Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problem with pop ups; please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problem with pop ups; please help!

Unread postby Jason2781 » January 23rd, 2009, 10:04 pm

I'm not exactly sure what is going on with my computer but no matter what internet browser I use, my computer is suffering from an extreme amount of pop ups, mostly advertising programs to eliminate infections. I am convinced my computer is infected with a virus or mal-ware of some kind. Here is my Hijack this log file...any help anyone could be is greatly appreciated. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 9:06:08 PM, on 1/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Hijackthis\Scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {34AD8CB2-310B-6B8E-2177-38B6023DF090} - (no file)
O2 - BHO: {8c696600-bb27-8988-4384-e70232ff39d3} - {3d93ff23-207e-4834-8898-72bb006696c8} - C:\WINDOWS\system32\xicxos.dll
O2 - BHO: (no name) - {44dc14e3-3e5a-44cc-85f1-0cb1d677d5ea} - C:\WINDOWS\system32\yepitayo.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {62D1390B-75E8-445C-A99D-3340E08FD4C5} - (no file)
O2 - BHO: (no name) - {6D5F89DC-7093-423E-AD09-115DEC9E2302} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {9BACE33E-AE7C-414A-AB07-80D23C50CE8E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D7D3261D-E239-45E3-9247-9FB77C9C43AC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [zutuwuhulu] Rundll32.exe "C:\WINDOWS\system32\binosino.dll",s
O4 - HKLM\..\Run: [5cca4689] rundll32.exe "C:\WINDOWS\system32\redetodo.dll",b
O4 - HKLM\..\Run: [CPM5ff97515] Rundll32.exe "c:\windows\system32\biyoriwo.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [close trans] C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\Show tray.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.aim.com/ygp/aol/plugi ... .5.1.8.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/tel ... tTeleX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wefohufa.dll C:\WINDOWS\system32\vedilune.dll c:\windows\system32\biyoriwo.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkHBSMG - jkkHBSMG.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\biyoriwo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Jason2781
Regular Member
 
Posts: 18
Joined: June 30th, 2007, 9:50 pm
Advertisement
Register to Remove

Re: Problem with pop ups; please help!

Unread postby Axephilic » January 25th, 2009, 1:53 pm

Hello ,

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to expain or go more into depth for you. :)
  2. I am still in training, so my responses may take more time than usual because all of my posts must be checked by an expert or teacher.
    Also, please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replys in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.
  6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

Make an Uninstall List

Next, please make an uninstall list using HijackThis.
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply. Please also include a new HijackThis log.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Problem with pop ups; please help!

Unread postby Jason2781 » January 25th, 2009, 5:18 pm

Adam,

Here is what you asked for, thanks!

#1 DVD Audio Ripper 1.2.20
Ad-Aware
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.1.0
Adobe Shockwave Player
Adobe SVG Viewer 3.0
AIM "You've Got Pictures" Picture Finder Plugin v9.5.1.8
Alive MP3 WAV Converter 3.8.0.9
Amazon MP3 Downloader 1.0.3
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AudioConverter
AVG Anti-Spyware 7.5
AviSynth 2.5
BigFix
Boilsoft 3GP/iPod/PSP/MP4 Converter 1.22
Bonjour
CA Yahoo! Anti-Spy (remove only)
CCS64 V3.5
CDisplay 1.8
CleanUp!
CLIE MS SCSI Driver
Comic Collector Live
DDS Converter 2.1
Digital Media Reader
Digital Photo Recovery [Demo] 2.0.3
Direct WAV MP3 Splitter 2.2
DivX
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
Family Tree Maker
Family Tree Maker 2005
First Step Guide
Flock (Photobucket Edition) 0.7
GetDataBack for NTFS
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hello (remove only)
High Definition Audio Driver Package - KB835221
Hijackthis 1.99.1
HijackThis 1.99.1
Home and Business Attorney
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
ImageMixer VCD2
ImTOO iPod Movie Converter
InCD
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 11.2.0.69
InterActual Player
iTunes
Java DB 10.2.2.0
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) SE Development Kit 6 Update 2
Kaspersky Online Scanner
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Extension Manager
MagicDisc 2.5.79
McAfee AntiSpyware
McAfee SecurityCenter
Media Center Extender
Media Center Extender
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync 4.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
MobileMe Control Panel
Mozilla Firefox (3.0.4)
mp3 List Maker De Luhe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
Napster Burn Engine
Nero BurnRights
Nero Digital
Nero Media Player
Nero OEM
Netscape (7.2)
Norton Security Center
NVIDIA Photoshop Plug-ins
OpenOffice.org Installer 1.0
OTOY
Panda ActiveScan
PhotoRescue Expert PC 3.1.2.10607 Demo
Picasa 3
Picture Package
Picture Package Music Transfer
PowerDVD
PSP Video 9 1.74
QuickTime
Q-Xpress Installer 1.1.9
RealPlayer
Realtek High Definition Audio Driver
Recovery Software Suite Gateway
RegCure 1.5.0.0
RegFix Mantra v3.1
Riva FLV Encoder 2.0
Safari
SecureVideo Plug-in
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Sims2Pack Clean Installer
SoftV92 Data Fax Modem with SmartCP
Sony Media Manager 2.2
Sony Picture Utility
Sony Sound Forge 8.0
Sony USB Driver
SPORE™
SPORE™ Creepy & Cute Parts Pack
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 HomeCrafter Plus
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Celebration! Stuff
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Seasons
TSR Installation Wizard
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.6h
Videora iPod Converter 3.07
Videora Xbox360 Converter 0.81
Viewpoint Media Player
Wacom Tablet
Wave Splitter 2.10
Winamp
Winamp Remote
Winamp Toolbar for Internet Explorer
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
Xfire (remove only)
Xingtone Ringtone Maker
Yahoo! ¤u¨ã¦C
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Zero Assumption Recovery Version 8.3


Logfile of HijackThis v1.99.1
Scan saved at 4:20:30 PM, on 1/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Hijackthis\Scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {34AD8CB2-310B-6B8E-2177-38B6023DF090} - (no file)
O2 - BHO: {8c696600-bb27-8988-4384-e70232ff39d3} - {3d93ff23-207e-4834-8898-72bb006696c8} - C:\WINDOWS\system32\xicxos.dll
O2 - BHO: (no name) - {44dc14e3-3e5a-44cc-85f1-0cb1d677d5ea} - C:\WINDOWS\system32\yepitayo.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {62D1390B-75E8-445C-A99D-3340E08FD4C5} - (no file)
O2 - BHO: (no name) - {6D5F89DC-7093-423E-AD09-115DEC9E2302} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {9BACE33E-AE7C-414A-AB07-80D23C50CE8E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D7D3261D-E239-45E3-9247-9FB77C9C43AC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [zutuwuhulu] Rundll32.exe "C:\WINDOWS\system32\binosino.dll",s
O4 - HKLM\..\Run: [CPM5ff97515] Rundll32.exe "c:\windows\system32\kijozilu.dll",a
O4 - HKLM\..\Run: [5cca4689] rundll32.exe "C:\WINDOWS\system32\duhebayo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [close trans] C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\Show tray.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.aim.com/ygp/aol/plugi ... .5.1.8.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/tel ... tTeleX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wefohufa.dll C:\WINDOWS\system32\vedilune.dll c:\windows\system32\kijozilu.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkkHBSMG - jkkHBSMG.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kijozilu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Jason2781
Regular Member
 
Posts: 18
Joined: June 30th, 2007, 9:50 pm

Re: Problem with pop ups; please help!

Unread postby Axephilic » January 26th, 2009, 3:34 pm

Hello,

Please navigate to the system tray on the bottom right hand corner and look for a Image sign.
  • Right-click it -> chose "Exit."
  • A popup will warn that protection will now be disabled. Click on "Yes" to disable the Antivirus guard.
You successfully disabled the McAfee Guard.

Disable AVG Anti-Spyware

Please disable AVG Anti-Spyware until the computer is clean.
  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
  • In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
  • Reply 'no' and set it to 'inactive' for the duration of your cleanup.

Disable Windows Defender
We need to temporarily disable the Real-time Protection on Windows Defender as it may interfere with the HijackThis fixes we make.
  • Open Windows Defender
  • Click Tools => General Settings
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • Click Save
  • Close Windows Defender
After all of the fixes are complete it is very important that you enable Real-time Protection again.


Run LOP S&D
Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
You will need to disable following programs:
(list here)
  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

Download and Run ComboFix
Please visit this page to download and run Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Save it to your desktop.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will see the following message if Microsoft Windows Recovery Console is not installed.

    Image

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes to continue scanning for malware.

When finished, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please include:
  1. LOPr.txt
  2. ComboFix log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Problem with pop ups; please help!

Unread postby Jason2781 » January 26th, 2009, 10:06 pm

Here you go, thanks!

-Jason

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : Owner ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:228 Go (Free:27 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 01/26/2009|18:41 )

--------------------\\ Listing folders in APPLIC~1

[04/13/2005|12:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[05/20/2005|06:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[05/20/2005|05:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[04/13/2005|12:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[12/09/2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[07/08/2008|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/12/2005|05:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[10/24/2005|06:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[11/26/2007|07:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[10/10/2007|07:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[06/16/2007|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/24/2006|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[08/18/2007|09:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[08/16/2005|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[07/20/2008|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[01/08/2009|07:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> each new axis love
[06/04/2008|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Firefly Studios
[12/09/2007|08:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[01/17/2009|04:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[08/04/2007|01:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[06/29/2007|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kontiki
[09/20/2008|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[08/31/2007|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Log Htm Lite Each
[08/16/2006|03:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macrovision
[05/20/2005|05:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[08/20/2005|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[07/07/2008|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[02/17/2007|02:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[03/15/2008|06:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> OrbNetworks
[05/20/2005|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[05/20/2005|05:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[08/23/2005|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[11/28/2005|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G4
[03/16/2008|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SimCity Societies
[08/25/2008|04:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony
[06/29/2007|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[09/09/2008|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[02/08/2008|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[10/10/2007|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[03/15/2008|06:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Winamp Toolbar
[12/13/2006|06:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/28/2008|03:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[04/28/2008|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[04/13/2005|12:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[05/20/2005|06:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[05/20/2005|05:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[04/13/2005|12:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[08/16/2005|09:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[08/29/2005|10:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[02/03/2006|02:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla

[04/13/2005|12:20] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Identities
[06/25/2006|12:29] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Microsoft
[05/20/2005|05:50] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> SampleView
[04/13/2005|12:43] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Sun

[01/15/2008|12:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[09/16/2005|12:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> .BitTornado
[08/27/2008|08:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[07/08/2008|08:32] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM
[05/09/2006|09:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ahead
[08/17/2005|12:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Aim
[06/16/2007|12:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[04/15/2007|12:45] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ATI
[02/10/2006|08:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Azureus
[01/23/2007|10:34] C:\DOCUME~1\Owner\APPLIC~1\<DIR> BitGrabber
[01/26/2009|02:11] C:\DOCUME~1\Owner\APPLIC~1\<DIR> BitTorrent
[07/22/2008|11:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Canon
[08/16/2005|10:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CyberLink
[01/26/2009|06:32] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DNA
[01/08/2009|07:27] C:\DOCUME~1\Owner\APPLIC~1\<DIR> dumbsavereadme
[08/21/2005|07:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> dvdcss
[07/13/2006|11:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> eFax Messenger
[12/11/2006|01:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Flock
[06/18/2007|06:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> FTW
[12/22/2006|08:08] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[08/04/2007|02:00] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Grisoft
[05/08/2006|12:15] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HBA
[04/05/2007|08:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[04/13/2005|12:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[02/07/2008|07:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[08/21/2007|01:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lionhead Studios
[04/11/2006|06:27] C:\DOCUME~1\Owner\APPLIC~1\<DIR> LucasArts
[09/09/2008|07:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[08/21/2005|01:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> McAfee
[07/09/2008|06:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[11/30/2008|01:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Move Networks
[09/20/2008|11:30] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[09/09/2008|07:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> My Games
[07/18/2007|01:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MySpace
[02/25/2008|02:25] C:\DOCUME~1\Owner\APPLIC~1\<DIR> NetMedia Providers
[10/27/2006|05:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Netscape
[11/04/2005|12:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Opera
[09/09/2008|07:44] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Petroglyph
[09/30/2005|08:34] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Publish Providers
[05/13/2007|04:16] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real
[05/20/2005|05:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SampleView
[06/18/2008|10:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SecuROM
[04/06/2006|07:44] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SlySoft
[02/12/2008|02:52] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Softplicity
[08/25/2008|04:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sony
[12/25/2007|07:34] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sony Corporation
[11/18/2008|11:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SPORE
[08/12/2008|08:12] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SPORE Creature Creator
[04/13/2005|12:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[08/16/2005|08:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Symantec
[12/06/2005|02:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Template
[06/30/2007|09:10] C:\DOCUME~1\Owner\APPLIC~1\<DIR> TrojanHunter
[12/25/2007|11:17] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Viewpoint
[01/01/2007|08:33] C:\DOCUME~1\Owner\APPLIC~1\<DIR> vlc
[01/25/2009|02:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> WTablet
[04/11/2006|06:17] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Xfire
[04/30/2008|08:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Yahoo!

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/26/2009 06:00 PM][--ah-----] C:\WINDOWS\tasks\B78F762D91851F69.job
[01/26/2009 02:21 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3980681228-1451906632-1211546294-1006.job
[01/25/2009 02:53 PM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[01/20/2009 08:31 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/25/2009 02:50 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 02:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( B78F762D91851F69.job )=( c:\docume~1\owner\applic~1\dumbsa~1\BARBSIGNUPLOAD.exe )

