb7nei7je65koqrqjf9p4qiu5yb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j50lfdly6qk.exe
O4 - HKCU\..\Run: [fab93p4f746w677lhbfvaqt5q2l5tqo0t27acscz1gg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gqt1tyse1e.exe
O4 - HKCU\..\Run: [vkq9i4kfygbizt49rgc9r2khyvxnluxkx4d3vgii0mrr4] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\z4w5pxsyacdy.exe
O4 - HKCU\..\Run: [w81dgijhy1huf36n20grpz8inndje] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\r03po2jpt6p8.exe
O4 - HKCU\..\Run: [i2zcfu7wd4yhtt6lozj] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\vho2t472a2y5x.exe
O4 - HKCU\..\Run: [jveir5u0ko72s66h2dkoyou0nzfwdqa5iik18whu3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qxl9n5waf89cl.exe
O4 - HKCU\..\Run: [lbxv2p32rwy8q] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xr9rxjl8vk2e.exe
O4 - HKCU\..\Run: [itd513fh8fwlwfx9s7xishnfxz56953boj631x] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\a73l0b0cj.exe
O4 - HKCU\..\Run: [b9ffxixqngmu4u85ao54pa] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\pmg4df6kt1n6k.exe
O4 - HKCU\..\Run: [vuv1ben8ali81e4895gmxusnawp4gvyj9nlbz49897x2s7wdk] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\qdl2lf.exe
O4 - HKCU\..\Run: [kcul095pt5psspkz71y732lrt73pz7pbb0cqlcxq82cwh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zx57jt9vpf.exe
O4 - HKCU\..\Run: [uwb9bd33ssyrpm662co87zc4zb6] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rtt8iy0m89.exe
O4 - HKCU\..\Run: [oydlls8ahd9agilab2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rpqvxv5hkfcim.exe
O4 - HKCU\..\Run: [qn9notl1izt594a3ry2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ztjuyqvq1l0p2.exe
O4 - HKCU\..\Run: [s9lw0dff7zsea62gp5f0manx7p7jllwolsiclee8eb5iwbzq9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t41okq0cvr4ld.exe
O4 - HKCU\..\Run: [gkb2oqkfjuvjo8xmw2kj8impubdmbuojncahh230] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gv519x4.exe
O4 - HKCU\..\Run: [zq3zihhtc8cz1guiwyg0b5mwx23q8i788hj1ldoehv3x3wjeu] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ozh0asu.exe
O4 - HKCU\..\Run: [h8d0ughh3s19033tyxsllbaiyxfqfktlc3j] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\c6tjw18m7e4ue.exe
O4 - HKCU\..\Run: [ivwy3alm7o7ngc2944o33lgpdyjybh2l6eh6xv5ktvbaj7z] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b8unll962bjd1.exe
O4 - HKCU\..\Run: [gpu7kvam5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jm16bdzbm.exe
O4 - HKCU\..\Run: [xjk75c044xc910yrnn721v4atmcu5iohrqxv3j3par8bv0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\a38932uobm3.exe
O4 - HKCU\..\Run: [btd4b4amhfqq3bng5okwokx6k4heh9ztn89xq92mwj5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ic3sde8bbs.exe
O4 - HKCU\..\Run: [g2cj2w0db34u0kuj37cewbu1rh06t041w40f7dwlnd1ke51] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wftyv1r20mw.exe
O4 - HKCU\..\Run: [tt4mdz4xcqg5pk4lm1ni6o7ivgd7fxmac391vvwkmoe] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gtxnta7ss48m.exe
O4 - HKCU\..\Run: [s31j69igvic2m2yt9n6dyvd3fw09] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gyg72rv6bnv.exe
O4 - HKCU\..\Run: [zufbe3dg4t0nbwzuvuydtb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\j4pen4yixz.exe
O4 - HKCU\..\Run: [x3h67rf58itfsc9] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\u68xtv0b0h0.exe
O4 - HKCU\..\Run: [gewg8obd3g95pt0bve38hwps49zfn9045nvdgtndkm1yrh] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\b0wym9p9gt.exe
O4 - HKCU\..\Run: [qfscgnrw54t2id10a9oe] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\m207nrvrznq.exe
O4 - HKCU\..\Run: [d1q6eephy4944bcv3ejfk1vmj2g5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wlc6nr2v4.exe
O4 - HKCU\..\Run: [ppe5dt14vo6h9nr8hq02cxxmvbhoray8xw33xp] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\i9h3b1jl8bi3.exe
O4 - HKCU\..\Run: [zlj513kvgyqiepxvifejtyy] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xqyk5rhs5tz.exe
O4 - HKCU\..\Run: [l70hm5lhqdpxi7t0uoqyc6sze68elj05jb8n3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ckzgx1572hmz.exe
O4 - HKCU\..\Run: [okheeq39wroy7buhdknqzy868g0jf5jdsmkksw94d0aev7oyw] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fq8nierj7c8.exe
O4 - HKCU\..\Run: [ym4w7v60zs700u8sub6yx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jpmsu8x6di8.exe
O4 - HKCU\..\Run: [c208t5rl1c3mzywcq] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\t3qhshdw5jk2.exe
O4 - HKCU\..\Run: [im06qejx6sm9cxbf06vbha8nj2ph2juwko93m2] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o568tzqztpi.exe
O4 - HKCU\..\Run: [vwh6mi2ne43080ug5ziprt] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lqz57kxf7d.exe
