Bin Okay.exe I delete it, but keeps coming back, system restore is disabled

Status
Not open for further replies.
Hi all,
the problem is with the following entry from hijackthis.
I click fix and then I delete the directory but within 20 minutes it's created again even without rebooting the pc.

O4 - HKCU\..\Run: [Grey media] C:\DOCUME~1\george\APPLIC~1\STORET~1\Bin Okay.exe

this file is responsible for pop-ups of annoying sites.
I tried ewildo but it can't locate it. I also tried spybot search and destroy but it can't find it either.
Please help!
george
 
running processes

Here are the running processes. I can't find anything suspicious
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Apache\Apache.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\CE-Infosys\CompuSec\floppy.exe
c:\windows\system32\ceisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\CE-Infosys\CompuSec\policy_service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Apache\Apache.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
E:\NewsBin\nbpro.exe
c:\apache\apache.EXE
c:\apache\apache.EXE
c:\apache\apache.EXE
c:\apache\apache.EXE
c:\apache\apache.EXE
c:\apache\apache.EXE
c:\apache\apache.EXE
c:\apache\apache.EXE
c:\apache\apache.EXE
c:\apache\apache.EXE
c:\apache\apache.EXE
c:\apache\apache.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
c:\apache\apache.EXE
c:\apache\apache.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\george\Desktop\downloads\antivirus\hijackthis\HijackThis.exe
 
Status
Not open for further replies.
Back