--------------------\\ Listing Folders in C:\Program Files

[07/23/2007|09:50] C:\Program Files\<DIR> 3DGroove
[12/30/2006|09:31] C:\Program Files\<DIR> 3GP_Converter034
[08/18/2007|09:15] C:\Program Files\<DIR> 3wPlayer
[12/09/2007|08:58] C:\Program Files\<DIR> Adobe
[08/05/2006|09:48] C:\Program Files\<DIR> Ahead
[08/20/2005|01:33] C:\Program Files\<DIR> AIM
[08/18/2007|09:15] C:\Program Files\<DIR> AliveMedia
[05/10/2008|02:17] C:\Program Files\<DIR> Amazon
[10/27/2006|05:30] C:\Program Files\<DIR> AOD
[08/11/2008|01:33] C:\Program Files\<DIR> Apple Software Update
[08/18/2007|09:34] C:\Program Files\<DIR> ATI Technologies
[06/25/2006|01:39] C:\Program Files\<DIR> AviSynth 2.5
[02/10/2006|08:39] C:\Program Files\<DIR> Azureus
[05/20/2005|05:41] C:\Program Files\<DIR> BigFix
[01/23/2007|10:35] C:\Program Files\<DIR> BitGrabber
[08/29/2008|09:58] C:\Program Files\<DIR> BitTorrent
[12/30/2006|10:58] C:\Program Files\<DIR> Boilsoft MP4 Converter
[11/12/2008|11:41] C:\Program Files\<DIR> Bonjour
[05/11/2008|02:07] C:\Program Files\<DIR> CA Yahoo! Anti-Spy
[06/04/2007|10:39] C:\Program Files\<DIR> CDisplay
[02/11/2006|10:04] C:\Program Files\<DIR> CDKnet
[11/25/2008|12:28] C:\Program Files\<DIR> City of Heroes
[06/30/2007|06:18] C:\Program Files\<DIR> CleanUp!
[10/08/2008|04:49] C:\Program Files\<DIR> Common Files
[06/04/2008|09:07] C:\Program Files\<DIR> Computerbrains
[05/20/2005|05:24] C:\Program Files\<DIR> CONEXANT
[05/20/2005|05:48] C:\Program Files\<DIR> CyberLink
[08/08/2006|02:11] C:\Program Files\<DIR> DDS Converter 2
[06/30/2007|09:09] C:\Program Files\<DIR> Digital Media Reader
[02/08/2008|01:43] C:\Program Files\<DIR> Digital Photo Recovery
[02/04/2006|02:32] C:\Program Files\<DIR> Direct WAV MP3 Splitter
[08/18/2007|09:12] C:\Program Files\<DIR> directx
[07/25/2006|04:05] C:\Program Files\<DIR> Disney
[08/24/2008|08:09] C:\Program Files\<DIR> DivX
[01/25/2009|02:50] C:\Program Files\<DIR> DNA
[01/08/2009|07:26] C:\Program Files\<DIR> dumbsavereadme
[04/11/2006|09:57] C:\Program Files\<DIR> DVD Decrypter
[08/31/2007|11:13] C:\Program Files\<DIR> DVD Shrink
[03/02/2008|08:07] C:\Program Files\<DIR> EA GAMES
[12/25/2008|12:58] C:\Program Files\<DIR> Electronic Arts
[03/22/2007|04:43] C:\Program Files\<DIR> Enigma Software Group
[12/25/2005|01:11] C:\Program Files\<DIR> Firaxis Games
[10/04/2006|08:14] C:\Program Files\<DIR> Firefly Studios
[12/11/2006|01:54] C:\Program Files\<DIR> Flock
[11/24/2006|01:03] C:\Program Files\<DIR> GameShadow
[01/17/2009|04:34] C:\Program Files\<DIR> Google
[08/04/2007|01:59] C:\Program Files\<DIR> Grisoft
[02/17/2007|02:52] C:\Program Files\<DIR> Guild Wars
[09/07/2005|07:16] C:\Program Files\<DIR> Hello
[01/25/2009|04:20] C:\Program Files\<DIR> Hijackthis
[11/19/2006|01:59] C:\Program Files\<DIR> Home And Business Attorney
[03/03/2006|03:36] C:\Program Files\<DIR> Ibibi AB
[01/31/2008|11:11] C:\Program Files\<DIR> ImTOO
[12/25/2008|12:56] C:\Program Files\<DIR> InstallShield Installation Information
[08/18/2007|09:54] C:\Program Files\<DIR> Intel
[09/11/2005|09:23] C:\Program Files\<DIR> InterActual
[11/21/2008|10:47] C:\Program Files\<DIR> Internet Explorer
[12/09/2008|10:32] C:\Program Files\<DIR> iPod
[10/26/2007|07:48] C:\Program Files\<DIR> Ipswitch
[12/09/2008|10:32] C:\Program Files\<DIR> iTunes
[11/13/2008|11:26] C:\Program Files\<DIR> Java
[09/20/2008|09:35] C:\Program Files\<DIR> Lavasoft
[03/17/2008|11:37] C:\Program Files\<DIR> Lionhead Studios
[11/17/2005|11:04] C:\Program Files\<DIR> Lionhead Studios Ltd
[09/09/2008|07:44] C:\Program Files\<DIR> LucasArts
[09/09/2008|07:46] C:\Program Files\<DIR> Macromedia
[12/09/2007|11:36] C:\Program Files\<DIR> MagicDisc
[09/15/2005|07:44] C:\Program Files\<DIR> Maxis
[08/21/2005|01:08] C:\Program Files\<DIR> McAfee
[05/20/2005|05:44] C:\Program Files\<DIR> McAfee.com
[02/17/2007|03:02] C:\Program Files\<DIR> McDC++
[01/18/2007|09:54] C:\Program Files\<DIR> MediaCoder
[08/14/2008|02:04] C:\Program Files\<DIR> Messenger
[07/05/2008|09:21] C:\Program Files\<DIR> Microsoft ActiveSync
[04/13/2005|12:21] C:\Program Files\<DIR> microsoft frontpage
[01/19/2006|10:12] C:\Program Files\<DIR> Microsoft Money 2005
[03/28/2007|01:46] C:\Program Files\<DIR> Microsoft Office
[01/12/2008|10:29] C:\Program Files\<DIR> Microsoft Picture It! 10
[08/25/2008|04:30] C:\Program Files\<DIR> Microsoft SQL Server
[03/28/2007|01:44] C:\Program Files\<DIR> Microsoft Works
[03/28/2007|01:40] C:\Program Files\<DIR> Microsoft Works Suite 2002
[11/12/2008|11:34] C:\Program Files\<DIR> MidTen Media
[06/12/2008|01:03] C:\Program Files\<DIR> ModTheSims2.com
[08/27/2006|07:10] C:\Program Files\<DIR> Monte Cristo
[04/13/2005|12:16] C:\Program Files\<DIR> Movie Maker
[01/20/2009|06:27] C:\Program Files\<DIR> Mozilla Firefox
[11/16/2008|07:52] C:\Program Files\<DIR> mp3 software
[12/31/2006|01:03] C:\Program Files\<DIR> Mp4 Converter
[04/13/2005|12:12] C:\Program Files\<DIR> MSN
[08/20/2005|01:33] C:\Program Files\<DIR> MSN Encarta Plus
[04/13/2005|12:13] C:\Program Files\<DIR> MSN Gaming Zone
[04/17/2007|11:59] C:\Program Files\<DIR> MSXML 4.0
[04/24/2006|09:07] C:\Program Files\<DIR> MyAllMovies
[01/12/2008|10:32] C:\Program Files\<DIR> MySpace
[08/15/2007|11:55] C:\Program Files\<DIR> Napster
[04/13/2005|12:16] C:\Program Files\<DIR> NetMeeting
[10/27/2006|05:28] C:\Program Files\<DIR> Netscape
[12/30/2006|04:42] C:\Program Files\<DIR> NO1 DVD Audio Ripper
[09/09/2008|07:58] C:\Program Files\<DIR> Norton AntiVirus
[08/09/2006|12:13] C:\Program Files\<DIR> NVIDIA Corporation
[01/12/2008|11:00] C:\Program Files\<DIR> Online Services
[08/18/2007|09:11] C:\Program Files\<DIR> Outlook Express
[02/07/2008|10:37] C:\Program Files\<DIR> PhotoRescue 3.1.2.10607 PC
[12/25/2006|08:57] C:\Program Files\<DIR> PIXELA
[08/05/2006|09:48] C:\Program Files\<DIR> pspvideo9
[08/27/2006|07:18] C:\Program Files\<DIR> Pure Networks
[12/09/2008|10:31] C:\Program Files\<DIR> QuickTime
[01/12/2008|10:35] C:\Program Files\<DIR> Real
[08/18/2007|09:58] C:\Program Files\<DIR> Realtek
[02/01/2008|07:15] C:\Program Files\<DIR> Red Kawa
[11/25/2008|12:18] C:\Program Files\<DIR> RegCure
[06/30/2007|06:01] C:\Program Files\<DIR> RegFix Mantra
[08/31/2007|06:33] C:\Program Files\<DIR> Riva
[02/07/2008|10:15] C:\Program Files\<DIR> Runtime Software
[12/09/2008|10:22] C:\Program Files\<DIR> Safari
[08/05/2006|09:48] C:\Program Files\<DIR> SecureVideo Plug-in
[02/17/2007|03:01] C:\Program Files\<DIR> Shockwave.com
[12/05/2008|08:36] C:\Program Files\<DIR> Sims2Pack Clean Installer
[09/09/2008|07:51] C:\Program Files\<DIR> Sony
[12/25/2006|08:49] C:\Program Files\<DIR> Sony Corporation
[01/12/2008|10:34] C:\Program Files\<DIR> Sony Handheld
[02/25/2008|02:11] C:\Program Files\<DIR> Sony Setup
[06/04/2006|08:16] C:\Program Files\<DIR> Stardock
[05/19/2008|08:50] C:\Program Files\<DIR> Sun
[09/09/2008|08:02] C:\Program Files\<DIR> Symantec
[09/11/2008|02:10] C:\Program Files\<DIR> SymNetDrv
[12/25/2008|11:18] C:\Program Files\<DIR> Tablet
[11/24/2006|01:03] C:\Program Files\<DIR> The Weather Channel
[02/12/2008|02:52] C:\Program Files\<DIR> TotalAudioConverter
[06/30/2007|09:16] C:\Program Files\<DIR> TrojanHunter 4.7
[08/16/2005|05:44] C:\Program Files\<DIR> Uninstall Information
[06/27/2008|05:28] C:\Program Files\<DIR> VideoLAN
[08/21/2006|09:36] C:\Program Files\<DIR> VideoraXbox360Converter
[10/10/2007|07:51] C:\Program Files\<DIR> Viewpoint
[09/09/2008|07:51] C:\Program Files\<DIR> VSTplugins
[12/11/2005|08:09] C:\Program Files\<DIR> Wave Splitter
[05/04/2008|10:36] C:\Program Files\<DIR> Winamp
[03/15/2008|06:10] C:\Program Files\<DIR> Winamp Remote
[03/15/2008|06:10] C:\Program Files\<DIR> Winamp Toolbar
[12/05/2006|07:34] C:\Program Files\<DIR> WinBudget
[01/13/2008|12:00] C:\Program Files\<DIR> Windows Defender
[08/16/2005|05:44] C:\Program Files\<DIR> Windows Media Components
[12/11/2006|10:27] C:\Program Files\<DIR> Windows Media Connect 2
[07/01/2007|02:14] C:\Program Files\<DIR> Windows Media Player
[04/13/2005|12:13] C:\Program Files\<DIR> Windows NT
[04/13/2005|12:13] C:\Program Files\<DIR> Windows Plus
[05/25/2007|08:36] C:\Program Files\<DIR> WinRAR
[11/04/2005|02:03] C:\Program Files\<DIR> Womble Multimedia
[04/13/2005|12:21] C:\Program Files\<DIR> xerox
[10/08/2006|02:26] C:\Program Files\<DIR> Xfire
[09/17/2005|04:17] C:\Program Files\<DIR> Xingtone
[04/28/2008|03:08] C:\Program Files\<DIR> Yahoo!
[02/07/2008|10:48] C:\Program Files\<DIR> ZAR

--------------------\\ Listing Folders in C:\Program Files\Common Files

[07/08/2008|08:10] C:\Program Files\Common Files\<DIR> Adobe
[09/12/2005|05:36] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[05/20/2005|05:41] C:\Program Files\Common Files\<DIR> Ahead
[11/26/2007|07:29] C:\Program Files\Common Files\<DIR> AOL
[12/09/2008|10:32] C:\Program Files\Common Files\<DIR> Apple
[05/20/2005|05:45] C:\Program Files\Common Files\<DIR> DESIGNER
[03/17/2008|11:32] C:\Program Files\Common Files\<DIR> EasyInfo
[05/20/2005|05:47] C:\Program Files\Common Files\<DIR> InstallShield
[08/30/2007|06:34] C:\Program Files\Common Files\<DIR> Java
[09/09/2008|07:46] C:\Program Files\Common Files\<DIR> Macromedia
[08/21/2005|01:08] C:\Program Files\Common Files\<DIR> McAfee
[07/05/2008|09:21] C:\Program Files\Common Files\<DIR> Microsoft Shared
[10/27/2006|05:30] C:\Program Files\Common Files\<DIR> mozilla.org
[04/13/2005|12:16] C:\Program Files\Common Files\<DIR> MSSoap
[12/25/2006|08:49] C:\Program Files\Common Files\<DIR> muvee Technologies
[05/20/2005|05:31] C:\Program Files\Common Files\<DIR> New Boundary
[05/20/2005|05:38] C:\Program Files\Common Files\<DIR> Nullsoft
[05/23/2007|10:41] C:\Program Files\Common Files\<DIR> Real
[05/20/2005|05:47] C:\Program Files\Common Files\<DIR> Roxio Shared
[07/04/2006|12:32] C:\Program Files\Common Files\<DIR> Scanner
[04/13/2005|12:16] C:\Program Files\Common Files\<DIR> Services
[04/13/2005|05:08] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/31/2007|06:33] C:\Program Files\Common Files\<DIR> SWF Studio
[09/09/2008|08:02] C:\Program Files\Common Files\<DIR> Symantec Shared
[11/13/2007|08:51] C:\Program Files\Common Files\<DIR> System
[09/20/2008|09:34] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[05/23/2007|10:41] C:\Program Files\Common Files\<DIR> xing shared
[09/11/2005|01:40] C:\Program Files\Common Files\<DIR> YGP

--------------------\\ Process

( 66 Processes )

IEXPLORE.EXE ~ [PID:2084]
IEXPLORE.EXE ~ [PID:2312]
IEXPLORE.EXE ~ [PID:2772]
IEXPLORE.EXE ~ [PID:4624]

--------------------\\ Searching with S_Lop

C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\BARBSIGNUPLOAD.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\bdwlqloh.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\cfjilnwd.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\dwrfgzpl.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\fjtellvj.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\fmmrsfra.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\fxtoarxa.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\gnybapeh.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\izzogaqb.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\jsgypvwx.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\khyvhnce.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\nfbkckag.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\ojmyykhk.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\oqaxjwio.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\qhlzkuae.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\qshtifsm.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\rapbulnl.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\rrbeltfg.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\sblrymdt.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\Show tray.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\tetbcdag.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\tkbkzaqg.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\vdpovnts.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\wadifirz.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\ygzsbyjt.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\ypvvckvs.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\zhhmcmbj.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\ztdwbmgc.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\ztmkacfi.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\zxvgvrzi.exe

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Each New Axis Love
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Each New Axis Love\DASH ROAD.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Each New Axis Love\DASH ROAD.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Each New Axis Love\fast drive.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Each New Axis Love\fast drive.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Each New Axis Love\Plan Meta.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Log Htm Lite Each
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\BARBSIGNUPLOAD.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\bdwlqloh.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\cfjilnwd.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\dwrfgzpl.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\fjtellvj.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\fmmrsfra.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\fxtoarxa.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\gnybapeh.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\izzogaqb.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\jsgypvwx.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\khyvhnce.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\nfbkckag.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\ojmyykhk.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\oqaxjwio.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\qhlzkuae.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\qshtifsm.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\rapbulnl.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\rrbeltfg.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\sblrymdt.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\Show tray.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\tetbcdag.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\tkbkzaqg.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\vdpovnts.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\wadifirz.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\ygzsbyjt.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\ypvvckvs.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\zhhmcmbj.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\ztdwbmgc.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\ztmkacfi.exe
C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\zxvgvrzi.exe
C:\Program Files\dumbsa~1
C:\DOCUME~1\Owner\LOCALS~1\Temp\nse42B.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\sta11.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sta37A.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sta7.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sta8BF.exe
C:\DOCUME~1\Owner\APPLIC~1\BitGrabber
C:\DOCUME~1\Owner\APPLIC~1\BitGrabber
C:\DOCUME~1\Owner\APPLIC~1\BitGrabber\Data
C:\Program Files\BitGrabber
C:\Program Files\BitGrabber\BitGrabber.TRC
C:\Program Files\3wPlayer
C:\DOCUME~1\Owner\Cookies\owner@advertising[1].txt
C:\WINDOWS\Tasks\B78F762D91851F69.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funkfirstflap]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Owner\\APPLIC~1\\DUMBSA~1\\Show tray.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"close trans"="C:\\DOCUME~1\\Owner\\APPLIC~1\\DUMBSA~1\\Show tray.exe"
"close trans"="C:\\DOCUME~1\\Owner\\APPLIC~1\\DUMBSA~1\\Show tray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 18:43:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\tDehQqss.ini
C:\WINDOWS\system32\tDehQqss.ini2
==> VUNDO <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Crack
C:\DOCUME~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Crack\emu.dll
C:\DOCUME~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Crack\MMxpt.dll
C:\DOCUME~1\Owner\My Documents\mark's\Ten Thumbs Typing Tutor v4.3.1\Keygen.exe


[F:608][D:171]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:75][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:948][D:12]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 01/26/2009|18:47 - Option : [1]

