Help - Search - Members - Calendar
Full Version: ahtn virus
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
tcastenada
Aug 15 2009, 09:05 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:38 PM, on 8/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.net/google/index.php?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Powered by Charter Communications
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1:87;https=69.19.14.10:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.direcwaysupport.com;www.systemcontrolcenter.com;192.168.0.1
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: (no name) - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Charter Toolbar - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~1\CHARTE~1\CHARTE~1.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [fbiom4bd7ub2e7hvyd8avcnbapvnmfked] C:\DOCUME~1\Mike\LOCALS~1\Temp\m8cjqbytfuxq0.exe
O4 - HKCU\..\Run: [n8aayl11rag4ujkcj3jhwy5rnnhu1ktmulpe] C:\DOCUME~1\Mike\LOCALS~1\Temp\xxidkw8kk.exe
O4 - HKCU\..\Run: [osb1lqs9yc2speu] C:\DOCUME~1\Mike\LOCALS~1\Temp\yfg5a3nw5v8o.exe
O4 - HKCU\..\Run: [qfxbhfw77act82iha9g889v1ssvk0mqmtgwwk3afnutz] C:\DOCUME~1\Mike\LOCALS~1\Temp\dh77os1w.exe
O4 - HKCU\..\Run: [d8io18nv5pvj6lwpxd] C:\DOCUME~1\Mike\LOCALS~1\Temp\zbm6d4zd62bm.exe
O4 - HKCU\..\Run: [iqfcwagh0z89nr6ne9k7ze8k5y9a2yg8l4wbigy] C:\DOCUME~1\Mike\LOCALS~1\Temp\synd8p2zpcneo.exe
O4 - HKCU\..\Run: [plf2ha6rj393avq72mk] C:\DOCUME~1\Mike\LOCALS~1\Temp\tuf4reun0.exe
O4 - HKCU\..\Run: [r6x1yah2apz1i4b8rv5zy2fjtfdz0lwu93mny1ermnxh] C:\DOCUME~1\Mike\LOCALS~1\Temp\pk1bvq8xkuvyu.exe
O4 - HKCU\..\Run: [cyjk8tivruardq4ajszhpnah32o7m3vph24wdkn8fyd] C:\DOCUME~1\Mike\LOCALS~1\Temp\zgi9vm4kt8.exe
O4 - HKCU\..\Run: [fhuyy58nl3tr6ekl] C:\DOCUME~1\Mike\LOCALS~1\Temp\x0w9gi599.exe
O4 - HKCU\..\Run: [op62bpv1es71dvfo3aqupi4lox9r87molyld0umhz4ks1dg] C:\DOCUME~1\Mike\LOCALS~1\Temp\wc5rbh46vdp4x.exe
O4 - HKCU\..\Run: [tkkbvi4nup4bj2sv8rzlqoqe8mgpp5w] C:\DOCUME~1\Mike\LOCALS~1\Temp\tklidwj.exe
O4 - HKCU\..\Run: [pf7vw80ma8nozkrdri5wsh6jvwb48f2xqt3y6d7] C:\DOCUME~1\Mike\LOCALS~1\Temp\pv8oj8gt2fclr.exe
O4 - HKCU\..\Run: [ead1cirtk7jvqdmi2cxm9zepzbzg3pevcfitw4sg35q] C:\DOCUME~1\Mike\LOCALS~1\Temp\se20bmexi9.exe
O4 - HKCU\..\Run: [cp1tuk4ljehnphb4ss9srw8eq3ztseia8] C:\DOCUME~1\Mike\LOCALS~1\Temp\yjslvvakq5x.exe
O4 - HKCU\..\Run: [k377t5q6z0] C:\DOCUME~1\Mike\LOCALS~1\Temp\oio460n.exe
O4 - HKCU\..\Run: [awd7jh8v8yc261ec18ntcy] C:\DOCUME~1\Mike\LOCALS~1\Temp\km4jdj3.exe
O4 - HKCU\..\Run: [ypwf7m8rnmim9fnb858al] C:\DOCUME~1\Mike\LOCALS~1\Temp\so1pksb.exe
O4 - HKCU\..\Run: [rcs6wyvtl3stwlm9g0gx76krpfumf6vyb8] C:\DOCUME~1\Mike\LOCALS~1\Temp\oxxf0s8y.exe
O4 - HKCU\..\Run: [ytbyggzcx46395v7vhekijnnqjpliqt3g4vsl3s4v6] C:\DOCUME~1\Mike\LOCALS~1\Temp\isrbde8y1kod.exe
O4 - HKCU\..\Run: [he21b3i1qn7ridbnoa5rn7] C:\DOCUME~1\Mike\LOCALS~1\Temp\lbxoos1zd1shr.exe
O4 - HKCU\..\Run: [iy6gf1048387g2kps6uh5a8hfh8zbpbjf99y] C:\DOCUME~1\Mike\LOCALS~1\Temp\jl3a3qjq.exe
O4 - HKCU\..\Run: [mnvxm7m99jlz] C:\DOCUME~1\Mike\LOCALS~1\Temp\s4kr4jho.exe
O4 - HKCU\..\Run: [kb7dllwk1p2rqh0sr5agdpco3mhs] C:\DOCUME~1\Mike\LOCALS~1\Temp\mrbbqe4x0olw.exe