O4 - HKCU\..\Run: [nlsa8rli2v7xlwu5x92a5egzpwe57h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ahbpqqc3x1dz2.exe
O4 - HKCU\..\Run: [qi8ywkoem3ngfee8h] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\m503svpga1toe.exe
O4 - HKCU\..\Run: [a4dl3vra18n4lxdv6xsr23794or1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\lmx90ty1il.exe
O4 - HKCU\..\Run: [u6zsy38fxmwz00qwnvllmhq7r1tw3b8ue31smqlpnd0bcr74o] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\i7qpee5d6.exe
O4 - HKCU\..\Run: [iup0m9p7grefmgnatmsdfcz2m9smw94gcfd] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\fsc2z0.exe
O4 - HKCU\..\Run: [y0592o5vwdafqa05y] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wgp6h9s8pfa.exe
O4 - HKCU\..\Run: [l0d50jn7xktvjx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\sxtwipujey.exe
O4 - HKCU\..\Run: [wzcv71n0choh0h16fgga1gmjt9u0x9svqjvihipaeev3] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h5ogiv974mz5n.exe
O4 - HKCU\..\Run: [gn2qu0b7p86kpg8c2iw5ywq8a] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\i5brosj3scufc.exe
O4 - HKCU\..\Run: [agn55atn45] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\uyg8lj1.exe
O4 - HKCU\..\Run: [ufy4eqm4vhrkawzg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jfgpf9.exe
O4 - HKCU\..\Run: [d3iv540ld2fcvwl] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\erykfp5jmnc.exe
O4 - HKCU\..\Run: [enxm0apid24c7xu8d95x0] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zx0okad.exe
O4 - HKCU\..\Run: [nea9bqg3j59pduebeosnvylc79v64yt3gmmqb4g8n73] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\h1t44qc.exe
O4 - HKCU\..\Run: [v4kv07v64ftaqp1xlmj5c1y] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\skcnrwoc.exe
O4 - HKCU\..\Run: [x5ee2tygwyy0vsepga1pq611lno7n23h5t8z2rm1] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wsoo4b175h.exe
O4 - HKCU\..\Run: [rxdfhv6a2csxzoyu7texjl21] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kg07qkf3.exe
O4 - HKCU\..\Run: [qbaod4tieu] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\dmc6x6q5l.exe
O4 - HKCU\..\Run: [d5k73b32dye4vmrkb3q3lkqsypbc] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kljrgik.exe
O4 - HKCU\..\Run: [du3zp0jthp7jbilkewhnndh8apuc4qazr7uvwfz1djqmqhe8i] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\zceszoz5rt.exe
O4 - HKCU\..\Run: [hndsxbqtl0cdt7g8e2oa5mmj83y] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\o529dyl9zv2e.exe
O4 - HKCU\..\Run: [x3dl1wcahgwumx90kqtbsvgncscrr04o3j2c5epgnv9d5] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\z3gfymsx.exe
O4 - HKCU\..\Run: [y5wwquvea1eu2w9jk8bsd1a4t3bjkc9gauo6fhya4o] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\gx4xrhh.exe
O4 - HKCU\..\Run: [j6hpyvndgrlcsanltlwdrya8sibu7ugzbf4tria1c] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\nabykv.exe
O4 - HKCU\..\Run: [ppbirf4irvj9rxdk7113590swf27dy05] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\f6zz00.exe
O4 - HKCU\..\Run: [otrxdexpga1jmo5avkrv88g5zmkbxkb] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\n1dljaz4p0z5.exe
O4 - HKCU\..\Run: [azxm1rjdui8g7ocl856dztzg544wf3up] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jc1k6e392u.exe
O4 - HKCU\..\Run: [tlbe4b3gmny8] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ue13too25cs.exe
O4 - HKCU\..\Run: [hzvzstlt5b822jpi0yqmfxsz8qvyvps0rywxsd29] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\bnm81gzveuhaq.exe
O4 - HKCU\..\Run: [ejuoahov14o5oog74x17tefzyrmw08hh7r12ywx] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\wjashlqmxoa3a.exe
O4 - HKCU\..\Run: [jor1vbyk6esxc5esguae2veaazlrj0uxut3o3g4d] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\jrf72b84v05hp.exe
O4 - HKCU\..\Run: [ryio8lo2xvfuvdjti7e0k] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xafq8l.exe
O4 - HKCU\..\Run: [guuz1smc0at15vzcncgynkt7i12vrv85ywxaq7jzpppyko5jw] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\ej0vgd4q.exe
O4 - HKCU\..\Run: [lsurtkvgcvtejpbzr] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\xpcunzfsa.exe
O4 - HKCU\..\Run: [ao5qsp76ofn] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\rhu7qi1e4.exe
O4 - HKCU\..\Run: [bc9rndkwn69dxwm3d10yu0a9vphdhm4vrtutfv3q86167qwg] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\hze6e00q1r.exe
O4 - HKCU\..\Run: [fbe0oqrbt0ejii8wooovtvddu25xfs88f2j68wp] C:\DOCUME~1\FHEL~1\LOCALS~1\Temp\kk8ko9.exe
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1235190547000
O20 - AppInit_DLLs: wbsys.dll atxpii.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Norton\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Norton\rtvscan.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 85068 bytes
 