--------------------\\ Scan completed at 18:47:15


ComboFix 09-01-21.04 - Owner 2009-01-26 19:02:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.974 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Uninstall Fun Web Products.dll
c:\program files\WinBudget
c:\program files\WinBudget\bin\crap.1165322059.old
c:\program files\WinBudget\bin\crap.1165947043.old
c:\program files\WinBudget\bin\crap.1166051515.old
c:\program files\WinBudget\bin\crap.1166073476.old
c:\program files\WinBudget\bin\crap.1166336981.old
c:\program files\WinBudget\bin\crap.1166571235.old
c:\program files\WinBudget\bin\matrix.dll
c:\program files\WinBudget\bin\matrix.dll.1165947043.old
c:\program files\WinBudget\bin\matrix.dll.1166051515.old
c:\program files\WinBudget\bin\matrix.dll.1166073475.old
c:\program files\WinBudget\bin\matrix.dll.1166336980.old
c:\program files\WinBudget\bin\matrix.dll.1166571235.old
c:\windows\cookies.ini
c:\windows\IE4 Error Log.txt
c:\windows\jestertb.dll
c:\windows\system32\~.exe
c:\windows\system32\a.exe
c:\windows\system32\abedubes.ini
c:\windows\system32\adunojol.ini
c:\windows\system32\afadikef.ini
c:\windows\system32\afafohuv.ini
c:\windows\system32\afedemim.ini
c:\windows\system32\aferuhab.ini
c:\windows\system32\afsgqy.dll
c:\windows\system32\agukesuz.ini
c:\windows\system32\ahadipek.ini
c:\windows\system32\ahakejid.ini
c:\windows\system32\ahamekis.ini
c:\windows\system32\ahewakuj.ini
c:\windows\system32\ahuzoses.ini
c:\windows\system32\ajidajit.ini
c:\windows\system32\akimejep.ini
c:\windows\system32\akumovuy.ini
c:\windows\system32\alarobup.ini
c:\windows\system32\amaferev.ini
c:\windows\system32\apalifab.ini
c:\windows\system32\apifihit.ini
c:\windows\system32\aporipab.ini
c:\windows\system32\apurofuh.ini
c:\windows\system32\araziyih.ini
c:\windows\system32\arisulub.ini
c:\windows\system32\ariyalez.ini
c:\windows\system32\asapagov.ini
c:\windows\system32\asutoluv.ini
c:\windows\system32\atzcdq.dll
c:\windows\system32\avemisul.ini
c:\windows\system32\avovabuk.ini
c:\windows\system32\avutufop.ini
c:\windows\system32\awehojak.ini
c:\windows\system32\awipatuh.ini
c:\windows\system32\awugekus.ini
c:\windows\system32\ayejewag.ini
c:\windows\system32\ayifaweb.ini
c:\windows\system32\ayoyetey.ini
c:\windows\system32\azufilag.ini
c:\windows\system32\bafepugi.dll
c:\windows\system32\bafilapa.dll
c:\windows\system32\bahurefa.dll
c:\windows\system32\bajujami.dll
c:\windows\system32\bakebizu.dll
c:\windows\system32\banudava.dll
c:\windows\system32\bapiropa.dll
c:\windows\system32\basojefo.dll
c:\windows\system32\batetora.dll
c:\windows\system32\bawisayo.dll
c:\windows\system32\behokori.dll
c:\windows\system32\bewafiya.dll
c:\windows\system32\bimiyala.dll
c:\windows\system32\binefiru.dll
c:\windows\system32\binosino.dll
c:\windows\system32\bitliw.dll
c:\windows\system32\bitosilu.dll
c:\windows\system32\biwamipe.dll
c:\windows\system32\biyoriwo.dll
c:\windows\system32\bizozuye.dll
c:\windows\system32\bobihezo.dll
c:\windows\system32\bpurcnfk.ini
c:\windows\system32\bulikagu.dll
c:\windows\system32\busotobi.dll
c:\windows\system32\bvtuqp.dll
c:\windows\system32\byrkuj.dll
c:\windows\system32\cecjbjto.ini
c:\windows\system32\cmljmq.dll
c:\windows\system32\cnjomq.dll
c:\windows\system32\dafajone.dll
c:\windows\system32\dahovawu.dll
c:\windows\system32\darokake.dll.tmp
c:\windows\system32\dawuluze.dll
c:\windows\system32\degoyezu.dll
c:\windows\system32\desowoya.dll
c:\windows\system32\dgwivxfw.ini
c:\windows\system32\dihepani.dll
c:\windows\system32\dijekaha.dll
c:\windows\system32\dijepahu.dll
c:\windows\system32\diwevari.dll
c:\windows\system32\dizabisa.dll
c:\windows\system32\dkbxbm.dll
c:\windows\system32\docdqr.dll
c:\windows\system32\duelkg.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\dupupimo.dll
c:\windows\system32\durifesu.dll
c:\windows\system32\dusaheru.dll
c:\windows\system32\ebedosup.ini
c:\windows\system32\ebetayev.ini
c:\windows\system32\ecvxsx.dll
c:\windows\system32\edijeluk.ini
c:\windows\system32\efemiviy.ini
c:\windows\system32\efemotaz.ini
c:\windows\system32\efijalas.ini
c:\windows\system32\efiwedos.ini
c:\windows\system32\efopetun.ini
c:\windows\system32\efufarag.ini
c:\windows\system32\efutored.ini
c:\windows\system32\ejakirer.ini
c:\windows\system32\ejononey.ini
c:\windows\system32\ekavujol.ini
c:\windows\system32\ekldxd.dll
c:\windows\system32\elepaleg.ini
c:\windows\system32\elimevil.ini
c:\windows\system32\enefehuz.ini
c:\windows\system32\enelalug.ini
c:\windows\system32\enojafad.ini
c:\windows\system32\enojunij.ini
c:\windows\system32\epifagiw.ini
c:\windows\system32\epimawib.ini
c:\windows\system32\epudusuz.ini
c:\windows\system32\epupuwek.ini
c:\windows\system32\erijahej.ini
c:\windows\system32\esahatoz.ini
c:\windows\system32\esifitiv.ini
c:\windows\system32\esitohuh.ini
c:\windows\system32\esufijof.ini
c:\windows\system32\etawemip.ini
c:\windows\system32\etifajil.ini
c:\windows\system32\ewafefel.ini
c:\windows\system32\ewnnxb.dll
c:\windows\system32\fafereza.dll
c:\windows\system32\fapufipe.dll
c:\windows\system32\fasodoya.dll
c:\windows\system32\favudeze.dll
c:\windows\system32\fazamage.dll
c:\windows\system32\fehobuti.dll
c:\windows\system32\fehunado.dll
c:\windows\system32\fekidafa.dll
c:\windows\system32\feyowupa.dll
c:\windows\system32\feyulisu.dll
c:\windows\system32\fikawute.dll
c:\windows\system32\fikokaka.dll
c:\windows\system32\fineloto.dll
c:\windows\system32\fivikeka.dll
c:\windows\system32\fiwumozo.dll
c:\windows\system32\fodadowa.dll
c:\windows\system32\fohipisu.dll
c:\windows\system32\fojifuse.dll
c:\windows\system32\fozososa.dll
c:\windows\system32\fupilito.dll
c:\windows\system32\furimaro.dll
c:\windows\system32\fuviroma.dll
c:\windows\system32\gabuwuwo.dll
c:\windows\system32\gagekije.dll
c:\windows\system32\gahrgm.dll
c:\windows\system32\gajikete.dll
c:\windows\system32\gajonepo.dll
c:\windows\system32\gakahulu.dll
c:\windows\system32\galifuza.dll
c:\windows\system32\garafufe.dll
c:\windows\system32\gatasapo.dll
c:\windows\system32\gedobago.dll
c:\windows\system32\gefahoma.dll
c:\windows\system32\gekedufo.dll
c:\windows\system32\gelapele.dll
c:\windows\system32\gepipali.dll
c:\windows\system32\gesekaku.dll
c:\windows\system32\gesohuve.dll
c:\windows\system32\gidefava.dll
c:\windows\system32\gikatuma.dll.tmp
c:\windows\system32\gikuzese.dll
c:\windows\system32\ginoyeho.dll
c:\windows\system32\givuvazu.dll
c:\windows\system32\gopevizu.dll
c:\windows\system32\gopohiyu.dll
c:\windows\system32\gopujozo.dll
c:\windows\system32\gosavaja.dll
c:\windows\system32\gugojamu.dll
c:\windows\system32\gujewipi.dll
c:\windows\system32\gurezita.dll
c:\windows\system32\guvetafo.dll
c:\windows\system32\guvuyudu.dll
c:\windows\system32\hafasego.dll
c:\windows\system32\halamiyi.dll
c:\windows\system32\hanekuma.dll
c:\windows\system32\hapikaro.dll
c:\windows\system32\hasilibo.dll.tmp
c:\windows\system32\hejivole.dll
c:\windows\system32\hemiyubu.dll
c:\windows\system32\henodume.dll
c:\windows\system32\hesudobu.dll
c:\windows\system32\hevajonu.dll
c:\windows\system32\hewevahu.dll
c:\windows\system32\hinosavu.dll
c:\windows\system32\hinuhilu.dll
c:\windows\system32\hisigopi.dll
c:\windows\system32\hisoyaji.dll
c:\windows\system32\hiswwb.dll
c:\windows\system32\hitigaro.dll
c:\windows\system32\hiyizara.dll
c:\windows\system32\hkxtytjt.ini
c:\windows\system32\hlvebf.dll
c:\windows\system32\hnprzu.dll
c:\windows\system32\hpvkec.dll
c:\windows\system32\huforupa.dll
c:\windows\system32\huhotise.dll
c:\windows\system32\hurevubi.dll
c:\windows\system32\hutapiwa.dll
c:\windows\system32\hywyeuwh.ini
c:\windows\system32\ibuveruh.ini
c:\windows\system32\idtcuogw.ini
c:\windows\system32\igiyatuy.ini
c:\windows\system32\ihurukar.ini
c:\windows\system32\ijayosih.ini
c:\windows\system32\ikireruj.ini
c:\windows\system32\ikmxapqm.ini
c:\windows\system32\ilapipeg.ini
c:\windows\system32\ilihodik.ini
c:\windows\system32\imajujab.ini
c:\windows\system32\imesidom.ini
c:\windows\system32\inoragut.ini
c:\windows\system32\inulolen.ini
c:\windows\system32\ipevorut.ini
c:\windows\system32\isozujaf.ini
c:\windows\system32\itubohef.ini
c:\windows\system32\ituhanis.ini
c:\windows\system32\ivakafot.ini
c:\windows\system32\ivefukoz.ini
c:\windows\system32\ivopunol.ini
c:\windows\system32\iwuyumev.ini
c:\windows\system32\izikemal.ini
c:\windows\system32\jabubewi.dll
c:\windows\system32\jalojoge.dll
c:\windows\system32\jamekezi.dll
c:\windows\system32\janilaje.dll.tmp
c:\windows\system32\jarugede.dll
c:\windows\system32\jayajuho.dll
c:\windows\system32\jefaduku.dll
c:\windows\system32\jegeputu.dll
c:\windows\system32\jehajire.dll
c:\windows\system32\jejuvusu.dll
c:\windows\system32\jeyomadi.dll
c:\windows\system32\jgsunz.dll
c:\windows\system32\jibafepo.dll
c:\windows\system32\jihikowi.dll
c:\windows\system32\jijuwajo.dll
c:\windows\system32\jilijavu.dll
c:\windows\system32\jinuwayi.dll
c:\windows\system32\jivulifu.dll
c:\windows\system32\jkkHXPIC.dll
c:\windows\system32\jobonene.dll
c:\windows\system32\josojewa.dll.tmp
c:\windows\system32\jovohovi.dll
c:\windows\system32\jozotone.dll
c:\windows\system32\jsriaz.dll
c:\windows\system32\juhiruma.dll
c:\windows\system32\jukaweha.dll
c:\windows\system32\juliyeyo.dll
c:\windows\system32\jureriki.dll
c:\windows\system32\juyibize.dll
c:\windows\system32\juyuruva.dll
c:\windows\system32\juzuhugo.dll
c:\windows\system32\kajalozi.dll
c:\windows\system32\kajohewa.dll
c:\windows\system32\kajojife.dll
c:\windows\system32\kapidugo.dll
c:\windows\system32\kefaketo.dll
c:\windows\system32\kelaworu.dll
c:\windows\system32\kerodaru.dll
c:\windows\system32\keyewahe.dll
c:\windows\system32\keyiyiho.dll
c:\windows\system32\kgcrmb.dll
c:\windows\system32\kibivegi.dll.tmp
c:\windows\system32\kibozebe.dll
c:\windows\system32\kidohili.dll
c:\windows\system32\kigitufe.dll
c:\windows\system32\kijozilu.dll
c:\windows\system32\kimufewa.dll
c:\windows\system32\kipehonu.dll
c:\windows\system32\kivigoru.dll
c:\windows\system32\kizonivo.dll
c:\windows\system32\kofipulo.dll
c:\windows\system32\kokevisa.dll
c:\windows\system32\kovibele.dll
c:\windows\system32\kowepoke.dll.tmp
c:\windows\system32\kozayuzi.dll
c:\windows\system32\kppyub.dll
c:\windows\system32\kubuwiwu.dll
c:\windows\system32\kudofipu.dll.tmp
c:\windows\system32\kujevuma.dll
c:\windows\system32\kulejide.dll
c:\windows\system32\kumujipa.dll
c:\windows\system32\kunazene.dll
c:\windows\system32\kvznzt.dll
c:\windows\system32\kxldtn.dll
c:\windows\system32\lapefafi.dll
c:\windows\system32\lapinuzi.dll
c:\windows\system32\larirugi.dll
c:\windows\system32\layojonu.dll
c:\windows\system32\lefefawe.dll
c:\windows\system32\legajiwa.dll
c:\windows\system32\lijiveti.dll
c:\windows\system32\lilevenu.dll
c:\windows\system32\lirolohu.dll
c:\windows\system32\livemile.dll
c:\windows\system32\lojeferu.dll
c:\windows\system32\lojonuda.dll
c:\windows\system32\lolanayo.dll
c:\windows\system32\lonupovi.dll
c:\windows\system32\losesafa.dll
c:\windows\system32\losogoyu.dll
c:\windows\system32\losubadu.dll
c:\windows\system32\lozevusi.dll
c:\windows\system32\lrwsjpsq.ini
c:\windows\system32\ludegaso.dll
c:\windows\system32\lulakodu.dll
c:\windows\system32\lumuheze.dll
c:\windows\system32\lunapigi.dll
c:\windows\system32\luniboga.dll.tmp
c:\windows\system32\lusafipi.dll
c:\windows\system32\lxrdgu.dll
c:\windows\system32\mafaweba.dll
c:\windows\system32\magipepu.dll
c:\windows\system32\masahola.dll
c:\windows\system32\maweyeri.dll
c:\windows\system32\mazakede.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mesirako.dll
c:\windows\system32\midinuro.dll
c:\windows\system32\mifahowi.dll
c:\windows\system32\mihezazo.dll
c:\windows\system32\mimadove.dll.tmp
c:\windows\system32\mipifiza.dll
c:\windows\system32\miwepiyi.dll
c:\windows\system32\mljwss.dll
c:\windows\system32\mobododi.dll.tmp
c:\windows\system32\modobuge.dll
c:\windows\system32\mojorajo.dll
c:\windows\system32\mokalejo.dll
c:\windows\system32\momejigo.dll
c:\windows\system32\moyawiso.dll
c:\windows\system32\mujehoye.dll
c:\windows\system32\munewaya.dll
c:\windows\system32\mutosiwi.dll
c:\windows\system32\muwedoru.dll
c:\windows\system32\muyayizu.dll
c:\windows\system32\muzevudo.dll
c:\windows\system32\nabehiti.dll
c:\windows\system32\nafidobe.dll
c:\windows\system32\najukabu.dll
c:\windows\system32\nebumefo.dll
c:\windows\system32\nemudodi.dll
c:\windows\system32\netafuno.dll
c:\windows\system32\netawesi.dll
c:\windows\system32\nigipoge.dll
c:\windows\system32\nimuhoke.dll
c:\windows\system32\nisamuza.dll
c:\windows\system32\niyureva.dll
c:\windows\system32\nnujja.dll
c:\windows\system32\nowadibe.dll.tmp
c:\windows\system32\nowelafo.dll
c:\windows\system32\noyutumi.dll
c:\windows\system32\nugesotu.dll
c:\windows\system32\numukari.dll
c:\windows\system32\odatopad.ini
c:\windows\system32\odofikek.ini
c:\windows\system32\odoteder.ini
c:\windows\system32\ofalewon.ini
c:\windows\system32\ofanatez.ini
c:\windows\system32\ofejosab.ini
c:\windows\system32\ofepujiz.ini
c:\windows\system32\ofsmoq.dll
c:\windows\system32\ogabodeg.ini
c:\windows\system32\ogosesul.ini
c:\windows\system32\ohajoyuz.ini
c:\windows\system32\ohiyiyek.ini
c:\windows\system32\ohujayaj.ini
c:\windows\system32\okarisem.ini
c:\windows\system32\okvmtkfi.ini
c:\windows\system32\olapehop.ini
c:\windows\system32\ololimiy.ini
c:\windows\system32\olumiday.ini
c:\windows\system32\omemafoy.ini
c:\windows\system32\omipupud.ini
c:\windows\system32\omodeviz.ini
c:\windows\system32\onurelik.ini
c:\windows\system32\onyyeggj.ini
c:\windows\system32\opebovus.ini
c:\windows\system32\orafitez.ini
c:\windows\system32\orunidim.ini
c:\windows\system32\orutejeb.ini
c:\windows\system32\osasigag.ini
c:\windows\system32\otalihat.ini
c:\windows\system32\otcuhc.dll
c:\windows\system32\otuzelus.ini
c:\windows\system32\ovinozik.ini
c:\windows\system32\owegotoy.ini
c:\windows\system32\oyabehud.ini
c:\windows\system32\oyasiwab.ini
c:\windows\system32\oyudonev.ini
c:\windows\system32\ozomedat.ini
c:\windows\system32\ozomuwif.ini
c:\windows\system32\ozosovar.ini
c:\windows\system32\padatenu.dll
c:\windows\system32\pafijime.dll
c:\windows\system32\pageteba.dll
c:\windows\system32\palozora.dll
c:\windows\system32\pasavepe.dll
c:\windows\system32\payulayo.dll
c:\windows\system32\pcuaze.dll
c:\windows\system32\pedetofo.dll
c:\windows\system32\pelogaja.dll
c:\windows\system32\penamomu.dll
c:\windows\system32\penilita.dll
c:\windows\system32\peyumane.dll
c:\windows\system32\pifutowa.dll
c:\windows\system32\pigokado.dll
c:\windows\system32\pirotima.dll
c:\windows\system32\pmwbuw.dll
c:\windows\system32\pofutuva.dll
c:\windows\system32\porataja.dll
c:\windows\system32\powalogi.dll
c:\windows\system32\Process.exe
c:\windows\system32\pudosuji.dll
c:\windows\system32\pupawuye.dll
c:\windows\system32\puyoruvo.dll
c:\windows\system32\puzaripu.dll
c:\windows\system32\puziwute.dll
c:\windows\system32\qadyer.dll
c:\windows\system32\qfoehvfl.ini
c:\windows\system32\qhvhqy.dll
c:\windows\system32\qqchyx.dll
c:\windows\system32\quogqn.dll
c:\windows\system32\rafazaki.dll
c:\windows\system32\rahadomu.dll
c:\windows\system32\rajijofa.dll
c:\windows\system32\rakuruhi.dll
c:\windows\system32\rapipugu.dll
c:\windows\system32\rasusige.dll
c:\windows\system32\ravibeho.dll
c:\windows\system32\razigibo.dll.tmp
c:\windows\system32\redetodo.dll
c:\windows\system32\repevumo.dll
c:\windows\system32\repowamo.dll
c:\windows\system32\rerikaje.dll
c:\windows\system32\rerimito.dll
c:\windows\system32\reveneko.dll
c:\windows\system32\rezelile.dll
c:\windows\system32\rezerima.dll
c:\windows\system32\rhxeenxk.ini
c:\windows\system32\ridomisi.dll
c:\windows\system32\rikevuku.dll
c:\windows\system32\ripisube.dll
c:\windows\system32\rirazabu.dll
c:\windows\system32\riwufiti.dll
c:\windows\system32\rodederi.dll
c:\windows\system32\rofazito.dll.tmp
c:\windows\system32\ronekowo.dll
c:\windows\system32\rozefalo.dll
c:\windows\system32\rqfvuy.dll
c:\windows\system32\rtlbwq.dll
c:\windows\system32\rubolezo.dll
c:\windows\system32\rudefosa.dll
c:\windows\system32\ruduleya.dll
c:\windows\system32\rufalube.dll
c:\windows\system32\rumikegu.dll
c:\windows\system32\ruwuyepi.dll
c:\windows\system32\sabilufi.dll
c:\windows\system32\sagogafu.dll
c:\windows\system32\salajife.dll
c:\windows\system32\salateji.dll
c:\windows\system32\sanazugi.dll
c:\windows\system32\sarotehi.dll
c:\windows\system32\sawiyasa.dll
c:\windows\system32\scttkyup.ini
c:\windows\system32\sdtpqd.dll
c:\windows\system32\sebudeba.dll
c:\windows\system32\sesefuhu.dll.tmp
c:\windows\system32\setideru.dll
c:\windows\system32\shpujk.dll
c:\windows\system32\sibinogo.dll
c:\windows\system32\sigiwiyu.dll
c:\windows\system32\simirodu.dll
c:\windows\system32\simivaha.dll
c:\windows\system32\sitizeme.dll
c:\windows\system32\siyulaji.dll.tmp
c:\windows\system32\sodewife.dll
c:\windows\system32\soewpa.dll
c:\windows\system32\somiyelu.dll
c:\windows\system32\sonesune.dll
c:\windows\system32\sotogiko.dll.tmp
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sulezuto.dll
c:\windows\system32\suligazu.dll
c:\windows\system32\supurehe.dll
c:\windows\system32\suvatonu.dll
c:\windows\system32\suvobepo.dll
c:\windows\system32\suyisuso.dll
c:\windows\system32\tanokoge.dll
c:\windows\system32\tanotuwo.dll
c:\windows\system32\tasafamu.dll
c:\windows\system32\tavegebi.dll
c:\windows\system32\tDehQqss.ini
c:\windows\system32\tDehQqss.ini2
c:\windows\system32\tebanara.dll
c:\windows\system32\tejohare.dll
c:\windows\system32\tesavohi.dll
c:\windows\system32\tibufenu.dll
c:\windows\system32\tiheroze.dll
c:\windows\system32\tijadija.dll
c:\windows\system32\tinajepu.dll
c:\windows\system32\titabate.dll
c:\windows\system32\tiyawobi.dll
c:\windows\system32\tmp.reg
c:\windows\system32\tobapedu.dll
c:\windows\system32\togaruyu.dll
c:\windows\system32\totazuvu.dll
c:\windows\system32\tugaroni.dll
c:\windows\system32\tuludave.dll
c:\windows\system32\tvwjtods.ini
c:\windows\system32\uascyk.dll
c:\windows\system32\ubakijut.ini
c:\windows\system32\ubedarek.ini
c:\windows\system32\udetagip.ini
c:\windows\system32\udodiwub.ini
c:\windows\system32\ufupabaf.ini
c:\windows\system32\ugameram.ini
c:\windows\system32\ujesufoy.ini
c:\windows\system32\ujeyutus.ini
c:\windows\system32\ujezikan.ini
c:\windows\system32\ukakeseg.ini
c:\windows\system32\ukerateg.ini
c:\windows\system32\ukoyihaw.ini
c:\windows\system32\ukuvekir.ini
c:\windows\system32\ulihunih.ini
c:\windows\system32\uluhakag.ini
c:\windows\system32\umajogug.ini
c:\windows\system32\unojoyal.ini
c:\windows\system32\unupisud.ini
c:\windows\system32\upopapov.ini
c:\windows\system32\upunolaw.ini
c:\windows\system32\uradorek.ini
c:\windows\system32\uredites.ini
c:\windows\system32\urodewum.ini
c:\windows\system32\usipihof.ini
c:\windows\system32\usuvujej.ini
c:\windows\system32\utumupum.ini
c:\windows\system32\utunopig.ini
c:\windows\system32\utupegej.ini
c:\windows\system32\uwavohub.ini
c:\windows\system32\uyogosol.ini
c:\windows\system32\uyuwijab.ini
c:\windows\system32\uzabeyeb.ini
c:\windows\system32\vahakohe.dll
c:\windows\system32\vapunatu.dll
c:\windows\system32\vatapobi.dll
c:\windows\system32\vdhxyo.dll
c:\windows\system32\vedilune.dll
c:\windows\system32\vegilahu.dll
c:\windows\system32\vehujega.dll
c:\windows\system32\vemazibi.dll
c:\windows\system32\vemiwobe.dll
c:\windows\system32\venoduyo.dll
c:\windows\system32\vepazasu.dll
c:\windows\system32\veyatebe.dll
c:\windows\system32\vifojika.dll
c:\windows\system32\vimoveko.dll
c:\windows\system32\vituluje.dll
c:\windows\system32\vmfrvl.dll
c:\windows\system32\vogapasa.dll
c:\windows\system32\vomobozi.dll
c:\windows\system32\vowayawu.dll
c:\windows\system32\voyebabe.dll
c:\windows\system32\vukugaju.dll
c:\windows\system32\vulotusa.dll
c:\windows\system32\vumazigo.dll
c:\windows\system32\vumiwivo.dll
c:\windows\system32\vuriyanu.dll
c:\windows\system32\vuwozisa.dll
c:\windows\system32\wafatoto.dll
c:\windows\system32\wahiyoku.dll
c:\windows\system32\walonupu.dll
c:\windows\system32\watolaja.dll
c:\windows\system32\wefohufa.dll.tmp
c:\windows\system32\wemobija.dll
c:\windows\system32\whxwwt.dll
c:\windows\system32\winusogu.dll
c:\windows\system32\witerisa.dll
c:\windows\system32\wiyakemo.dll
c:\windows\system32\wojefere.dll
c:\windows\system32\wolutuhe.dll
c:\windows\system32\wotupogo.dll
c:\windows\system32\wovatune.dll
c:\windows\system32\wubeteyi.dll
c:\windows\system32\wuhomuro.dll
c:\windows\system32\wuninemo.dll
c:\windows\system32\wuzuzajo.dll
c:\windows\system32\xfkytewh.ini
c:\windows\system32\xicxos.dll
c:\windows\system32\xvedyv.dll
c:\windows\system32\xvxean.dll
c:\windows\system32\yahiyito.dll
c:\windows\system32\yajulose.dll.tmp
c:\windows\system32\yakikeru.dll
c:\windows\system32\yavetuja.dll
c:\windows\system32\yavuloke.dll
c:\windows\system32\yehiwofa.dll
c:\windows\system32\yehiyono.dll
c:\windows\system32\yejoheti.dll
c:\windows\system32\yekotaju.dll
c:\windows\system32\yenonoje.dll
c:\windows\system32\yepitayo.dll
c:\windows\system32\yeteyoya.dll
c:\windows\system32\yibqzf.dll
c:\windows\system32\yijugahi.dll
c:\windows\system32\yipumuye.dll
c:\windows\system32\yirujeru.dll
c:\windows\system32\yisusasi.dll
c:\windows\system32\yodebogo.dll
c:\windows\system32\yodohasi.dll
c:\windows\system32\yofuseju.dll
c:\windows\system32\yomumahe.dll
c:\windows\system32\yotogewo.dll
c:\windows\system32\yotukuzo.dll
c:\windows\system32\yoyamama.dll
c:\windows\system32\yozojuba.dll
c:\windows\system32\yukajubi.dll
c:\windows\system32\yunorone.dll
c:\windows\system32\yupujufo.dll
c:\windows\system32\yutayigi.dll
c:\windows\system32\yuunjjiq.ini
c:\windows\system32\zagawube.dll
c:\windows\system32\zahutova.dll
c:\windows\system32\zakawuli.dll
c:\windows\system32\zateseso.dll
c:\windows\system32\zayiveva.dll
c:\windows\system32\zijupefo.dll
c:\windows\system32\zikujame.dll
c:\windows\system32\zilebobi.dll
c:\windows\system32\zinavuda.dll
c:\windows\system32\ziwazele.dll
c:\windows\system32\zofupeno.dll
c:\windows\system32\zokufevi.dll
c:\windows\system32\zopotipi.dll
c:\windows\system32\zoselura.dll
c:\windows\system32\zotahase.dll
c:\windows\system32\zuhefene.dll
c:\windows\system32\zujerivi.dll
c:\windows\system32\zulojojo.dll
c:\windows\system32\zuluwesa.dll
c:\windows\system32\zumunegi.dll
c:\windows\system32\zurafogu.dll
c:\windows\system32\zusekuga.dll
c:\windows\system32\zusudupe.dll
c:\windows\system32\zutegito.dll
c:\windows\system32\zutozube.dll
c:\windows\system32\zuyojaho.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.