O4 - HKCU\..\Run: [ie6tsn81ol5s] C:\DOCUME~1\Mike\LOCALS~1\Temp\y78i0mesdpyz.exe
O4 - HKCU\..\Run: [yxq5g44fwekca8xs0jkiyb9yzkbf] C:\DOCUME~1\Mike\LOCALS~1\Temp\fh15v0rk2re5.exe
O4 - HKCU\..\Run: [wyjzjvx2308indvcn4798cg9lw6g7ufhqz] C:\DOCUME~1\Mike\LOCALS~1\Temp\bwydel2c.exe
O4 - HKCU\..\Run: [x6ulxj2b9t1bxpaio16mu5byjzwxcfpdazz24m88v3] C:\DOCUME~1\Mike\LOCALS~1\Temp\kq1f8xjby0.exe
O4 - HKCU\..\Run: [fk1lprr145plk0tekd5aeqpjh5ylf08zwhnswvg] C:\DOCUME~1\Mike\LOCALS~1\Temp\qce37tcm.exe
O4 - HKCU\..\Run: [ohsiz3bwyf9tuzpx6r3nwjktz6ds8mvw] C:\DOCUME~1\Mike\LOCALS~1\Temp\sleukq.exe
O4 - HKCU\..\Run: [xqy3ryexofxxhwzl4gfbz6uk11d0uq5dri9ab4iw1su1lp] C:\DOCUME~1\Mike\LOCALS~1\Temp\t3z3v3e77.exe
O4 - HKCU\..\Run: [wjl2rpiug893fxt9yxvq] C:\DOCUME~1\Mike\LOCALS~1\Temp\mqk2qk6vergag.exe
O4 - HKCU\..\Run: [p87y60wkl] C:\DOCUME~1\Mike\LOCALS~1\Temp\ucue55yk5luh.exe
O4 - HKCU\..\Run: [qlwur4pxo5h04ogujybw2vr4d0008tvsey5hyxxih] C:\DOCUME~1\Mike\LOCALS~1\Temp\g4r55icvsd.exe
O4 - HKCU\..\Run: [qt6xmfo4bcv0z4ps4kbp4pravwz74wfnm2geoz] C:\DOCUME~1\Mike\LOCALS~1\Temp\ug0sy29c7.exe
O4 - HKCU\..\Run: [wlrpvkbczq2v] C:\DOCUME~1\Mike\LOCALS~1\Temp\l0k65q.exe
O4 - HKCU\..\Run: [b4v3k4tvmhxmbzwg8rpzw] C:\DOCUME~1\Mike\LOCALS~1\Temp\p0pt7tl28mr.exe
O4 - HKCU\..\Run: [akluousau] C:\DOCUME~1\Mike\LOCALS~1\Temp\tbwfgaj.exe
O4 - HKCU\..\Run: [uuw74yls4dalnd8x458neihruvi9jf161yhy7mxx] C:\DOCUME~1\Mike\LOCALS~1\Temp\lksbodz3.exe
O4 - HKCU\..\Run: [in90p36uc72kmrad] C:\DOCUME~1\Mike\LOCALS~1\Temp\ye9uo5l383.exe
O4 - HKCU\..\Run: [eycksf1rtf69hvb7ydqofntnrp4] C:\DOCUME~1\Mike\LOCALS~1\Temp\oa33qg.exe
O4 - HKCU\..\Run: [qvicz025atecj7opu3x0zbsgyq73bzlo0lcfj68lnwe6wpj] C:\DOCUME~1\Mike\LOCALS~1\Temp\mfjplkyngqb1z.exe
O4 - HKCU\..\Run: [cvqtp54iu2lk6tfut0soaxkcacbqfji] C:\DOCUME~1\Mike\LOCALS~1\Temp\kyjhqe402h0mb.exe
O4 - HKCU\..\Run: [kwo93b8fp14wlprwdhwqj3cn] C:\DOCUME~1\Mike\LOCALS~1\Temp\k4sz3g.exe
O4 - HKCU\..\Run: [bv33a23r7f1zvw1xjdbmq8ts2h7] C:\DOCUME~1\Mike\LOCALS~1\Temp\e99q7ljr6j.exe
O4 - HKCU\..\Run: [b66ow4izgm6o63vackovxox3vevghm496u239jvm927z] C:\DOCUME~1\Mike\LOCALS~1\Temp\p7jxt8.exe
O4 - HKCU\..\Run: [td7p5jbon] C:\DOCUME~1\Mike\LOCALS~1\Temp\l4yiipp.exe
O4 - HKCU\..\Run: [auv2puyaq1b] C:\DOCUME~1\Mike\LOCALS~1\Temp\k2l3qjpl6.exe
O4 - HKCU\..\Run: [tof75lvdl7p1s21giypma1a9te96bwu] C:\DOCUME~1\Mike\LOCALS~1\Temp\nkjcaxuoy.exe
O4 - HKCU\..\Run: [iwtptxf8aue28wsvyvtw] C:\DOCUME~1\Mike\LOCALS~1\Temp\ir57g09ck9of.exe
O4 - HKCU\..\Run: [t93jqrphvyadomt0ya9br2jqmpmkjn24q6lazcj] C:\DOCUME~1\Mike\LOCALS~1\Temp\z8vt8p.exe
O4 - HKCU\..\Run: [ouncgl4iocebo1tskvc6emt11du51olrttn6n8] C:\DOCUME~1\Mike\LOCALS~1\Temp\sy2nwb.exe
O4 - HKCU\..\Run: [z2kasasu52ykoh6mrq9] C:\DOCUME~1\Mike\LOCALS~1\Temp\dtsit0f9f96g1.exe
O4 - HKCU\..\Run: [vtgzx8nincdp7ekdjfzgirq0ai9d7rk1ppfigyi8zbl03zb] C:\DOCUME~1\Mike\LOCALS~1\Temp\zx550j7.exe
O4 - HKCU\..\Run: [tz1nz3kh4qo5vp3tlea72chc7dm885ybqzje2e6z] C:\DOCUME~1\Mike\LOCALS~1\Temp\x1r9vfu.exe
O4 - HKCU\..\Run: [qakowrzi8wgel3cl8wmss3hgdjyece0u98t2dv8kt5] C:\DOCUME~1\Mike\LOCALS~1\Temp\zymqfva12cq.exe
O4 - HKCU\..\Run: [j8p75m1q3] C:\DOCUME~1\Mike\LOCALS~1\Temp\sot33hxo4f2.exe
O4 - HKCU\..\Run: [zu5dmd41l0b977zfn6cvo4] C:\DOCUME~1\Mike\LOCALS~1\Temp\x5jpuddmbq87h.exe