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop 6.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe SVG Viewer
AIM 6
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
Audacity 1.2.6
BitLord 1.1
Bonjour
Daily Brain Training 1.01
Dark Messiah of Might and Magic
D-Color 1.2 (remove only)
DisplayFusion
DivX Content Uploader
DivX Web Player
Driver Sweeper 1.0
Dual-Core Optimizer
Empire: Total War Demo
er100LT
ERUNT 1.1j
EVEREST Home Edition v2.20
Executor v0.98b
Fallout 3
FLV Player 1.3.3
Hamachi 1.0.2.1
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB924441)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
IGN Download Manager 2.3.3
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.69 Standard
Last.fm 1.5.1.29527
LiveUpdate 1.6 (Symantec Corporation)
Logitech G-series Keyboard Software
Logitech SetPoint 5.00
Malwarebytes' Anti-Malware
Medieval II Total War
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
miniMIZE 1.0.37
MobileMe Control Panel
Mozilla Firefox (3.0.1)
MSXML 6.0 Parser (KB933579)
Nero - Burning Rom
Netflix Movie Viewer
Norton AntiVirus Corporate Edition
Notepad++
NVIDIA Drivers
NVIDIA nTune
Oblivion
PC Probe II
PeerGuardian 2.0
PlayLinc
Portal
PunkBuster Services
QuickTime
RealPlayer
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Serious Samurize
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Spybot - Search & Destroy
Steam
Team Fortress 2
Total Video Converter 3.10
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Ventrilo Client
WindowBlinds
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
World of Warcraft
 