2009-01-26 18:39 . 2009-01-26 18:47 <DIR> d-------- C:\Lop SD
2009-01-16 06:53 . 2009-01-16 06:53 2,713 ---hs---- c:\windows\system32\wopasufe.dll
2009-01-12 17:23 . 2009-01-12 17:23 2,713 ---hs---- c:\windows\system32\noyukibu.dll
2009-01-08 07:26 . 2009-01-08 07:26 <DIR> d-------- c:\program files\dumbsavereadme
2009-01-05 17:33 . 2009-01-05 17:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 00:16 --------- d-----w c:\program files\DNA
2009-01-27 00:16 --------- d-----w c:\documents and settings\Owner\Application Data\WTablet
2009-01-27 00:16 --------- d-----w c:\documents and settings\Owner\Application Data\DNA
2009-01-26 19:11 --------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
2009-01-17 09:34 --------- d-----w c:\program files\Google
2009-01-08 12:27 --------- d-----w c:\documents and settings\Owner\Application Data\dumbsavereadme
2009-01-08 12:27 --------- d-----w c:\documents and settings\All Users\Application Data\each new axis love
2008-12-26 04:18 --------- d-----w c:\program files\Tablet
2008-12-25 17:58 --------- d-----w c:\program files\Electronic Arts
2008-12-25 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 03:32 --------- d-----w c:\program files\iTunes
2008-12-10 03:32 --------- d-----w c:\program files\iPod
2008-12-10 03:32 --------- d-----w c:\program files\Common Files\Apple
2008-12-10 03:32 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-10 03:31 --------- d-----w c:\program files\QuickTime
2008-12-10 03:22 --------- d-----w c:\program files\Safari
2008-12-06 01:36 --------- d-----w c:\program files\Sims2Pack Clean Installer
2008-11-30 18:19 --------- d-----w c:\documents and settings\Owner\Application Data\Move Networks
2007-12-05 23:04 284 -c--a-w c:\documents and settings\Owner\Application Data\ViewerApp.dat
2007-11-13 14:12 382 -c--a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2006-06-26 03:13 565,248 -csha-w c:\program files\ehthumbs.db
2006-03-24 04:13 131,072 ----a-w c:\documents and settings\Owner\Prince-3121 (Retail).[WwW.LiMiTeDiVx.CoM].By KELOLO.zip
2008-09-02 08:31 77,824 --sha-w c:\windows\system32\kemuzoju.dll
2008-09-16 03:46 79,872 --sha-w c:\windows\system32\peyobire.dll
2008-09-08 22:35 2,048 --sha-w c:\windows\system32\vekukedu.dll
2008-09-08 22:35 87,040 --sha-w c:\windows\system32\yonevena.dll
1601-01-01 00:12 102,912 --sha-w c:\windows\system32\yunuduha.dll
2008-09-05 21:33 92,672 --sha-w c:\windows\system32\zosinawo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-06-20 1207080]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-03 342848]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-04 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"close trans"="c:\docume~1\Owner\APPLIC~1\DUMBSA~1\Show tray.exe" [2009-01-08 635904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ShowWnd"="ShowWnd.exe" [2003-09-19 c:\windows\ShowWnd.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-01-05 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-01-31 c:\windows\ALCWZRD.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\progra~1\mcafee\mcafee antispyware\mssshell.dll" [2005-07-17 155769]
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 04:25 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\axis love poll lite]
--a------ 2009-01-26 19:16 733184 c:\documents and settings\All Users\Application Data\each new axis love\fast drive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2009-01-03 14:03 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\close trans]
--a------ 2009-01-08 07:26 635904 c:\docume~1\Owner\APPLIC~1\DUMBSA~1\Show tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-22 12:34 2772992 c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-01-04 12:24 133104 c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a--c--- 2004-06-23 21:22 729088 c:\program files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2001-08-16 23:41 28738 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-01-07 15:02 495616 c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 01:42 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a--c--- 2005-03-09 10:49 966656 c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-13 11:26 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 17:54 37376 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a--c--- 2001-10-05 19:34 24576 c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2004-05-17 20:30 543232 c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Netscape\\Netscape\\Netscp.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MidTen Media\\Comic Collector Live\\CCL.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AUPDATE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-25 1373480]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-10 24652]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-26 c:\windows\Tasks\B78F762D91851F69.job
- c:\docume~1\owner\applic~1\dumbsa~1\BARBSIGNUPLOAD.exe [2009-01-08 07:27]