O4 - HKCU\..\Run: [ep5dumhbgyb127hf7dkamovr3g9yhu1x3pkko4ww7nlsvrd4] C:\DOCUME~1\Mike\LOCALS~1\Temp\btc4ur005y.exe
O4 - HKCU\..\Run: [x9em5ad0f4lzik4z8xc] C:\DOCUME~1\Mike\LOCALS~1\Temp\n3lq5aizeu.exe
O4 - HKCU\..\Run: [toi7js199zhgl03] C:\DOCUME~1\Mike\LOCALS~1\Temp\epotrt.exe
O4 - HKCU\..\Run: [vdhbnjxd2mjw6n9e0rrmhsk0muzfeff0bkt1qxbowdknkm] C:\DOCUME~1\Mike\LOCALS~1\Temp\n0rvl5l1.exe
O4 - HKCU\..\Run: [smg5pzi4z00djp0kmo1ztc8jopshqmxdu3i2] C:\DOCUME~1\Mike\LOCALS~1\Temp\w5awcfo.exe
O4 - HKCU\..\Run: [kf7m38jrkxn37p1z9it9ee96mjujgur5] C:\DOCUME~1\Mike\LOCALS~1\Temp\x14tfep.exe
O4 - HKCU\..\Run: [ui8s6thpr1] C:\DOCUME~1\Mike\LOCALS~1\Temp\fz7can8opk1c.exe
O4 - HKCU\..\Run: [kbcwzgfz7hllu34vi0l7iq8hyc50obgdgegb6u6861n25zovq3] C:\DOCUME~1\Mike\LOCALS~1\Temp\vg2ts2k.exe
O4 - HKCU\..\Run: [sn6ap9swo] C:\DOCUME~1\Mike\LOCALS~1\Temp\f2enf5ry0.exe
O4 - HKCU\..\Run: [t2q7j2o4n9o7nj9xtc7a4gztdtz88guwniwi5ew2x0zvokktq4] C:\DOCUME~1\Mike\LOCALS~1\Temp\bxnkt8jz.exe
O4 - HKCU\..\Run: [grokprktuex6ta4p44vmte7rxkdcsvn7] C:\DOCUME~1\Mike\LOCALS~1\Temp\qxrlryt02es0m.exe
O4 - HKCU\..\Run: [v8wp628h5wc3jd4gqutko0xczq9j5d06m5] C:\DOCUME~1\Mike\LOCALS~1\Temp\x7183c6whuzr9.exe
O4 - HKCU\..\Run: [ssiz9j7f9mbocus4id5v1gs78kpjrmcmg8] C:\DOCUME~1\Mike\LOCALS~1\Temp\wphbg0glh.exe
O4 - HKCU\..\Run: [cp58qy5s5riow08g6e7s3al9qt5yquaqihg1z5x] C:\DOCUME~1\Mike\LOCALS~1\Temp\neesmoi.exe
O4 - HKCU\..\Run: [o2ckb7axbh0hig0gm] C:\DOCUME~1\Mike\LOCALS~1\Temp\gp2omv2dgp.exe
O4 - HKCU\..\Run: [hgphm3c16cnwrica] C:\DOCUME~1\Mike\LOCALS~1\Temp\tfieygx9.exe
O4 - HKCU\..\Run: [uonoiwr2ont302m6anglk00grqorvl] C:\DOCUME~1\Mike\LOCALS~1\Temp\cql1i65tty.exe
O4 - HKCU\..\Run: [kgefot975yluyw0372trvzz696cvn6twp2] C:\DOCUME~1\Mike\LOCALS~1\Temp\dkkxn2bo7hyn.exe
O4 - HKCU\..\Run: [umey7ds9udtyrccl1o39vvhg] C:\DOCUME~1\Mike\LOCALS~1\Temp\uy3tr5.exe
O4 - HKCU\..\Run: [s6j0xbm5n7jgz6116jme8] C:\DOCUME~1\Mike\LOCALS~1\Temp\ykzmjh.exe
O4 - HKCU\..\Run: [oobk1eu2agnln4q06qqeknn5nqzzimqua7ksrompi5y] C:\DOCUME~1\Mike\LOCALS~1\Temp\sxxroyit.exe
O4 - HKCU\..\Run: [ckot3m9iswzzhui6yhph0bxgsgu7mlow4aurv1ddyjnurct6q9] C:\DOCUME~1\Mike\LOCALS~1\Temp\aova29.exe
O4 - HKCU\..\Run: [yh7ovk4eux392nok] C:\DOCUME~1\Mike\LOCALS~1\Temp\ussjt2s7oebcp.exe
O4 - HKCU\..\Run: [d51bvj1fbv228k8zf39rjebvhm0u7b] C:\DOCUME~1\Mike\LOCALS~1\Temp\pzyew0mi2xg7z.exe
O4 - HKCU\..\Run: [p9wryigi26jj3hf5pj7nc97tktpa5byrrdg7q3y] C:\DOCUME~1\Mike\LOCALS~1\Temp\i4sm1eht600.exe
O4 - HKCU\..\Run: [s2c5ezq7hk9lma2pl954br02cmk395xbby1qrf] C:\DOCUME~1\Mike\LOCALS~1\Temp\jrh0nwfgv52o.exe
O4 - HKCU\..\Run: [rgjzirjymx2u1fklni3pjm0mrur] C:\DOCUME~1\Mike\LOCALS~1\Temp\tediq3o7py.exe
O4 - HKCU\..\Run: [vp07e10ovd7ehefmj30kcnb9s943a1kupn10te2] C:\DOCUME~1\Mike\LOCALS~1\Temp\sv9xnnddcw.exe
O4 - HKCU\..\Run: [n93qpv5mslikvmifklr2hm7n8g7x0ur] C:\DOCUME~1\Mike\LOCALS~1\Temp\hx876cs1z.exe
O4 - HKCU\..\Run: [e7gka6sa1g8b3gpu0fjzn0u5zi5m98mgv3oy7] C:\DOCUME~1\Mike\LOCALS~1\Temp\bwt2lk.exe
O4 - HKCU\..\Run: [cfm3i1d2q8ll] C:\DOCUME~1\Mike\LOCALS~1\Temp\sn3h9q.exe
O4 - HKCU\..\Run: [kfi9gt0s7vus1ql] C:\DOCUME~1\Mike\LOCALS~1\Temp\uv0pmle0p.exe