How did you get this computer this messed up? You are going to be lucky to get out of this without reformatting.

Open MBAM and click the Quarantine Tab, them delete everything in the Quarantine area.

Make sure the Recycle Bin on the Desktop is empty.

Click the Update Tab and click Check for Updates, download and install any available updates.

Click the Scanner Tab, make sure "Perform full scan" is checked, then Scan. Remove anything found and post the results of that scan and nothing else.

Thanks


See this: File Sharing, otherwise known as Peer To Peer. (P2P)
http://forums.spybot.info/showthread.php?t=282
If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
Click to expand...

BitLord 1.1 <<< uninstall this program and any other p2p program on the computer.
 
I only use IE very rarely to watch instant movies on netflix. About a week ago, I recieved an AntiSpamware popup while watching. I closed the ad, thought nothing of it, and ran Adaware and did a full scan with my antivirus program. I was able to use my computer without any problems. While running Steam (which seems to use IE ) this weekend, I browsed through some of their features. I immediately started recieving numerous popups and fake alerts.


Malwarebytes' Anti-Malware 1.34
Database version: 1798
Windows 5.1.2600 Service Pack 2

2/23/2009 8:17:20 PM
mbam-log-2009-02-23 (20-17-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 192539
Time elapsed: 52 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{D814A96A-8711-4ACC-B726-98F1E613FA66}\RP1028\A0303363.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D814A96A-8711-4ACC-B726-98F1E613FA66}\RP1028\A0303364.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D814A96A-8711-4ACC-B726-98F1E613FA66}\RP1028\A0304371.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D814A96A-8711-4ACC-B726-98F1E613FA66}\RP1028\A0305371.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D814A96A-8711-4ACC-B726-98F1E613FA66}\RP1028\A0308400.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D814A96A-8711-4ACC-B726-98F1E613FA66}\RP1030\A0308812.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D814A96A-8711-4ACC-B726-98F1E613FA66}\RP1030\A0308882.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 
Please watch your email for a private message so it does not get send to the junk folder.

Thanks...Phil
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:55 PM, on 2/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton\defwatch.exe
C:\Program Files\Norton\rtvscan.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Norton\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Executor\executor.exe
C:\Program Files\D-Color\dcolor.exe
C:\Program Files\miniMIZE\miniMIZE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\executor.exe" -s
O4 - HKCU\..\Run: [D-Color] C:\Program Files\D-Color\dcolor.exe
O4 - HKCU\..\Run: [miniMIZE] C:\Program Files\miniMIZE\miniMIZE.exe
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1235190547000
O20 - AppInit_DLLs: wbsys.dll atxpii.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Norton\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Norton\rtvscan.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7434 bytes
 
That looks a bit better, let's have combofix check to make sure we are not missing anything.

1) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


2) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
Update for Windows XP and Windows XP Hotfix to shorten the list)
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks
 
ComboFix 09-02-21.01 - F H e L 2009-02-24 13:55:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1602 [GMT -5:00]
Running from: c:\documents and settings\F H e L\My Documents\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\atxpii.dll
c:\windows\system32\bpvvpvwq.dll
c:\windows\system32\degnchde.dll
c:\windows\system32\eudcoj.dll
c:\windows\system32\hfgipa.dll
c:\windows\system32\init32.exe
c:\windows\system32\oswgrdnj.dll
c:\windows\system32\qyucxd.dll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\xwcfpynr.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_uacd.sys


((((((((((((((((((((((((( Files Created from 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))))
.