2009-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3980681228-1451906632-1211546294-1006.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-04 12:24]

2009-01-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{34AD8CB2-310B-6B8E-2177-38B6023DF090} - (no file)
BHO-{3d93ff23-207e-4834-8898-72bb006696c8} - c:\windows\system32\xicxos.dll
BHO-{44dc14e3-3e5a-44cc-85f1-0cb1d677d5ea} - c:\windows\system32\yepitayo.dll
BHO-{6D5F89DC-7093-423E-AD09-115DEC9E2302} - (no file)
BHO-{9BACE33E-AE7C-414A-AB07-80D23C50CE8E} - (no file)
BHO-{D7D3261D-E239-45E3-9247-9FB77C9C43AC} - (no file)
Notify-jkkHBSMG - jkkHBSMG.dll
MSConfigStartUp-5cca4689 - c:\windows\system32\hutapiwa.dll
MSConfigStartUp-CPM5ff97515 - c:\windows\system32\yakikeru.dll
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-zutuwuhulu - c:\windows\system32\mimadove.dll
MSConfigStartUp-_AntiSpyware - c:\progra~1\mcafee\MCAFEE~1\MssCli.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5kfmn57h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5kfmn57h.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 19:17:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000002

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\SecuROM\License information*]
"datasecu"=hex:a0,f1,d4,c2,bb,78,7e,60,50,6a,5d,6f,84,78,9d,a7,78,71,0e,34,b4,
fd,75,8b,6c,89,b4,2e,31,a1,03,d1,d1,c9,d3,10,2c,f1,d9,0c,1e,22,58,db,92,82,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MCAFEE~1\msssrv.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\RMSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-01-26 19:24:37 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-01-27 00:23:07
ComboFix2.txt 2007-10-09 15:29:25

Pre-Run: 29,774,319,616 bytes free
Post-Run: 32,011,358,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

955 --- E O F --- 2009-01-27 00:24:33


Logfile of HijackThis v1.99.1
Scan saved at 9:08:08 PM, on 1/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [close trans] C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\Show tray.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.aim.com/ygp/aol/plugi ... .5.1.8.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/tel ... tTeleX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Jason2781
Regular Member
 
Posts: 18
Joined: June 30th, 2007, 9:50 pm

Re: Problem with pop ups; please help!

Unread postby Axephilic » January 27th, 2009, 9:18 am

Hello,

Run LOP S&D
Double click LopSD.exe to start the program.

  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 3 to choose Option 3 (Fix - Hosts), then press Enter
  • Don't close the window during suppression!
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
c:\windows\system32\wopasufe.dll
c:\windows\system32\noyukibu.dll
c:\documents and settings\Owner\Prince-3121 (Retail).[WwW.LiMiTeDiVx.CoM].By KELOLO.zip
c:\windows\system32\kemuzoju.dll
c:\windows\system32\peyobire.dll
c:\windows\system32\vekukedu.dll
c:\windows\system32\yonevena.dll
c:\windows\system32\yunuduha.dll
c:\windows\system32\zosinawo.dll
C:\WINDOWS\system32\tDehQqss.ini
C:\WINDOWS\system32\tDehQqss.ini2
C:\DOCUME~1\Owner\LOCALS~1\Temp\nse42B.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\sta11.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sta37A.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sta7.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\sta8BF.exe
Folder::
c:\documents and settings\Owner\Application Data\WTablet
c:\documents and settings\Owner\Application Data\DNA
c:\documents and settings\Owner\Application Data\BitTorrent
c:\documents and settings\Owner\Application Data\Move Networks
C:\DOCUME~1\Owner\My Documents\mark's\Dreamweaver.MX.2004
C:\DOCUME~1\Owner\My Documents\mark's\Ten Thumbs Typing Tutor v4.3.1
C:\Program Files\BitGrabber
C:\Program Files\BitGrabber\BitGrabber.TRC
C:\DOCUME~1\Owner\APPLIC~1\BitGrabber
C:\Program Files\DNA
C:\Program Files\BitTorrent
C:\Program Files\BitGrabber
C:\Program Files\Azureus
C:\DOCUME~1\Owner\APPLIC~1\.BitTornado
C:\DOCUME~1\Owner\APPLIC~1\Azureus
C:\DOCUME~1\Owner\APPLIC~1\BitGrabber
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\close trans]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
"c:\\Program Files\\DNA\\btdna.exe"=-


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include:
  1. LOPr.txt
  2. ComboFix log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Problem with pop ups; please help!

Unread postby Jason2781 » January 28th, 2009, 1:27 am

Here you go, thanks

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Default System BIOS
USER : Owner ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:228 Go (Free:29 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [3] ( Wed 01/28/2009| 0:02 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Each New Axis Love\DASH ROAD.dat
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Each New Axis Love\DASH ROAD.exe
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Each New Axis Love\fast drive.dat
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Each New Axis Love\fast drive.exe
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Each New Axis Love\Plan Meta.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\BARBSIGNUPLOAD.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\bdwlqloh.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\cfjilnwd.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\dwrfgzpl.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\fjtellvj.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\fmmrsfra.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\fxtoarxa.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\gnybapeh.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\izzogaqb.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\jsgypvwx.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\khyvhnce.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\nfbkckag.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\ojmyykhk.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\oqaxjwio.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\qhlzkuae.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\qshtifsm.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\rapbulnl.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\rrbeltfg.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\sblrymdt.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\Show tray.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\tetbcdag.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\tkbkzaqg.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\vdpovnts.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\wadifirz.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\ygzsbyjt.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\ypvvckvs.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\zhhmcmbj.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\ztdwbmgc.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\ztmkacfi.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1\zxvgvrzi.exe
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\BitGrabber\Data
Deleted! - C:\Program Files\BitGrabber\BitGrabber.TRC
Deleted! - C:\DOCUME~1\Owner\Cookies\owner@advertising[1].txt
Deleted! - C:\WINDOWS\Tasks\B78F762D91851F69.job
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Each New Axis Love
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Log Htm Lite Each
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\dumbsa~1
Deleted! - C:\Program Files\dumbsa~1
Deleted! - C:\DOCUME~1\Owner\APPLIC~1\BitGrabber
Deleted! - C:\Program Files\BitGrabber
Deleted! - C:\Program Files\3wPlayer

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Deleted! - C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[04/13/2005|12:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[05/20/2005|06:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[05/20/2005|05:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[04/13/2005|12:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[12/09/2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[07/08/2008|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/12/2005|05:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[10/24/2005|06:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[11/26/2007|07:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[10/10/2007|07:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[06/16/2007|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/24/2006|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[08/18/2007|09:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ATI
[08/16/2005|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[07/20/2008|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[06/04/2008|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Firefly Studios
[12/09/2007|08:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[01/17/2009|04:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[08/04/2007|01:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[06/29/2007|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kontiki
[09/20/2008|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[08/16/2006|03:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macrovision
[05/20/2005|05:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[08/20/2005|10:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[07/07/2008|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[02/17/2007|02:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[03/15/2008|06:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> OrbNetworks
[05/20/2005|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[05/20/2005|05:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[08/23/2005|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[11/28/2005|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G4
[03/16/2008|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SimCity Societies
[08/25/2008|04:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony
[06/29/2007|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[09/09/2008|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[02/08/2008|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[03/15/2008|06:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Winamp Toolbar
[12/13/2006|06:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/28/2008|03:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[04/28/2008|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[04/13/2005|12:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[05/20/2005|06:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[05/20/2005|05:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[04/13/2005|12:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[08/16/2005|09:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[08/29/2005|10:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[02/03/2006|02:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla

[04/13/2005|12:20] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Identities
[06/25/2006|12:29] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Microsoft
[05/20/2005|05:50] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> SampleView
[04/13/2005|12:43] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Sun

[01/15/2008|12:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[09/16/2005|12:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> .BitTornado
[08/27/2008|08:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[07/08/2008|08:32] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM
[05/09/2006|09:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ahead
[08/17/2005|12:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Aim
[06/16/2007|12:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[04/15/2007|12:45] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ATI
[02/10/2006|08:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Azureus
[01/26/2009|02:11] C:\DOCUME~1\Owner\APPLIC~1\<DIR> BitTorrent
[07/22/2008|11:07] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Canon
[08/16/2005|10:04] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CyberLink
[01/27/2009|11:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> DNA
[08/21/2005|07:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> dvdcss
[07/13/2006|11:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> eFax Messenger
[12/11/2006|01:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Flock
[06/18/2007|06:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> FTW
[12/22/2006|08:08] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[08/04/2007|02:00] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Grisoft
[05/08/2006|12:15] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HBA
[04/05/2007|08:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[04/13/2005|12:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[02/07/2008|07:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[08/21/2007|01:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lionhead Studios
[04/11/2006|06:27] C:\DOCUME~1\Owner\APPLIC~1\<DIR> LucasArts
[09/09/2008|07:46] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[08/21/2005|01:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> McAfee
[07/09/2008|06:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[11/30/2008|01:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Move Networks
[09/20/2008|11:30] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[09/09/2008|07:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> My Games
[07/18/2007|01:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MySpace
[02/25/2008|02:25] C:\DOCUME~1\Owner\APPLIC~1\<DIR> NetMedia Providers
[10/27/2006|05:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Netscape
[11/04/2005|12:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Opera
[09/09/2008|07:44] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Petroglyph
[09/30/2005|08:34] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Publish Providers
[05/13/2007|04:16] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real
[05/20/2005|05:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SampleView
[06/18/2008|10:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SecuROM
[04/06/2006|07:44] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SlySoft
[02/12/2008|02:52] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Softplicity
[08/25/2008|04:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sony
[12/25/2007|07:34] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sony Corporation
[11/18/2008|11:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SPORE
[08/12/2008|08:12] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SPORE Creature Creator
[04/13/2005|12:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[08/16/2005|08:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Symantec
[12/06/2005|02:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Template
[06/30/2007|09:10] C:\DOCUME~1\Owner\APPLIC~1\<DIR> TrojanHunter
[01/01/2007|08:33] C:\DOCUME~1\Owner\APPLIC~1\<DIR> vlc
[01/27/2009|03:12] C:\DOCUME~1\Owner\APPLIC~1\<DIR> WTablet
[04/11/2006|06:17] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Xfire
[04/30/2008|08:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Yahoo!