O4 - HKCU\..\Run: [sgyx68mttixjlwhrxf5] C:\DOCUME~1\Mike\LOCALS~1\Temp\a39hvx.exe
O4 - HKCU\..\Run: [nomhgdwkq143ic90b123d2a0s1eykr80axg6xcmhr60gdb3] C:\DOCUME~1\Mike\LOCALS~1\Temp\qehusz.exe
O4 - HKCU\..\Run: [gzfxazjt4xjcfjqxccoat32vtbubdyjbfx6en38] C:\DOCUME~1\Mike\LOCALS~1\Temp\pqqcnhorau.exe
O4 - HKCU\..\Run: [gpph4og01z] C:\DOCUME~1\Mike\LOCALS~1\Temp\dv8o8ub41n1kr.exe
O4 - HKCU\..\Run: [bwdun4287npol88m24n2zuatu2gwwpqtji5mzvc1mw61ltnk7l] C:\DOCUME~1\Mike\LOCALS~1\Temp\b3f2ms.exe
O4 - HKCU\..\Run: [myw1ltr01ivxra69si5n0a5gle11bcbrrx3] C:\DOCUME~1\Mike\LOCALS~1\Temp\tvjg3utz5.exe
O4 - HKCU\..\Run: [ayctti6hfjh9ugoqr7h52mggje8w] C:\DOCUME~1\Mike\LOCALS~1\Temp\efitulxz3.exe
O4 - HKCU\..\Run: [rfe0uwzd3d44af2is1fqgylxpsflpg9l] C:\DOCUME~1\Mike\LOCALS~1\Temp\alhj87fo.exe
O4 - HKCU\..\Run: [yixg7s95ibvfz6xxazzaks5tszjrna4v7xb0vi4wnigr4] C:\DOCUME~1\Mike\LOCALS~1\Temp\p91wobj.exe
O4 - HKCU\..\Run: [kcg1azk5frak20unc] C:\DOCUME~1\Mike\LOCALS~1\Temp\xvni917m3ne.exe
O4 - HKCU\..\Run: [nw71ns282i4adbca4y95n] C:\DOCUME~1\Mike\LOCALS~1\Temp\ex7v7vm78n36.exe
O4 - HKCU\..\Run: [gv90hpttzq27wqsb8t4oixmxvskpo3cswwba229wpweh2z] C:\DOCUME~1\Mike\LOCALS~1\Temp\t6b75betd.exe
O4 - HKCU\..\Run: [fwjba8i92lvqhdh7t6zvu0qb021pa7ls2kwp7om90sjo7458ze] C:\DOCUME~1\Mike\LOCALS~1\Temp\iazmqd5.exe
O4 - HKCU\..\Run: [lulptuvpzgv5h2s93u9iucqjp60qby] C:\DOCUME~1\Mike\LOCALS~1\Temp\dojadkm.exe
O4 - HKCU\..\Run: [ovfjciel6x77zcy5oahj9itk] C:\DOCUME~1\Mike\LOCALS~1\Temp\xg6g2kthl82.exe
O4 - HKCU\..\Run: [tl8r3kcpg] C:\DOCUME~1\Mike\LOCALS~1\Temp\kk87sos.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [fbiom4bd7ub2e7hvyd8avcnbapvnmfked] C:\DOCUME~1\Mike\LOCALS~1\Temp\m8cjqbytfuxq0.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [n8aayl11rag4ujkcj3jhwy5rnnhu1ktmulpe] C:\DOCUME~1\Mike\LOCALS~1\Temp\xxidkw8kk.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [osb1lqs9yc2speu] C:\DOCUME~1\Mike\LOCALS~1\Temp\yfg5a3nw5v8o.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [qfxbhfw77act82iha9g889v1ssvk0mqmtgwwk3afnutz] C:\DOCUME~1\Mike\LOCALS~1\Temp\dh77os1w.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [d8io18nv5pvj6lwpxd] C:\DOCUME~1\Mike\LOCALS~1\Temp\zbm6d4zd62bm.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [iqfcwagh0z89nr6ne9k7ze8k5y9a2yg8l4wbigy] C:\DOCUME~1\Mike\LOCALS~1\Temp\synd8p2zpcneo.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [plf2ha6rj393avq72mk] C:\DOCUME~1\Mike\LOCALS~1\Temp\tuf4reun0.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [r6x1yah2apz1i4b8rv5zy2fjtfdz0lwu93mny1ermnxh] C:\DOCUME~1\Mike\LOCALS~1\Temp\pk1bvq8xkuvyu.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [cyjk8tivruardq4ajszhpnah32o7m3vph24wdkn8fyd] C:\DOCUME~1\Mike\LOCALS~1\Temp\zgi9vm4kt8.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [fhuyy58nl3tr6ekl] C:\DOCUME~1\Mike\LOCALS~1\Temp\x0w9gi599.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [op62bpv1es71dvfo3aqupi4lox9r87molyld0umhz4ks1dg] C:\DOCUME~1\Mike\LOCALS~1\Temp\wc5rbh46vdp4x.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [tkkbvi4nup4bj2sv8rzlqoqe8mgpp5w] C:\DOCUME~1\Mike\LOCALS~1\Temp\tklidwj.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [pf7vw80ma8nozkrdri5wsh6jvwb48f2xqt3y6d7] C:\DOCUME~1\Mike\LOCALS~1\Temp\pv8oj8gt2fclr.