2009-02-24 13:50 . 2009-02-24 13:50 0 --a------ c:\windows\LCDMedia.INI
2009-02-24 12:06 . 2009-02-24 12:31 <DIR> d-------- c:\program files\World of Warcraft Public Test
2009-02-23 17:01 . 2009-02-23 17:01 <DIR> d-------- c:\documents and settings\F H e L\Application Data\Malwarebytes
2009-02-23 17:00 . 2009-02-23 17:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 17:00 . 2009-02-23 17:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-23 17:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 17:00 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 14:21 . 2009-02-21 14:21 <DIR> d-------- c:\program files\Trend Micro
2009-02-21 14:19 . 2009-02-21 14:19 <DIR> d-------- c:\program files\ERUNT
2009-02-21 12:36 . 2009-02-21 12:36 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-02-21 12:34 . 2009-02-21 12:34 <DIR> d-------- c:\documents and settings\Administrator
2009-02-21 11:44 . 2009-02-24 13:59 13,646 --a------ c:\windows\system32\wpa.dbl
2009-02-21 10:59 . 2009-02-21 13:11 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-21 10:59 . 2009-02-21 13:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-21 10:38 . 2009-02-21 10:38 2 --a------ C:\-2001083721
2009-02-20 23:10 . 2009-02-20 23:10 <DIR> d-------- c:\documents and settings\F H e L\Application Data\The Creative Assembly
2009-01-29 00:22 . 2009-01-29 00:22 <DIR> d-------- c:\windows\8AAB4176A747493AA42CB63CFADFD8E3.TMP
2009-01-29 00:22 . 2009-01-15 08:19 206,793 --a------ c:\windows\system32\nvapps.nvb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 18:12 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-24 08:16 --------- d-----w c:\program files\World of Warcraft PTR
2009-02-24 01:45 --------- d-----w c:\program files\BitLord
2009-02-21 21:54 --------- d-----w c:\program files\Steam
2009-02-19 00:55 --------- d-----w c:\program files\World of Warcraft
2009-02-08 05:13 --------- d-----w c:\documents and settings\F H e L\Application Data\U3
2009-01-29 05:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-15 13:19 6,301,248 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-01-13 11:54 --------- d-----w c:\documents and settings\F H e L\Application Data\Download Manager
2008-12-29 04:38 --------- d-----w c:\documents and settings\F H e L\Application Data\nView_Wallpaper
2007-09-19 04:11 22,328 ----a-w c:\documents and settings\F H e L\Application Data\PnkBstrK.sys
2006-08-21 23:17 162 ----a-w c:\documents and settings\F H e L\options.dat
2006-08-09 21:40 1 ----a-w c:\documents and settings\F H e L\SI.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\documents and settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"Executor"="c:\program files\Executor\executor.exe" [2008-05-19 1052672]
"D-Color"="c:\program files\D-Color\dcolor.exe" [2004-09-04 31744]
"miniMIZE"="c:\program files\miniMIZE\miniMIZE.exe" [2006-01-25 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\soundman.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

c:\documents and settings\F H e L\Start Menu\Programs\Startup\
Client Default.lnk - c:\program files\Samurize\Client.exe [2007-04-07 2010624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-03-05 21:26 210168 c:\program files\Stardock\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll atxpii.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^F H e L^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\F H e L\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 05:48 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 19:24 50760 c:\program files\Common Files\AOL\1142979019\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-08-01 12:36 1103216 c:\program files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 06:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2009-01-15 08:19 13680640 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2009-01-15 08:19 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2001-09-24 07:59 73728 c:\program files\Norton\vptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-07-17 16:39 55824 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2009-01-15 08:19 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1142979019\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1142979019\\ee\\aim6.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=

R2 OSCI_DRVNT;OSCI_DRVNT;c:\windows\system32\drivers\OSCI_DRVNT.sys [2008-09-11 6784]
S1 5016805;5016805;c:\windows\system32\drivers\5016805.sys --> c:\windows\system32\drivers\5016805.sys [?]
S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-08-28 10664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a454cfb7-e62d-11db-aeee-0015f2a1a72f}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1275210071-725345543-1004.job
- c:\documents and settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 14:58]