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/27/2009 11:19 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3980681228-1451906632-1211546294-1006.job
[01/27/2009 03:15 AM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[01/27/2009 08:31 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/27/2009 03:12 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 02:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[07/23/2007|09:50] C:\Program Files\<DIR> 3DGroove
[12/30/2006|09:31] C:\Program Files\<DIR> 3GP_Converter034
[12/09/2007|08:58] C:\Program Files\<DIR> Adobe
[08/05/2006|09:48] C:\Program Files\<DIR> Ahead
[08/20/2005|01:33] C:\Program Files\<DIR> AIM
[08/18/2007|09:15] C:\Program Files\<DIR> AliveMedia
[05/10/2008|02:17] C:\Program Files\<DIR> Amazon
[10/27/2006|05:30] C:\Program Files\<DIR> AOD
[08/11/2008|01:33] C:\Program Files\<DIR> Apple Software Update
[08/18/2007|09:34] C:\Program Files\<DIR> ATI Technologies
[06/25/2006|01:39] C:\Program Files\<DIR> AviSynth 2.5
[02/10/2006|08:39] C:\Program Files\<DIR> Azureus
[05/20/2005|05:41] C:\Program Files\<DIR> BigFix
[08/29/2008|09:58] C:\Program Files\<DIR> BitTorrent
[12/30/2006|10:58] C:\Program Files\<DIR> Boilsoft MP4 Converter
[11/12/2008|11:41] C:\Program Files\<DIR> Bonjour
[05/11/2008|02:07] C:\Program Files\<DIR> CA Yahoo! Anti-Spy
[06/04/2007|10:39] C:\Program Files\<DIR> CDisplay
[02/11/2006|10:04] C:\Program Files\<DIR> CDKnet
[11/25/2008|12:28] C:\Program Files\<DIR> City of Heroes
[06/30/2007|06:18] C:\Program Files\<DIR> CleanUp!
[01/26/2009|07:03] C:\Program Files\<DIR> Common Files
[06/04/2008|09:07] C:\Program Files\<DIR> Computerbrains
[05/20/2005|05:24] C:\Program Files\<DIR> CONEXANT
[05/20/2005|05:48] C:\Program Files\<DIR> CyberLink
[08/08/2006|02:11] C:\Program Files\<DIR> DDS Converter 2
[06/30/2007|09:09] C:\Program Files\<DIR> Digital Media Reader
[02/08/2008|01:43] C:\Program Files\<DIR> Digital Photo Recovery
[02/04/2006|02:32] C:\Program Files\<DIR> Direct WAV MP3 Splitter
[08/18/2007|09:12] C:\Program Files\<DIR> directx
[07/25/2006|04:05] C:\Program Files\<DIR> Disney
[08/24/2008|08:09] C:\Program Files\<DIR> DivX
[01/27/2009|03:11] C:\Program Files\<DIR> DNA
[04/11/2006|09:57] C:\Program Files\<DIR> DVD Decrypter
[08/31/2007|11:13] C:\Program Files\<DIR> DVD Shrink
[03/02/2008|08:07] C:\Program Files\<DIR> EA GAMES
[12/25/2008|12:58] C:\Program Files\<DIR> Electronic Arts
[03/22/2007|04:43] C:\Program Files\<DIR> Enigma Software Group
[12/25/2005|01:11] C:\Program Files\<DIR> Firaxis Games
[10/04/2006|08:14] C:\Program Files\<DIR> Firefly Studios
[12/11/2006|01:54] C:\Program Files\<DIR> Flock
[11/24/2006|01:03] C:\Program Files\<DIR> GameShadow
[01/17/2009|04:34] C:\Program Files\<DIR> Google
[08/04/2007|01:59] C:\Program Files\<DIR> Grisoft
[02/17/2007|02:52] C:\Program Files\<DIR> Guild Wars
[09/07/2005|07:16] C:\Program Files\<DIR> Hello
[01/26/2009|09:08] C:\Program Files\<DIR> Hijackthis
[11/19/2006|01:59] C:\Program Files\<DIR> Home And Business Attorney
[03/03/2006|03:36] C:\Program Files\<DIR> Ibibi AB
[01/31/2008|11:11] C:\Program Files\<DIR> ImTOO
[12/25/2008|12:56] C:\Program Files\<DIR> InstallShield Installation Information
[08/18/2007|09:54] C:\Program Files\<DIR> Intel
[09/11/2005|09:23] C:\Program Files\<DIR> InterActual
[01/27/2009|03:11] C:\Program Files\<DIR> Internet Explorer
[12/09/2008|10:32] C:\Program Files\<DIR> iPod
[10/26/2007|07:48] C:\Program Files\<DIR> Ipswitch
[12/09/2008|10:32] C:\Program Files\<DIR> iTunes
[11/13/2008|11:26] C:\Program Files\<DIR> Java
[09/20/2008|09:35] C:\Program Files\<DIR> Lavasoft
[03/17/2008|11:37] C:\Program Files\<DIR> Lionhead Studios
[11/17/2005|11:04] C:\Program Files\<DIR> Lionhead Studios Ltd
[09/09/2008|07:44] C:\Program Files\<DIR> LucasArts
[09/09/2008|07:46] C:\Program Files\<DIR> Macromedia
[12/09/2007|11:36] C:\Program Files\<DIR> MagicDisc
[09/15/2005|07:44] C:\Program Files\<DIR> Maxis
[08/21/2005|01:08] C:\Program Files\<DIR> McAfee
[05/20/2005|05:44] C:\Program Files\<DIR> McAfee.com
[02/17/2007|03:02] C:\Program Files\<DIR> McDC++
[01/18/2007|09:54] C:\Program Files\<DIR> MediaCoder
[08/14/2008|02:04] C:\Program Files\<DIR> Messenger
[07/05/2008|09:21] C:\Program Files\<DIR> Microsoft ActiveSync
[04/13/2005|12:21] C:\Program Files\<DIR> microsoft frontpage
[01/19/2006|10:12] C:\Program Files\<DIR> Microsoft Money 2005
[03/28/2007|01:46] C:\Program Files\<DIR> Microsoft Office
[01/12/2008|10:29] C:\Program Files\<DIR> Microsoft Picture It! 10
[08/25/2008|04:30] C:\Program Files\<DIR> Microsoft SQL Server
[03/28/2007|01:44] C:\Program Files\<DIR> Microsoft Works
[03/28/2007|01:40] C:\Program Files\<DIR> Microsoft Works Suite 2002
[11/12/2008|11:34] C:\Program Files\<DIR> MidTen Media
[06/12/2008|01:03] C:\Program Files\<DIR> ModTheSims2.com
[08/27/2006|07:10] C:\Program Files\<DIR> Monte Cristo
[04/13/2005|12:16] C:\Program Files\<DIR> Movie Maker
[01/20/2009|06:27] C:\Program Files\<DIR> Mozilla Firefox
[11/16/2008|07:52] C:\Program Files\<DIR> mp3 software
[12/31/2006|01:03] C:\Program Files\<DIR> Mp4 Converter
[04/13/2005|12:12] C:\Program Files\<DIR> MSN
[08/20/2005|01:33] C:\Program Files\<DIR> MSN Encarta Plus
[04/13/2005|12:13] C:\Program Files\<DIR> MSN Gaming Zone
[04/17/2007|11:59] C:\Program Files\<DIR> MSXML 4.0
[04/24/2006|09:07] C:\Program Files\<DIR> MyAllMovies
[01/12/2008|10:32] C:\Program Files\<DIR> MySpace
[08/15/2007|11:55] C:\Program Files\<DIR> Napster
[04/13/2005|12:16] C:\Program Files\<DIR> NetMeeting
[10/27/2006|05:28] C:\Program Files\<DIR> Netscape
[12/30/2006|04:42] C:\Program Files\<DIR> NO1 DVD Audio Ripper
[09/09/2008|07:58] C:\Program Files\<DIR> Norton AntiVirus
[08/09/2006|12:13] C:\Program Files\<DIR> NVIDIA Corporation
[01/12/2008|11:00] C:\Program Files\<DIR> Online Services
[08/18/2007|09:11] C:\Program Files\<DIR> Outlook Express
[02/07/2008|10:37] C:\Program Files\<DIR> PhotoRescue 3.1.2.10607 PC
[12/25/2006|08:57] C:\Program Files\<DIR> PIXELA
[08/05/2006|09:48] C:\Program Files\<DIR> pspvideo9
[08/27/2006|07:18] C:\Program Files\<DIR> Pure Networks
[12/09/2008|10:31] C:\Program Files\<DIR> QuickTime
[01/12/2008|10:35] C:\Program Files\<DIR> Real
[08/18/2007|09:58] C:\Program Files\<DIR> Realtek
[02/01/2008|07:15] C:\Program Files\<DIR> Red Kawa
[11/25/2008|12:18] C:\Program Files\<DIR> RegCure
[06/30/2007|06:01] C:\Program Files\<DIR> RegFix Mantra
[08/31/2007|06:33] C:\Program Files\<DIR> Riva
[02/07/2008|10:15] C:\Program Files\<DIR> Runtime Software
[12/09/2008|10:22] C:\Program Files\<DIR> Safari
[08/05/2006|09:48] C:\Program Files\<DIR> SecureVideo Plug-in
[02/17/2007|03:01] C:\Program Files\<DIR> Shockwave.com
[12/05/2008|08:36] C:\Program Files\<DIR> Sims2Pack Clean Installer
[09/09/2008|07:51] C:\Program Files\<DIR> Sony
[12/25/2006|08:49] C:\Program Files\<DIR> Sony Corporation
[01/12/2008|10:34] C:\Program Files\<DIR> Sony Handheld
[02/25/2008|02:11] C:\Program Files\<DIR> Sony Setup
[06/04/2006|08:16] C:\Program Files\<DIR> Stardock
[05/19/2008|08:50] C:\Program Files\<DIR> Sun
[09/09/2008|08:02] C:\Program Files\<DIR> Symantec
[09/11/2008|02:10] C:\Program Files\<DIR> SymNetDrv
[12/25/2008|11:18] C:\Program Files\<DIR> Tablet
[11/24/2006|01:03] C:\Program Files\<DIR> The Weather Channel
[02/12/2008|02:52] C:\Program Files\<DIR> TotalAudioConverter
[06/30/2007|09:16] C:\Program Files\<DIR> TrojanHunter 4.7
[08/16/2005|05:44] C:\Program Files\<DIR> Uninstall Information
[06/27/2008|05:28] C:\Program Files\<DIR> VideoLAN
[08/21/2006|09:36] C:\Program Files\<DIR> VideoraXbox360Converter
[01/28/2009|12:03] C:\Program Files\<DIR> Viewpoint
[09/09/2008|07:51] C:\Program Files\<DIR> VSTplugins
[12/11/2005|08:09] C:\Program Files\<DIR> Wave Splitter
[05/04/2008|10:36] C:\Program Files\<DIR> Winamp
[03/15/2008|06:10] C:\Program Files\<DIR> Winamp Remote
[03/15/2008|06:10] C:\Program Files\<DIR> Winamp Toolbar
[01/13/2008|12:00] C:\Program Files\<DIR> Windows Defender
[08/16/2005|05:44] C:\Program Files\<DIR> Windows Media Components
[12/11/2006|10:27] C:\Program Files\<DIR> Windows Media Connect 2
[07/01/2007|02:14] C:\Program Files\<DIR> Windows Media Player
[04/13/2005|12:13] C:\Program Files\<DIR> Windows NT
[04/13/2005|12:13] C:\Program Files\<DIR> Windows Plus
[05/25/2007|08:36] C:\Program Files\<DIR> WinRAR
[11/04/2005|02:03] C:\Program Files\<DIR> Womble Multimedia
[04/13/2005|12:21] C:\Program Files\<DIR> xerox
[10/08/2006|02:26] C:\Program Files\<DIR> Xfire
[09/17/2005|04:17] C:\Program Files\<DIR> Xingtone
[04/28/2008|03:08] C:\Program Files\<DIR> Yahoo!
[02/07/2008|10:48] C:\Program Files\<DIR> ZAR

--------------------\\ Listing Folders in C:\Program Files\Common Files

[07/08/2008|08:10] C:\Program Files\Common Files\<DIR> Adobe
[09/12/2005|05:36] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[05/20/2005|05:41] C:\Program Files\Common Files\<DIR> Ahead
[11/26/2007|07:29] C:\Program Files\Common Files\<DIR> AOL
[12/09/2008|10:32] C:\Program Files\Common Files\<DIR> Apple
[05/20/2005|05:45] C:\Program Files\Common Files\<DIR> DESIGNER
[03/17/2008|11:32] C:\Program Files\Common Files\<DIR> EasyInfo
[05/20/2005|05:47] C:\Program Files\Common Files\<DIR> InstallShield
[08/30/2007|06:34] C:\Program Files\Common Files\<DIR> Java
[09/09/2008|07:46] C:\Program Files\Common Files\<DIR> Macromedia
[08/21/2005|01:08] C:\Program Files\Common Files\<DIR> McAfee
[07/05/2008|09:21] C:\Program Files\Common Files\<DIR> Microsoft Shared
[10/27/2006|05:30] C:\Program Files\Common Files\<DIR> mozilla.org
[04/13/2005|12:16] C:\Program Files\Common Files\<DIR> MSSoap
[12/25/2006|08:49] C:\Program Files\Common Files\<DIR> muvee Technologies
[05/20/2005|05:31] C:\Program Files\Common Files\<DIR> New Boundary
[05/20/2005|05:38] C:\Program Files\Common Files\<DIR> Nullsoft
[05/23/2007|10:41] C:\Program Files\Common Files\<DIR> Real
[05/20/2005|05:47] C:\Program Files\Common Files\<DIR> Roxio Shared
[07/04/2006|12:32] C:\Program Files\Common Files\<DIR> Scanner
[04/13/2005|12:16] C:\Program Files\Common Files\<DIR> Services
[04/13/2005|05:08] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/31/2007|06:33] C:\Program Files\Common Files\<DIR> SWF Studio
[09/09/2008|08:02] C:\Program Files\Common Files\<DIR> Symantec Shared
[11/13/2007|08:51] C:\Program Files\Common Files\<DIR> System
[09/20/2008|09:34] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[05/23/2007|10:41] C:\Program Files\Common Files\<DIR> xing shared
[09/11/2005|01:40] C:\Program Files\Common Files\<DIR> YGP

--------------------\\ Process

( 57 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 00:04:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Crack
C:\DOCUME~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Crack\emu.dll
C:\DOCUME~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Crack\MMxpt.dll
C:\DOCUME~1\Owner\My Documents\mark's\Ten Thumbs Typing Tutor v4.3.1\Keygen.exe


[F:6][D:3]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:74][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:9][D:3]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 01/26/2009|18:47 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Wed 01/28/2009| 0:06 - Option : [3]