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ead1cirtk7jvqdmi2cxm9zepzbzg3pevcfitw4sg35q] C:\DOCUME~1\Mike\LOCALS~1\Temp\se20bmexi9.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [cp1tuk4ljehnphb4ss9srw8eq3ztseia8] C:\DOCUME~1\Mike\LOCALS~1\Temp\yjslvvakq5x.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [k377t5q6z0] C:\DOCUME~1\Mike\LOCALS~1\Temp\oio460n.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [awd7jh8v8yc261ec18ntcy] C:\DOCUME~1\Mike\LOCALS~1\Temp\km4jdj3.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ypwf7m8rnmim9fnb858al] C:\DOCUME~1\Mike\LOCALS~1\Temp\so1pksb.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [rcs6wyvtl3stwlm9g0gx76krpfumf6vyb8] C:\DOCUME~1\Mike\LOCALS~1\Temp\oxxf0s8y.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ytbyggzcx46395v7vhekijnnqjpliqt3g4vsl3s4v6] C:\DOCUME~1\Mike\LOCALS~1\Temp\isrbde8y1kod.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [he21b3i1qn7ridbnoa5rn7] C:\DOCUME~1\Mike\LOCALS~1\Temp\lbxoos1zd1shr.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [iy6gf1048387g2kps6uh5a8hfh8zbpbjf99y] C:\DOCUME~1\Mike\LOCALS~1\Temp\jl3a3qjq.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [mnvxm7m99jlz] C:\DOCUME~1\Mike\LOCALS~1\Temp\s4kr4jho.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [kb7dllwk1p2rqh0sr5agdpco3mhs] C:\DOCUME~1\Mike\LOCALS~1\Temp\mrbbqe4x0olw.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ie6tsn81ol5s] C:\DOCUME~1\Mike\LOCALS~1\Temp\y78i0mesdpyz.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [yxq5g44fwekca8xs0jkiyb9yzkbf] C:\DOCUME~1\Mike\LOCALS~1\Temp\fh15v0rk2re5.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [wyjzjvx2308indvcn4798cg9lw6g7ufhqz] C:\DOCUME~1\Mike\LOCALS~1\Temp\bwydel2c.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [x6ulxj2b9t1bxpaio16mu5byjzwxcfpdazz24m88v3] C:\DOCUME~1\Mike\LOCALS~1\Temp\kq1f8xjby0.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [fk1lprr145plk0tekd5aeqpjh5ylf08zwhnswvg] C:\DOCUME~1\Mike\LOCALS~1\Temp\qce37tcm.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ohsiz3bwyf9tuzpx6r3nwjktz6ds8mvw] C:\DOCUME~1\Mike\LOCALS~1\Temp\sleukq.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [xqy3ryexofxxhwzl4gfbz6uk11d0uq5dri9ab4iw1su1lp] C:\DOCUME~1\Mike\LOCALS~1\Temp\t3z3v3e77.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [wjl2rpiug893fxt9yxvq] C:\DOCUME~1\Mike\LOCALS~1\Temp\mqk2qk6vergag.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [p87y60wkl] C:\DOCUME~1\Mike\LOCALS~1\Temp\ucue55yk5luh.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [qlwur4pxo5h04ogujybw2vr4d0008tvsey5hyxxih] C:\DOCUME~1\Mike\LOCALS~1\Temp\g4r55icvsd.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [qt6xmfo4bcv0z4ps4kbp4pravwz74wfnm2geoz] C:\DOCUME~1\Mike\LOCALS~1\Temp\ug0sy29c7.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [wlrpvkbczq2v] C:\DOCUME~1\Mike\LOCALS~1\Temp\l0k65q.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [b4v3k4tvmhxmbzwg8rpzw] C:\DOCUME~1\Mike\LOCALS~1\Temp\p0pt7tl28mr.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [akluousau] C:\DOCUME~1\Mike\LOCALS~1\Temp\tbwfgaj.