2009-02-24 c:\windows\Tasks\User_Feed_Synchronization-{A49553E7-321F-4488-A4EA-A3D7E4BF91AE}.job
- c:\windows\system32\msfeedssync.exe [2006-08-22 23:11]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
MSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 13:58:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1275210071-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e4,91,f1,6c,a1,58,32,48,61,48,3d,95,53,4e,4a,f5,17,fd,31,02,13,38,07,
f4,d5,54,fa,2c,8a,d6,a7,e1,7f,4a,7e,40,a9,1c,ff,93,93,ed,92,3f,e8,15,2e,9a,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-1004336348-1275210071-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:d5,e5,8a,a6,86,f8,7a,98,5e,80,9e,df,b5,c6,6c,31,4c,f6,b1,5e,18,
f1,2a,14,7b,d7,4d,56,00,1d,c7,a4,1b,cc,59,a1,51,8a,97,c9,76,40,fa,a7,fb,d1,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\Stardock\WindowBlinds\wbsrv.dll
c:\windows\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
c:\program files\Logitech\G-series Software\Applets\LCDClock.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Norton\defwatch.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-24 14:05:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-24 19:04:48

Pre-Run: 66,026,700,800 bytes free
Post-Run: 70,008,872,960 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /usepmtimer

241

******

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:00 PM, on 2/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Executor\executor.exe
C:\Program Files\D-Color\dcolor.exe
C:\Program Files\miniMIZE\miniMIZE.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Samurize\Client.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton\defwatch.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\executor.exe" -s
O4 - HKCU\..\Run: [D-Color] C:\Program Files\D-Color\dcolor.exe
O4 - HKCU\..\Run: [miniMIZE] C:\Program Files\miniMIZE\miniMIZE.exe
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1235190547000
O20 - AppInit_DLLs: wbsys.dll atxpii.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Norton\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Norton\rtvscan.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7120 bytes


******

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop 6.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe SVG Viewer
AIM 6
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
Audacity 1.2.6
Bonjour
Daily Brain Training 1.01
Dark Messiah of Might and Magic
D-Color 1.2 (remove only)
DisplayFusion
DivX Content Uploader
DivX Web Player
Driver Sweeper 1.0
Dual-Core Optimizer
Empire: Total War Demo
er100LT
ERUNT 1.1j
EVEREST Home Edition v2.20
Executor v0.98b
Fallout 3
FLV Player 1.3.3
Hamachi 1.0.2.1
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB924441)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
IGN Download Manager 2.3.3
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.69 Standard
Last.fm 1.5.1.29527
LiveUpdate 1.6 (Symantec Corporation)
Logitech G-series Keyboard Software
Logitech SetPoint 5.00
Malwarebytes' Anti-Malware
Medieval II Total War
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
miniMIZE 1.0.37
MobileMe Control Panel
Mozilla Firefox (3.0.1)
MSXML 6.0 Parser (KB933579)
Nero - Burning Rom
Netflix Movie Viewer
Norton AntiVirus Corporate Edition
Notepad++
NVIDIA Drivers
NVIDIA nTune
Oblivion
PC Probe II
PeerGuardian 2.0
PlayLinc
Portal
PunkBuster Services
QuickTime
RealPlayer
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Serious Samurize
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Spybot - Search & Destroy
Steam
Team Fortress 2
Total Video Converter 3.10
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Ventrilo Client
WindowBlinds
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
World of Warcraft
 
You need to slow down and read the directions, here they are:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Here is where you installed combofix:
Running from: c:\documents and settings\F H e L\My Documents\ComboFix.exe

Delete the old copy and download it again, this time follow the directions.

Post a new combofix log.

combofix is not reporting an antivirus program or a firewall, what are you running?

Thanks
 
Sorry. Up until i ran combofix the first time all my desktop icons weren't visible. If I double clicked where I knew an icon was, the program would run, but the icon itself was not visible. I run Norton Antivirus Corporate Edition and I know this is a bad choice but use the default XP firewall. Here's my new combofix log:

ComboFix 09-02-24.01 - F H e L 2009-02-24 14:50:21.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1576 [GMT -5:00]
Running from: c:\documents and settings\F H e L\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-24 to 2009-02-24 )))))))))))))))))))))))))))))))
.