--------------------\\ Scan completed at 0:06:52


ComboFix 09-01-21.04 - Owner 2009-01-28 0:12:07.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.970 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\docume~1\Owner\LOCALS~1\Temp\nse42B.tmp
c:\docume~1\Owner\LOCALS~1\Temp\sta11.exe
c:\docume~1\Owner\LOCALS~1\Temp\sta37A.exe
c:\docume~1\Owner\LOCALS~1\Temp\sta7.exe
c:\docume~1\Owner\LOCALS~1\Temp\sta8BF.exe
c:\documents and settings\Owner\Prince-3121 (Retail).[WwW.LiMiTeDiVx.CoM].By KELOLO.zip
c:\windows\system32\kemuzoju.dll
c:\windows\system32\noyukibu.dll
c:\windows\system32\peyobire.dll
c:\windows\system32\tDehQqss.ini
c:\windows\system32\tDehQqss.ini2
c:\windows\system32\vekukedu.dll
c:\windows\system32\wopasufe.dll
c:\windows\system32\yonevena.dll
c:\windows\system32\yunuduha.dll
c:\windows\system32\zosinawo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\APPLIC~1\.BitTornado
c:\docume~1\Owner\APPLIC~1\.BitTornado\config.gui.ini
c:\docume~1\Owner\APPLIC~1\.BitTornado\datacache\ed86b571fe39389b8630ee9a41701853c97ad6c0
c:\docume~1\Owner\APPLIC~1\.BitTornado\icons\alloc.gif
c:\docume~1\Owner\APPLIC~1\.BitTornado\icons\black.ico
c:\docume~1\Owner\APPLIC~1\.BitTornado\icons\black1.ico
c:\docume~1\Owner\APPLIC~1\.BitTornado\icons\blue.ico
c:\docume~1\Owner\APPLIC~1\.BitTornado\icons\green.ico
c:\docume~1\Owner\APPLIC~1\.BitTornado\icons\green1.ico
c:\docume~1\Owner\APPLIC~1\.BitTornado\icons\icon_bt.ico
c:\docume~1\Owner\APPLIC~1\.BitTornado\icons\icon_done.ico
c:\docume~1\Owner\APPLIC~1\.BitTornado\icons\red.ico
c:\docume~1\Owner\APPLIC~1\.BitTornado\icons\white.ico
c:\docume~1\Owner\APPLIC~1\.BitTornado\icons\yellow.ico
c:\docume~1\Owner\APPLIC~1\.BitTornado\icons\yellow1.ico
c:\docume~1\Owner\APPLIC~1\Azureus
c:\docume~1\Owner\APPLIC~1\Azureus\.certs
c:\docume~1\Owner\APPLIC~1\Azureus\.keystore
c:\docume~1\Owner\APPLIC~1\Azureus\.lock
c:\docume~1\Owner\APPLIC~1\Azureus\active\5A587D7D14AB0F629B0E30E954D3BFE11AC33819.dat
c:\docume~1\Owner\APPLIC~1\Azureus\active\5A587D7D14AB0F629B0E30E954D3BFE11AC33819.dat.bak
c:\docume~1\Owner\APPLIC~1\Azureus\active\C16365845655647BA35D36BC7D0B7EA0C3EB3150.dat
c:\docume~1\Owner\APPLIC~1\Azureus\active\C16365845655647BA35D36BC7D0B7EA0C3EB3150.dat.bak
c:\docume~1\Owner\APPLIC~1\Azureus\azureus.config
c:\docume~1\Owner\APPLIC~1\Azureus\azureus.config.bak
c:\docume~1\Owner\APPLIC~1\Azureus\azureus.statistics
c:\docume~1\Owner\APPLIC~1\Azureus\azureus.statistics.bak
c:\docume~1\Owner\APPLIC~1\Azureus\dht\addresses.dat
c:\docume~1\Owner\APPLIC~1\Azureus\dht\contacts.dat
c:\docume~1\Owner\APPLIC~1\Azureus\dht\diverse.dat
c:\docume~1\Owner\APPLIC~1\Azureus\dht\version.dat
c:\docume~1\Owner\APPLIC~1\Azureus\downloads.config
c:\docume~1\Owner\APPLIC~1\Azureus\downloads.config.bak
c:\docume~1\Owner\APPLIC~1\Azureus\logs\alerts_1.log
c:\docume~1\Owner\APPLIC~1\Azureus\logs\thread_1.log
c:\docume~1\Owner\APPLIC~1\Azureus\torrents\AZU27797.tmp
c:\docume~1\Owner\APPLIC~1\Azureus\torrents\hung_up_grammys_widescressn.VOB-1.torrent
c:\docume~1\Owner\APPLIC~1\Azureus\tracker.config
c:\docume~1\Owner\APPLIC~1\Azureus\tracker.config.bak
c:\docume~1\Owner\APPLIC~1\Azureus\update.log
c:\docume~1\Owner\APPLIC~1\Azureus\update.properties
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\Dreamweaver MX Bible.pdf
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\dw_api.pdf
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\dw_getting_started.pdf
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\dw_shortcuts_win.swf
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\extending_dw.pdf
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\timelines.pdf
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Books\using_dw.pdf
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Crack\emu.dll
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Crack\MMxpt.dll
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\dwmx2004_trial_en_win.exe
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Dreamweaver.MX.2004\Serial.txt
c:\docume~1\Owner\My Documents\mark's\Dreamweaver.MX.2004\Updates\dwmx2004_701update_en.exe
c:\docume~1\Owner\My Documents\mark's\Ten Thumbs Typing Tutor v4.3.1
c:\docume~1\Owner\My Documents\mark's\Ten Thumbs Typing Tutor v4.3.1\Keygen.exe
c:\docume~1\Owner\My Documents\mark's\Ten Thumbs Typing Tutor v4.3.1\Ten_Thumbs.exe
c:\documents and settings\Owner\Application Data\DNA
c:\documents and settings\Owner\Application Data\DNA\dht.dat
c:\documents and settings\Owner\Application Data\DNA\dht.dat.old
c:\documents and settings\Owner\Application Data\DNA\dna.lng
c:\documents and settings\Owner\Application Data\DNA\resume.dat
c:\documents and settings\Owner\Application Data\DNA\resume.dat.old
c:\documents and settings\Owner\Application Data\DNA\rss.dat
c:\documents and settings\Owner\Application Data\DNA\rss.dat.old
c:\documents and settings\Owner\Application Data\DNA\settings.dat
c:\documents and settings\Owner\Application Data\DNA\settings.dat.old
c:\documents and settings\Owner\Application Data\Move Networks
c:\documents and settings\Owner\Application Data\Move Networks\BlackBox
c:\documents and settings\Owner\Application Data\Move Networks\MNStatsID.txt
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000020020EA7A01CE5.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000030020E89801C49.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000040020E9B201C63.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000050020EB4101918.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000060020E8DC01BB8.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000070020E99A01854.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000080020E91F0146E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000090020E91E01BCC.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000000A0052509003C7C.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000000B00315E2902169.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000000C00524E1103BA3.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000000D003157BB01D7A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000000D00524D90037C7.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000000E0041D94802D42.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000000E00524ED8035BB.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000000F00524DCD03672.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000001000524CD804041.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000110052504E0373B.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000120052505C0322D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000001300524C76036E0.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000140052637B02568.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000001500524DCB0425E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000001600528FFA04C37.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000017005250F10425F.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000018005252B6046F1.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000001900524BB9014B8.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000001A00524BF704C5B.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000001B0052565A0543C.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000001C005253B50367A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000001D0052516603619.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000001E00524F2F0303A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000001F00525B8303606.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000020005255AA02EC4.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000021005252280369F.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000022005282E703D0B.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000230052522703C16.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000024005254F9039BB.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000250052506C034B4.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000026005254970387A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000002700525E5603751.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000028005262E902104.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000290052512C043CB.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000002A0052624A03C72.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000002B0052504C0380F.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000002C005250E4032A1.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000002D00525BE4036FF.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000002E00524A8602E5B.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000002F00524F8B0244E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000030005252BE030EF.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000031005259B703392.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000003200524F4C03685.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000330052538F03C16.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000340052522E02F68.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000350052586603BBD.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000036005268FA03F60.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000003700525E3103FA2.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000003800526F950362B.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000039005253DA03816.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000003A00525F9602B41.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000003B00524CAC03A74.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000003C005252F504C90.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000003D0052500202F21.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000003E00524F5E04952.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000003F0052447B03615.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000040005248ED0408F.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000004100524CF904A5E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000420052554303B1B.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000043005252CD00F42.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000004400523B1300D96.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000045005200F701344.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000460052571700F8E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000470052167C0225E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000004800524F1A0385D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000049005246650377E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000004A00524FDC0369E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000004B0052502D03807.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000004C0052523F0376C.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000004D00526DA402994.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000004E0052490A01737.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000004F00528AA80094C.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000500052499702DC6.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000510052BC2602403.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000520052520800DEF.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000053005252E802E29.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000005400525620010F1.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000055005250E400F28.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000560052547003549.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000570052519901792.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000058005253FF028E5.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000059005252B1025DD.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000006C00204B6D00358.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000006D0020E8DA02A45.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000006E0020ED00029AD.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000006F0020E9EA021E0.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000700020E8E000DF7.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000070005254F202A5B.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000710020EB13018D9.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000710052628C02DF4.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000720020EA7101821.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000072005260C20339F.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000007300525B5402B6B.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000007400109D7500DF0.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000007500109DC501448.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000770052617903D48.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000078005254500326A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000C70020E68C01693.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000C90020E9AD00B7F.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000CA0020E56400E93.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000CB0020EA880188D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000000CC0020FD49025CD.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000034500204BB90036E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000003460020D0840036E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000003470020EA7902350.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000003480020FC0300D03.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000349003166B901F60.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000034A003176C501A6D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000034B005259FD0146B.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000034C0041DB9700C81.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000034D00524E64035DA.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000034E00524EA203F55.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000034F005245ED0302A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000035000524C0104B97.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000035100523BCA04A49.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000003520052525202E5A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000003530052389F02F40.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000354005244E604B33.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000035500524EDE04B30.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000003560052437804A8A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000357005254AF02F84.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000358005255EE02B39.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000359005250C002822.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000035A0052567E0318E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000035B0052466F032B5.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000035C005252D002F60.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000035D005257CD02F32.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000035E00524F7002DAC.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000035F005252FD02C87.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000003600052569702CFB.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000361005243E702CAE.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004430020E9B001AEA.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004440020EA8701AB2.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004450020EAF400FA1.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004460020E6EF008A3.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004460052520601076.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000044700315D6C0129D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004480020EB3800F2C.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004480041DF66015C6.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004490020EA7D01063.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000044900525279019C3.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000044A0020E40B00AF0.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000044A005258B00110B.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000044B0020BC5500881.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000044B0052318400F27.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000044D0020EA2D0105D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000044E0020E16400B00.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004520020E6EA01CF1.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004530020E81D011AC.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004540020E15501320.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004550020E915011C8.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004560020E7CE00D6D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004560052476F0145E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004570020E8AC0107F.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004570052553B019BD.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000045800524F8000FB2.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000045900524C9705798.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000045A005236480117E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000045B0051F41F00DB2.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000045C0052472C01001.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000045D00524EA8010D7.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000045E00522BF901CB9.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000045F0052089E0149D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000460005250CD01788.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000046100521987013B8.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004620052506A01986.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000046300524D9F01018.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000046400524E9C01233.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000046500524CA301964.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000046600524DE002542.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004670052482101375.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000046800524EBE00F0D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000046900524E4A010AD.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000046A00524A4600FBD.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000046B00505DE6004E0.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000047000204B6000363.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004710020EB71002C8.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004720020E99301F11.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000047200525241033D2.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004730020DDA800D04.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000047300525350016E7.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000047400315E2B0160D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004740052525E01C06.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004750041DFB801413.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004750052539D01875.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000047600525379022A5.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000047700524FA7014A7.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000478005251ED0236E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004790052519501DC0.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000047A005252070108D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000047B005252C2015BF.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000047C0052559A01892.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000047D005250F60291C.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000047E0052486502E48.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000047F0052508702434.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004800052540F02A61.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048100524AD3018A7.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048200524852033DE.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048300524B7101A4A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004840052505D017DC.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004850052512E0133E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004860052543101301.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000487005254BE012E5.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000488005250210195E.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048900521EAC01922.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048A00524F6701C51.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048B0052545E016D2.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048C0020E7D400F0A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048C00523D4101347.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048D0020EA8801003.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048D0052551801410.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048E0020C40C01451.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048E00522825019E4.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048F0020E9A80121D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000048F0052541001793.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004900041DE11010E5.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004900052512501614.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000491005255A502145.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004920010977E00AF6.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000493001098DA0101A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004930052548301E1D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004940010970000CEC.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004950010981100B3D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000049500524D1001875.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000049600109D4701834.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000497001097B9019B4.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004980010983100E64.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004990010930500F09.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000049B001095A200AD2.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004E40020F19A0149F.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004E50020EAA501CEF.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004E60020EA2401D3B.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004E70020ED6D01344.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004E800315E7D00B81.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004E90041CE58012E4.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004EA00521F34012C7.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004EB0051D6860062A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004EC00524DCA0064A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004ED005252AE015CF.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004EE005252DC0197C.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004EF0020E9710132F.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004EF0052510B02507.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F00020E9B80190F.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F0005250A702F42.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F10020EA1801D28.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F1005250E60309A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F20020ED49022B5.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F20052522703301.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F3001099EB01971.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F3005249A10341D.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F400415FF902C89.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F400518EC1032BC.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F50050F8E3019F7.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F600517A2F0180A.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F70050B6FE01376.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F80050FBCF01367.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004F9005091D3004CC.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004FA00508A6F004C7.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004FB005099FC003F6.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004FC0050BA8301D29.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004FD0050B06A00463.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004FE00509AE5015F5.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000004FF005092B7004D0.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000050000510C8201214.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF00000501005113DA028E9.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF0000050200510F0C01128.qss
c:\documents and settings\Owner\Application Data\Move Networks\QMCache00\EB7D4FBB11A24075A2F26CC0D66B9DFF000005030052396603CC9.qss
c:\documents and settings\Owner\Application Data\WTablet
c:\documents and settings\Owner\Application Data\WTablet\Wacom_Tablet.dat
c:\documents and settings\Owner\Prince-3121 (Retail).[WwW.LiMiTeDiVx.CoM].By KELOLO.zip
c:\program files\Azureus
c:\program files\Azureus\az_output.log
c:\program files\Azureus\plugins\azplugins\azplugins_1.8.6.jar
c:\program files\Azureus\plugins\azupdater\azupdater_1.8.3.zip
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.2.jar
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.3.jar
c:\program files\Azureus\plugins\azupdater\Azureus2_2.3.0.6_P2.pax
c:\program files\Azureus\plugins\azupdater\plugin.properties
c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.3
c:\program files\Azureus\plugins\azupdater\Updater.jar
c:\program files\Azureus\plugins\azupdater\Updater.jar.bak
c:\program files\Azureus\plugins\rating\rating_1.2.jar
c:\program files\Azureus\Uninstall.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\windows\system32\kemuzoju.dll
c:\windows\system32\noyukibu.dll
c:\windows\system32\peyobire.dll
c:\windows\system32\vekukedu.dll
c:\windows\system32\wopasufe.dll
c:\windows\system32\yonevena.dll
c:\windows\system32\yunuduha.dll
c:\windows\system32\zosinawo.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
.

2009-01-26 18:39 . 2009-01-28 00:06 <DIR> d-------- C:\Lop SD
2009-01-05 17:33 . 2009-01-05 17:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 05:03 --------- d-----w c:\program files\Viewpoint
2009-01-17 09:34 --------- d-----w c:\program files\Google
2009-01-16 11:53 127,857 --sha-w c:\windows\system32\yozehuwu.dll
2009-01-15 23:47 127,869 --sha-w c:\windows\system32\pemugobo.dll
2008-12-26 04:18 --------- d-----w c:\program files\Tablet
2008-12-25 17:59 6,944 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-12-25 17:58 --------- d-----w c:\program files\Electronic Arts
2008-12-25 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-25 17:50 85,199 ------w c:\windows\system32\sesozuha.dll
2008-12-25 05:50 84,609 ------w c:\windows\system32\vuhofafa.dll
2008-12-24 17:50 84,202 ------w c:\windows\system32\gagisaso.dll
2008-12-24 05:50 84,725 ------w c:\windows\system32\gawejeya.dll
2008-12-23 17:49 84,565 ------w c:\windows\system32\gulalene.dll
2008-12-23 05:49 83,065 ------w c:\windows\system32\pejemika.dll
2008-12-22 17:49 85,072 ------w c:\windows\system32\verefama.dll
2008-12-22 05:49 85,285 ------w c:\windows\system32\derotufe.dll
2008-12-21 17:49 87,223 ------w c:\windows\system32\mimedefa.dll
2008-12-21 05:48 87,233 ------w c:\windows\system32\zatomefe.dll
2008-12-20 17:48 83,199 ------w c:\windows\system32\neloluni.dll
2008-12-20 05:48 87,258 ------w c:\windows\system32\lamekizi.dll
2008-12-19 17:48 85,267 ------w c:\windows\system32\sukeguwa.dll
2008-12-19 05:47 85,096 ------w c:\windows\system32\mupumutu.dll
2008-12-18 17:47 83,248 ------w c:\windows\system32\bulusira.dll
2008-12-18 05:47 89,753 ------w c:\windows\system32\dapotado.dll
2008-12-17 17:47 88,669 ------w c:\windows\system32\puborala.dll
2008-12-17 05:47 88,674 ------w c:\windows\system32\nutepofe.dll
2008-12-16 16:47 89,851 ------w c:\windows\system32\zetanafo.dll
2008-12-16 04:46 88,218 ------w c:\windows\system32\beyebazu.dll
2008-12-15 15:46 85,565 ------w c:\windows\system32\zetifaro.dll
2008-12-15 03:45 85,733 ------w c:\windows\system32\ravosozo.dll
2008-12-14 02:44 85,758 ------w c:\windows\system32\giponutu.dll
2008-12-13 14:44 85,748 ------w c:\windows\system32\tihifipa.dll
2008-12-13 02:44 85,183 ------w c:\windows\system32\bajiwuyu.dll
2008-12-12 14:44 85,640 ------w c:\windows\system32\nakizeju.dll
2008-12-12 02:44 85,794 ------w c:\windows\system32\yivimefe.dll
2008-12-12 00:56 85,694 ------w c:\windows\system32\modisemi.dll
2008-12-11 12:36 85,586 ------w c:\windows\system32\kepidaha.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 00:36 84,602 ------w c:\windows\system32\kileruno.dll
2008-12-10 23:36 85,728 ------w c:\windows\system32\pusodebe.dll
2008-12-10 11:36 87,129 ------w c:\windows\system32\tofakavi.dll
2008-12-10 03:32 --------- d-----w c:\program files\iTunes
2008-12-10 03:32 --------- d-----w c:\program files\iPod
2008-12-10 03:32 --------- d-----w c:\program files\Common Files\Apple
2008-12-10 03:32 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-10 03:31 --------- d-----w c:\program files\QuickTime
2008-12-10 03:22 --------- d-----w c:\program files\Safari
2008-12-09 23:41 94,463 ----a-w c:\windows\system32\huvagobi.dll
2008-12-09 23:41 87,163 ------w c:\windows\system32\sikemaha.dll
2008-12-09 11:41 94,895 ----a-w c:\windows\system32\mesakopi.dll
2008-12-09 11:41 88,712 ------w c:\windows\system32\turovepi.dll
2008-12-08 23:41 93,801 ----a-w c:\windows\system32\pivejehu.dll
2008-12-08 10:35 88,761 ------w c:\windows\system32\jinujone.dll
2008-12-07 22:34 88,686 ------w c:\windows\system32\wigafipe.dll
2008-12-07 10:34 88,192 ------w c:\windows\system32\sutuyeju.dll
2008-12-06 22:34 88,140 ------w c:\windows\system32\tahilato.dll
2008-12-06 10:34 87,642 ------w c:\windows\system32\buwidodu.dll
2008-12-06 01:36 --------- d-----w c:\program files\Sims2Pack Clean Installer
2008-12-05 09:33 88,761 ------w c:\windows\system32\pigatedu.dll
2008-12-04 21:33 85,045 ------w c:\windows\system32\kekifodo.dll
2008-12-03 21:32 85,557 ------w c:\windows\system32\kewupupe.dll
2008-12-03 09:32 86,581 ------w c:\windows\system32\yimilolo.dll
2008-12-02 21:32 86,581 ------w c:\windows\system32\fajuzosi.dll
2008-12-02 09:32 86,581 ------w c:\windows\system32\dusipunu.dll
2008-12-01 20:31 86,580 ------w c:\windows\system32\maremagu.dll
2008-12-01 08:31 88,116 ------w c:\windows\system32\bejeturo.dll
2008-11-30 20:30 88,116 ------w c:\windows\system32\vopapopu.dll
2008-11-30 08:30 88,116 ------w c:\windows\system32\tujikabu.dll
2008-11-29 20:30 88,116 ------w c:\windows\system32\getareku.dll
2008-11-29 08:30 88,116 ------w c:\windows\system32\zelayira.dll
2008-11-28 20:29 88,116 ------w c:\windows\system32\lojuvake.dll
2008-11-27 20:29 86,580 ------w c:\windows\system32\vemuyuwi.dll
2008-11-27 08:29 86,580 ------w c:\windows\system32\vitifise.dll
2008-11-26 20:29 86,580 ------w c:\windows\system32\zivedomo.dll
2008-11-26 08:29 87,092 ------w c:\windows\system32\pohepalo.dll
2008-11-25 20:29 87,092 ------w c:\windows\system32\fabapufu.dll
2008-11-21 06:11 86,068 ------w c:\windows\system32\sinahuti.dll
2008-11-20 18:06 86,068 ------w c:\windows\system32\pimewate.dll
2008-11-19 16:16 86,068 ------w c:\windows\system32\buhovawu.dll
2008-11-19 04:16 86,068 ------w c:\windows\system32\yadimulo.dll
2008-11-13 16:26 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-06 20:33 68,096 ----a-w c:\windows\system32\ifktmvko.dll
2008-11-03 16:36 67,584 ----a-w c:\windows\system32\kxneexhr.dll
2008-11-03 16:36 123,904 ----a-w c:\windows\system32\spbampuv.dll
2008-11-03 16:36 123,904 ----a-w c:\windows\system32\gjpcki.dll
2008-11-02 20:18 67,584 ----a-w c:\windows\system32\wfxviwgd.dll
2008-11-02 20:15 123,904 ----a-w c:\windows\system32\vnsyrm.dll
2008-11-02 20:15 123,904 ----a-w c:\windows\system32\pnluaiva.dll
2008-11-01 20:17 67,584 ------w c:\windows\system32\wgouctdi.dll
2008-11-01 20:14 123,904 ----a-w c:\windows\system32\ujdeciqp.dll
2008-11-01 20:14 123,904 ----a-w c:\windows\system32\emjiez.dll
2008-10-31 20:19 123,904 ----a-w c:\windows\system32\tbvtnr.dll
2008-10-31 20:19 123,904 ----a-w c:\windows\system32\bivtmpcs.dll
2008-10-31 20:16 67,584 ----a-w c:\windows\system32\jggeyyno.dll
2008-10-30 20:13 123,904 ----a-w c:\windows\system32\jrlifkok.dll
2008-10-30 20:13 123,904 ----a-w c:\windows\system32\deeebi.dll
2008-10-30 02:45 123,904 ----a-w c:\windows\system32\wgxwoqlc.dll
2008-10-30 02:45 123,904 ----a-w c:\windows\system32\eqgwes.dll
2008-10-30 02:42 67,584 ----a-w c:\windows\system32\mqpaxmki.dll
2007-12-05 23:04 284 -c--a-w c:\documents and settings\Owner\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-26_19.22.00.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-22 09:47:25 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP2QFE\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3GDR\tzchange.exe
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:51:04 284,160 ----a-w c:\windows\$hf_mig$\KB956802\SP2QFE\gdi32.dll
+ 2008-10-23 12:36:14 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3GDR\gdi32.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
- 2006-05-05 09:41:45 453,120 -c--a-w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2009-01-27 08:02:16 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-07-19 02:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-02-20 06:51:05 282,624 -c----w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:01:36 283,648 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 01:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 06:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2007-06-26 06:08:16 1,104,896 -c----w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll
- 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-28 10:04:17 333,056 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c----w c:\windows\system32\dllcache\srv.sys
- 2006-08-21 13:52:08 246,814 -c----w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:15:47 247,326 -c----w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 02:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 02:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-07-19 02:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 02:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 02:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 02:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 02:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 01:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2009-01-09 22:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 19:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2006-08-21 13:52:08 246,814 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-19 02:47:20 937,984 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 02:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
- 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
- 2009-01-27 00:16:39 16,384 -csha-w c:\windows\Temp\Cookies\index.dat
+ 2009-01-27 08:12:06 16,384 -csha-w c:\windows\Temp\Cookies\index.dat
- 2009-01-27 00:16:39 16,384 -csha-w c:\windows\Temp\History\History.IE5\index.dat
+ 2009-01-27 08:12:06 16,384 -csha-w c:\windows\Temp\History\History.IE5\index.dat
+ 2009-01-27 08:12:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_54c.dat
+ 2009-01-27 08:12:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8a0.dat
+ 2009-01-27 08:12:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_924.dat
- 2009-01-27 00:16:39 32,768 -csha-w c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-27 08:12:06 32,768 -csha-w c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-06-20 1207080]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-04 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ShowWnd"="ShowWnd.exe" [2003-09-19 c:\windows\ShowWnd.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-01-05 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-01-31 c:\windows\ALCWZRD.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\progra~1\mcafee\mcafee antispyware\mssshell.dll" [2005-07-17 155769]
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 04:25 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-22 12:34 2772992 c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-01-04 12:24 133104 c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a--c--- 2004-06-23 21:22 729088 c:\program files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2001-08-16 23:41 28738 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-01-07 15:02 495616 c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 01:42 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a--c--- 2005-03-09 10:49 966656 c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-13 11:26 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 17:54 37376 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a--c--- 2001-10-05 19:34 24576 c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2004-05-17 20:30 543232 c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Netscape\\Netscape\\Netscp.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MidTen Media\\Comic Collector Live\\CCL.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AUPDATE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-25 1373480]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-10 24652]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2009-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3980681228-1451906632-1211546294-1006.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-04 12:24]