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [uuw74yls4dalnd8x458neihruvi9jf161yhy7mxx] C:\DOCUME~1\Mike\LOCALS~1\Temp\lksbodz3.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [in90p36uc72kmrad] C:\DOCUME~1\Mike\LOCALS~1\Temp\ye9uo5l383.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [eycksf1rtf69hvb7ydqofntnrp4] C:\DOCUME~1\Mike\LOCALS~1\Temp\oa33qg.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [qvicz025atecj7opu3x0zbsgyq73bzlo0lcfj68lnwe6wpj] C:\DOCUME~1\Mike\LOCALS~1\Temp\mfjplkyngqb1z.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [cvqtp54iu2lk6tfut0soaxkcacbqfji] C:\DOCUME~1\Mike\LOCALS~1\Temp\kyjhqe402h0mb.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [kwo93b8fp14wlprwdhwqj3cn] C:\DOCUME~1\Mike\LOCALS~1\Temp\k4sz3g.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [bv33a23r7f1zvw1xjdbmq8ts2h7] C:\DOCUME~1\Mike\LOCALS~1\Temp\e99q7ljr6j.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [b66ow4izgm6o63vackovxox3vevghm496u239jvm927z] C:\DOCUME~1\Mike\LOCALS~1\Temp\p7jxt8.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [td7p5jbon] C:\DOCUME~1\Mike\LOCALS~1\Temp\l4yiipp.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [auv2puyaq1b] C:\DOCUME~1\Mike\LOCALS~1\Temp\k2l3qjpl6.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [tof75lvdl7p1s21giypma1a9te96bwu] C:\DOCUME~1\Mike\LOCALS~1\Temp\nkjcaxuoy.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [iwtptxf8aue28wsvyvtw] C:\DOCUME~1\Mike\LOCALS~1\Temp\ir57g09ck9of.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [t93jqrphvyadomt0ya9br2jqmpmkjn24q6lazcj] C:\DOCUME~1\Mike\LOCALS~1\Temp\z8vt8p.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ouncgl4iocebo1tskvc6emt11du51olrttn6n8] C:\DOCUME~1\Mike\LOCALS~1\Temp\sy2nwb.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [z2kasasu52ykoh6mrq9] C:\DOCUME~1\Mike\LOCALS~1\Temp\dtsit0f9f96g1.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [vtgzx8nincdp7ekdjfzgirq0ai9d7rk1ppfigyi8zbl03zb] C:\DOCUME~1\Mike\LOCALS~1\Temp\zx550j7.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [tz1nz3kh4qo5vp3tlea72chc7dm885ybqzje2e6z] C:\DOCUME~1\Mike\LOCALS~1\Temp\x1r9vfu.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [qakowrzi8wgel3cl8wmss3hgdjyece0u98t2dv8kt5] C:\DOCUME~1\Mike\LOCALS~1\Temp\zymqfva12cq.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [j8p75m1q3] C:\DOCUME~1\Mike\LOCALS~1\Temp\sot33hxo4f2.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [zu5dmd41l0b977zfn6cvo4] C:\DOCUME~1\Mike\LOCALS~1\Temp\x5jpuddmbq87h.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ep5dumhbgyb127hf7dkamovr3g9yhu1x3pkko4ww7nlsvrd4] C:\DOCUME~1\Mike\LOCALS~1\Temp\btc4ur005y.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [x9em5ad0f4lzik4z8xc] C:\DOCUME~1\Mike\LOCALS~1\Temp\n3lq5aizeu.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [toi7js199zhgl03] C:\DOCUME~1\Mike\LOCALS~1\Temp\epotrt.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [vdhbnjxd2mjw6n9e0rrmhsk0muzfeff0bkt1qxbowdknkm] C:\DOCUME~1\Mike\LOCALS~1\Temp\n0rvl5l1.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [smg5pzi4z00djp0kmo1ztc8jopshqmxdu3i2] C:\DOCUME~1\Mike\LOCALS~1\Temp\w5awcfo.