2009-02-24 13:50 . 2009-02-24 13:50 0 --a------ c:\windows\LCDMedia.INI
2009-02-24 12:06 . 2009-02-24 12:31 <DIR> d-------- c:\program files\World of Warcraft Public Test
2009-02-23 17:01 . 2009-02-23 17:01 <DIR> d-------- c:\documents and settings\F H e L\Application Data\Malwarebytes
2009-02-23 17:00 . 2009-02-23 17:01 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-23 17:00 . 2009-02-23 17:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-23 17:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 17:00 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 14:21 . 2009-02-21 14:21 <DIR> d-------- c:\program files\Trend Micro
2009-02-21 14:19 . 2009-02-21 14:19 <DIR> d-------- c:\program files\ERUNT
2009-02-21 12:36 . 2009-02-21 12:36 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-02-21 12:34 . 2009-02-21 12:34 <DIR> d-------- c:\documents and settings\Administrator
2009-02-21 11:44 . 2009-02-24 13:59 13,646 --a------ c:\windows\system32\wpa.dbl
2009-02-21 10:59 . 2009-02-21 13:11 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-21 10:59 . 2009-02-21 13:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-21 10:38 . 2009-02-21 10:38 2 --a------ C:\-2001083721
2009-02-20 23:10 . 2009-02-20 23:10 <DIR> d-------- c:\documents and settings\F H e L\Application Data\The Creative Assembly
2009-01-29 00:22 . 2009-01-29 00:22 <DIR> d-------- c:\windows\8AAB4176A747493AA42CB63CFADFD8E3.TMP
2009-01-29 00:22 . 2009-01-15 08:19 206,793 --a------ c:\windows\system32\nvapps.nvb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 18:12 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-24 08:16 --------- d-----w c:\program files\World of Warcraft PTR
2009-02-24 01:45 --------- d-----w c:\program files\BitLord
2009-02-21 21:54 --------- d-----w c:\program files\Steam
2009-02-19 00:55 --------- d-----w c:\program files\World of Warcraft
2009-02-08 05:13 --------- d-----w c:\documents and settings\F H e L\Application Data\U3
2009-01-29 05:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-13 11:54 --------- d-----w c:\documents and settings\F H e L\Application Data\Download Manager
2009-01-07 16:28 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-29 04:38 --------- d-----w c:\documents and settings\F H e L\Application Data\nView_Wallpaper
2007-09-19 04:11 22,328 ----a-w c:\documents and settings\F H e L\Application Data\PnkBstrK.sys
2006-08-21 23:17 162 ----a-w c:\documents and settings\F H e L\options.dat
2006-08-09 21:40 1 ----a-w c:\documents and settings\F H e L\SI.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="c:\documents and settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"Executor"="c:\program files\Executor\executor.exe" [2008-05-19 1052672]
"D-Color"="c:\program files\D-Color\dcolor.exe" [2004-09-04 31744]
"miniMIZE"="c:\program files\miniMIZE\miniMIZE.exe" [2006-01-25 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\soundman.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-07-17 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

c:\documents and settings\F H e L\Start Menu\Programs\Startup\
Client Default.lnk - c:\program files\Samurize\Client.exe [2007-04-07 2010624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-03-05 21:26 210168 c:\program files\Stardock\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^F H e L^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\F H e L\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 05:48 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 19:24 50760 c:\program files\Common Files\AOL\1142979019\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-08-01 12:36 1103216 c:\program files\IGN\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 06:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2009-01-15 08:19 13680640 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2009-01-15 08:19 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2001-09-24 07:59 73728 c:\program files\Norton\vptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-07-17 16:39 55824 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2009-01-15 08:19 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1142979019\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1142979019\\ee\\aim6.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=