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [kf7m38jrkxn37p1z9it9ee96mjujgur5] C:\DOCUME~1\Mike\LOCALS~1\Temp\x14tfep.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ui8s6thpr1] C:\DOCUME~1\Mike\LOCALS~1\Temp\fz7can8opk1c.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [kbcwzgfz7hllu34vi0l7iq8hyc50obgdgegb6u6861n25zovq3] C:\DOCUME~1\Mike\LOCALS~1\Temp\vg2ts2k.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [sn6ap9swo] C:\DOCUME~1\Mike\LOCALS~1\Temp\f2enf5ry0.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [t2q7j2o4n9o7nj9xtc7a4gztdtz88guwniwi5ew2x0zvokktq4] C:\DOCUME~1\Mike\LOCALS~1\Temp\bxnkt8jz.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [grokprktuex6ta4p44vmte7rxkdcsvn7] C:\DOCUME~1\Mike\LOCALS~1\Temp\qxrlryt02es0m.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [v8wp628h5wc3jd4gqutko0xczq9j5d06m5] C:\DOCUME~1\Mike\LOCALS~1\Temp\x7183c6whuzr9.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ssiz9j7f9mbocus4id5v1gs78kpjrmcmg8] C:\DOCUME~1\Mike\LOCALS~1\Temp\wphbg0glh.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [cp58qy5s5riow08g6e7s3al9qt5yquaqihg1z5x] C:\DOCUME~1\Mike\LOCALS~1\Temp\neesmoi.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [o2ckb7axbh0hig0gm] C:\DOCUME~1\Mike\LOCALS~1\Temp\gp2omv2dgp.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [hgphm3c16cnwrica] C:\DOCUME~1\Mike\LOCALS~1\Temp\tfieygx9.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [uonoiwr2ont302m6anglk00grqorvl] C:\DOCUME~1\Mike\LOCALS~1\Temp\cql1i65tty.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [kgefot975yluyw0372trvzz696cvn6twp2] C:\DOCUME~1\Mike\LOCALS~1\Temp\dkkxn2bo7hyn.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [umey7ds9udtyrccl1o39vvhg] C:\DOCUME~1\Mike\LOCALS~1\Temp\uy3tr5.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [s6j0xbm5n7jgz6116jme8] C:\DOCUME~1\Mike\LOCALS~1\Temp\ykzmjh.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [oobk1eu2agnln4q06qqeknn5nqzzimqua7ksrompi5y] C:\DOCUME~1\Mike\LOCALS~1\Temp\sxxroyit.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ckot3m9iswzzhui6yhph0bxgsgu7mlow4aurv1ddyjnurct6q9] C:\DOCUME~1\Mike\LOCALS~1\Temp\aova29.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [yh7ovk4eux392nok] C:\DOCUME~1\Mike\LOCALS~1\Temp\ussjt2s7oebcp.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [d51bvj1fbv228k8zf39rjebvhm0u7b] C:\DOCUME~1\Mike\LOCALS~1\Temp\pzyew0mi2xg7z.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [p9wryigi26jj3hf5pj7nc97tktpa5byrrdg7q3y] C:\DOCUME~1\Mike\LOCALS~1\Temp\i4sm1eht600.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [s2c5ezq7hk9lma2pl954br02cmk395xbby1qrf] C:\DOCUME~1\Mike\LOCALS~1\Temp\jrh0nwfgv52o.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [rgjzirjymx2u1fklni3pjm0mrur] C:\DOCUME~1\Mike\LOCALS~1\Temp\tediq3o7py.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [vp07e10ovd7ehefmj30kcnb9s943a1kupn10te2] C:\DOCUME~1\Mike\LOCALS~1\Temp\sv9xnnddcw.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [n93qpv5mslikvmifklr2hm7n8g7x0ur] C:\DOCUME~1\Mike\LOCALS~1\Temp\hx876cs1z.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [e7gka6sa1g8b3gpu0fjzn0u5zi5m98mgv3oy7] C:\DOCUME~1\Mike\LOCALS~1\Temp\bwt2lk.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [cfm3i1d2q8ll] C:\DOCUME~1\Mike\LOCALS~1\Temp\sn3h9q.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [kfi9gt0s7vus1ql] C:\DOCUME~1\Mike\LOCALS~1\Temp\uv0pmle0p.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [sgyx68mttixjlwhrxf5] C:\DOCUME~1\Mike\LOCALS~1\Temp\a39hvx.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [nomhgdwkq143ic90b123d2a0s1eykr80axg6xcmhr60gdb3] C:\DOCUME~1\Mike\LOCALS~1\Temp\qehusz.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [gzfxazjt4xjcfjqxccoat32vtbubdyjbfx6en38] C:\DOCUME~1\Mike\LOCALS~1\Temp\pqqcnhorau.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [gpph4og01z] C:\DOCUME~1\Mike\LOCALS~1\Temp\dv8o8ub41n1kr.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [bwdun4287npol88m24n2zuatu2gwwpqtji5mzvc1mw61ltnk7l] C:\DOCUME~1\Mike\LOCALS~1\Temp\b3f2ms.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [myw1ltr01ivxra69si5n0a5gle11bcbrrx3] C:\DOCUME~1\Mike\LOCALS~1\Temp\tvjg3utz5.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ayctti6hfjh9ugoqr7h52mggje8w] C:\DOCUME~1\Mike\LOCALS~1\Temp\efitulxz3.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [rfe0uwzd3d44af2is1fqgylxpsflpg9l] C:\DOCUME~1\Mike\LOCALS~1\Temp\alhj87fo.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [yixg7s95ibvfz6xxazzaks5tszjrna4v7xb0vi4wnigr4] C:\DOCUME~1\Mike\LOCALS~1\Temp\p91wobj.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [kcg1azk5frak20unc] C:\DOCUME~1\Mike\LOCALS~1\Temp\xvni917m3ne.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [nw71ns282i4adbca4y95n] C:\DOCUME~1\Mike\LOCALS~1\Temp\ex7v7vm78n36.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [gv90hpttzq27wqsb8t4oixmxvskpo3cswwba229wpweh2z] C:\DOCUME~1\Mike\LOCALS~1\Temp\t6b75betd.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [fwjba8i92lvqhdh7t6zvu0qb021pa7ls2kwp7om90sjo7458ze] C:\DOCUME~1\Mike\LOCALS~1\Temp\iazmqd5.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [lulptuvpzgv5h2s93u9iucqjp60qby] C:\DOCUME~1\Mike\LOCALS~1\Temp\dojadkm.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ovfjciel6x77zcy5oahj9itk] C:\DOCUME~1\Mike\LOCALS~1\Temp\xg6g2kthl82.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [tl8r3kcpg] C:\DOCUME~1\Mike\LOCALS~1\Temp\kk87sos.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1563985344-854245398-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User '?')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C359B56-4E4B-4A9E-A9B2-09414B1B6509}: Domain = hughes.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C359B56-4E4B-4A9E-A9B2-09414B1B6509}: NameServer = 66.82.4.8
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\
O21 - SSODL: Webshots Desktop - {1250D82D-B06E-A4EA-F02E-08B9EFB93734} - (no file)
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe

--
End of file - 33319 bytes


What do I do from here to rid my computer of the ahtn virus?
Rorschach112
Aug 16 2009, 03:50 PM
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
Rorschach112
Aug 19 2009, 12:31 PM
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.