R2 OSCI_DRVNT;OSCI_DRVNT;c:\windows\system32\drivers\OSCI_DRVNT.sys [2008-09-11 6784]
S1 5016805;5016805;c:\windows\system32\drivers\5016805.sys --> c:\windows\system32\drivers\5016805.sys [?]
S3 AmdTools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-08-28 10664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a454cfb7-e62d-11db-aeee-0015f2a1a72f}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1275210071-725345543-1004.job
- c:\documents and settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 14:58]

2009-02-24 c:\windows\Tasks\User_Feed_Synchronization-{A49553E7-321F-4488-A4EA-A3D7E4BF91AE}.job
- c:\windows\system32\msfeedssync.exe [2006-08-22 23:11]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 14:53:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1275210071-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e4,91,f1,6c,a1,58,32,48,61,48,3d,95,53,4e,4a,f5,17,fd,31,02,13,38,07,
f4,d5,54,fa,2c,8a,d6,a7,e1,7f,4a,7e,40,a9,1c,ff,93,93,ed,92,3f,e8,15,2e,9a,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-1004336348-1275210071-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:d5,e5,8a,a6,86,f8,7a,98,5e,80,9e,df,b5,c6,6c,31,4c,f6,b1,5e,18,
f1,2a,14,7b,d7,4d,56,00,1d,c7,a4,1b,cc,59,a1,51,8a,97,c9,76,40,fa,a7,fb,d1,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\Stardock\WindowBlinds\wbsrv.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2009-02-24 14:55:40
ComboFix-quarantined-files.txt 2009-02-24 19:54:24
ComboFix2.txt 2009-02-24 19:05:48

Pre-Run: 69,995,200,512 bytes free
Post-Run: 69,980,786,688 bytes free

197
 
In the next HJT log, make sure your antivirus program is running, here is information to help with firewall decisions.
Is XP Firewall Safe? Here Are The Issues
http://www.guard-privacy-and-online-security.com/is-xp-firewall-safe.html
The last link I post in closing provides links to freeware programs if needed.

Please follow the directions carefully and in the numbered order.

1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

2) Open notepad and copy/paste the text in the codebox below into it:

Code: 
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
"AppInit_DLLs"="wbsys.dll"

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a454cfb7-e62d-11db-aeee-0015f2a1a72f}]

Save this as CFScript

CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe.

This may start ComboFix again. After reboot, (in case it asks to reboot) I do not need to see a combofix log this time.

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O20 - AppInit_DLLs: wbsys.dll atxpii.dll <<< may be gone

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

Post a new HJT log and tell me how is the computer running now?

Thanks

This can be done as time permits, but it is important.
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Reader 7.0.9 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Out of date and unsafe, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php

Mozilla Firefox (3.0.1) <<< out of date, needs to be updated.
 
After dragging the SFScript to combofix.exe on the desktop, I was not prompted to reboot. When I ran HijackThis "O20 - AppInit_DLLs: wbsys.dll atxpii.dll was indeed gone. I ran ATF Cleaner from my desktop then took the following HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:19 PM, on 2/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Executor\executor.exe
C:\Program Files\D-Color\dcolor.exe
C:\Program Files\miniMIZE\miniMIZE.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton\defwatch.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Samurize\Client.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Norton\vptray.exe
C:\Program Files\Norton\rtvscan.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\F H e L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\executor.exe" -s
O4 - HKCU\..\Run: [D-Color] C:\Program Files\D-Color\dcolor.exe
O4 - HKCU\..\Run: [miniMIZE] C:\Program Files\miniMIZE\miniMIZE.exe
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1235190547000
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Norton\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Norton\rtvscan.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7188 bytes



Computer's running well. However, upon a restart all my desktop icons are not visible once again. I'm still getting a RUNDLL popup upon start-up saying

An exception occurrred while trying to run "C:\WINDOWS\system32\NvCpl.dll,NvStartup"

I was getting this error before my first HJT log from this thread though.
 
Status
Not open for further replies.
Back
Top