2009-01-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-axis love poll lite - c:\documents and settings\All Users\Application Data\each new axis love\fast drive.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5kfmn57h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5kfmn57h.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 00:19:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000002

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\SecuROM\License information*]
"datasecu"=hex:a0,f1,d4,c2,bb,78,7e,60,50,6a,5d,6f,84,78,9d,a7,78,71,0e,34,b4,
fd,75,8b,6c,89,b4,2e,31,a1,03,d1,d1,c9,d3,10,2c,f1,d9,0c,1e,22,58,db,92,82,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-28 0:22:35
ComboFix-quarantined-files.txt 2009-01-28 05:21:18
ComboFix2.txt 2009-01-27 00:24:38
ComboFix3.txt 2007-10-09 15:29:25

Pre-Run: 32,048,177,152 bytes free
Post-Run: 32,026,542,080 bytes free

3776 --- E O F --- 2009-01-27 08:04:09

Logfile of HijackThis v1.99.1
Scan saved at 12:27:07 AM, on 1/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.aim.com/ygp/aol/plugi ... .5.1.8.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/tel ... tTeleX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Jason2781
Regular Member
 
Posts: 18
Joined: June 30th, 2007, 9:50 pm

Re: Problem with pop ups; please help!

Unread postby Axephilic » January 28th, 2009, 8:33 pm

Hi there,

Please Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

In your next reply, please include:
  1. MBAM log
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Problem with pop ups; please help!

Unread postby Jason2781 » January 29th, 2009, 12:56 am

Malwarebytes' Anti-Malware 1.33
Database version: 1704
Windows 5.1.2600 Service Pack 2

1/28/2009 11:39:47 PM
mbam-log-2009-01-28 (23-39-39).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 222912
Time elapsed: 1 hour(s), 43 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 553

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\izzogaqb.exe (Trojan.Inject) -> No action taken.
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\ypvvckvs.exe (Trojan.Downloader) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\a.exe.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\jozotone.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\jukaweha.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\juliyeyo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\jureriki.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\bafilapa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\bakebizu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\banudava.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\bapiropa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\basojefo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\bawisayo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\bewafiya.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\bitliw.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\biwamipe.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\bulikagu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\degoyezu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\desowoya.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\dihepani.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\dijekaha.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\dijepahu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\diwevari.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\dizabisa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\dusaheru.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\ekldxd.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fafereza.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fapufipe.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\favudeze.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fazamage.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fehobuti.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fekidafa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\feyowupa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fikokaka.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fivikeka.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fiwumozo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fodadowa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fohipisu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\fozososa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\gajikete.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\gakahulu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\gelapele.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\gepipali.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\gesekaku.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\gidefava.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\gopevizu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\gopujozo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\guvuyudu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\halamiyi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\hanekuma.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\hapikaro.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\hejivole.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\hemiyubu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\hewevahu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\hinosavu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\hisoyaji.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\hiswwb.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\hitigaro.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\huforupa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\huhotise.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\jalojoge.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\jamekezi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\jegeputu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\jehajire.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\jejuvusu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\jibafepo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\jivulifu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\qhvhqy.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\juyibize.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\juyuruva.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kefaketo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kelaworu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\keyewahe.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kimufewa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kipehonu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kivigoru.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kokevisa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kovibele.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kppyub.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kubuwiwu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kujevuma.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kulejide.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kumujipa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kunazene.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\kvznzt.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\lapinuzi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\layojonu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\lefefawe.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\livemile.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\lojonuda.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\lolanayo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\lonupovi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\losubadu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\lumuheze.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mazakede.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\midinuro.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mipifiza.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\modobuge.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\momejigo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\moyawiso.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mujehoye.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\munewaya.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\mutosiwi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\muwedoru.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\muyayizu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\muzevudo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\nabehiti.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\nigipoge.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\nisamuza.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\noyutumi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\nugesotu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\otcuhc.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\pafijime.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\payulayo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\pedetofo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\pelogaja.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\peyumane.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\pifutowa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\pofutuva.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\powalogi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\rahadomu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\rakuruhi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\repevumo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\rerikaje.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\rezerima.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\ridomisi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\ripisube.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\riwufiti.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\ronekowo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\rudefosa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\ruduleya.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\rufalube.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\rumikegu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\salajife.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\sanazugi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\sigiwiyu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\sodewife.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\suligazu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\supurehe.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\tasafamu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\tavegebi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\tebanara.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\tesavohi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\tijadija.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\titabate.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\tiyawobi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\totazuvu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\tugaroni.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuludave.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\vapunatu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\vatapobi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\vehujega.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\vemiwobe.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\venoduyo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\vepazasu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\veyatebe.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\vmfrvl.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\voyebabe.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\vulotusa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\vumazigo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\vuriyanu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\wahiyoku.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\winusogu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\witerisa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\wiyakemo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\wolutuhe.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\wotupogo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\wovatune.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\wubeteyi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\wuninemo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yahiyito.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yavetuja.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yavuloke.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yehiwofa.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yirujeru.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yisusasi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yofuseju.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yonevena.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yotogewo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\xicxos.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yipumuye.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zakawuli.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\yunorone.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zagawube.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zijupefo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zinavuda.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zofupeno.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zopotipi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zoselura.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zotahase.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zuhefene.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zujerivi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zulojojo.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zumunegi.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zurafogu.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zusudupe.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\zuyojaho.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\WNSXS~1\csrss.exe.vir (Adware.PurityScan) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1350\A0220923.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1357\A0222052.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224756.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224740.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224747.exe (Trojan.LowZones) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224748.exe (Trojan.LowZones) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224749.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224750.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224751.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224752.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224753.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224754.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224755.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224757.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224758.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224759.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224760.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224761.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224762.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224763.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1366\A0224764.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1390\A0232850.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1329\A0215639.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1331\A0215688.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1335\A0216639.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1335\A0216640.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1335\A0216641.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1335\A0216642.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1335\A0216643.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1335\A0216644.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1336\A0216664.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1336\A0216665.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1341\A0217779.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217874.scr (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217907.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217875.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217883.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217884.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217885.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217887.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217888.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217889.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217891.SCR (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217893.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217894.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217896.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217899.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217900.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217901.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217908.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217911.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217913.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0217915.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0218779.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0218780.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1343\A0218785.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1344\A0218813.exe (Trojan.Swizzor) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1346\A0218841.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1406\A0237263.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238298.exe (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238346.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238349.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238350.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238352.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238354.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238356.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238360.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238362.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238367.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238377.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238378.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238380.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238381.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238382.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238383.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238384.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238351.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238405.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238441.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238459.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238477.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238531.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238549.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238567.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238390.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238425.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238426.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238428.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238429.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238430.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238432.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238433.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238436.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238438.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238439.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238440.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238443.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238450.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238452.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238460.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238461.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238463.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238467.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238469.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238475.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238478.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238479.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238480.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238481.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238485.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238486.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238489.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238490.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238491.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238497.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238498.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238525.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238526.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238530.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238532.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238535.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238540.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238544.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238547.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238548.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238550.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238551.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238557.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238558.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238560.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238568.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238569.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238572.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238573.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238575.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238576.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238577.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238578.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238579.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238580.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238581.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238584.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238586.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238587.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238592.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238594.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238595.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238596.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238599.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238604.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238611.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238613.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238616.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238619.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238622.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238623.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238624.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238625.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238626.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238627.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238628.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238629.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238630.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238637.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238643.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238644.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238686.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238690.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238692.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238696.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238697.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238701.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238703.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238715.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238717.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238722.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238724.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238728.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238730.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238732.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238734.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238736.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238741.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238742.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238743.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238744.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238748.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238750.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238759.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238763.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238768.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238769.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238775.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238776.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238778.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238780.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238785.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238786.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238789.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238790.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238791.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238827.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238828.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238832.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238834.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238835.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238836.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238841.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238845.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238847.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238848.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238850.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238853.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238858.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238859.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238860.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238862.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238863.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238864.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238865.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238867.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238870.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238875.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238876.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238877.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238886.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238887.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238888.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238893.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238898.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238902.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238904.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238907.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238639.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238675.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238693.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238711.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238783.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238837.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238873.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238891.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238927.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238910.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238912.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238914.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238915.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238916.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238917.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238918.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238919.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238921.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238922.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1409\A0238924.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1412\A0239179.exe (Trojan.Inject) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1412\A0239196.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1413\A0239274.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1323\A0212639.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\eqgwes.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bivtmpcs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\buhovawu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bulusira.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\buwidodu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\deeebi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\derotufe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dusipunu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fabapufu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gagisaso.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gawejeya.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gulalene.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ifktmvko.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jggeyyno.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fajuzosi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kekifodo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kepidaha.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kewupupe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lamekizi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lojuvake.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mimedefa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pigatedu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pimewate.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mqpaxmki.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kileruno.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nutepofe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pejemika.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\puborala.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pusodebe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ravosozo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sesozuha.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sikemaha.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sinahuti.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\spbampuv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sukeguwa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sutuyeju.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tahilato.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tbvtnr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tihifipa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tujikabu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\turovepi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vitifise.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vnsyrm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vopapopu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wfxviwgd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wgouctdi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wgxwoqlc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wigafipe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\dapotado.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\neloluni.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yadimulo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pnluaiva.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pohepalo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vemuyuwi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\verefama.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ujdeciqp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vuhofafa.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zatomefe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zelayira.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zetanafo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zetifaro.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\zivedomo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\modisemi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kxneexhr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\getareku.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\giponutu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gjpcki.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mupumutu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nakizeju.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\emjiez.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\maremagu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bajiwuyu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bejeturo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\beyebazu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yivimefe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jinujone.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jrlifkok.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tofakavi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yimilolo.dll (Trojan.Vundo) -> No action taken.
C:\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\Program Files\poolsv\YazzleBundle-1549.exe (Adware.PurityScan) -> No action taken.
C:\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\QooBox\Quarantine\C\WINDOWS\system32\ICROSO~1.NET\cmd.exe.vir (Adware.PurityScan) -> No action taken.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\MM256.DAT (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\MM256.DAT (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\bumo.reg (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\jababug.inf (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\uwux.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\jiceji._sy (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\esycire._dl (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\NetworkService\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\LocalService\Cookies\syssp.exe (Fake.Dropped.Malware) -> No action taken.


Logfile of HijackThis v1.99.1
Scan saved at 11:56:00 PM, on 1/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.aim.com/ygp/aol/plugi ... .5.1.8.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/tel ... tTeleX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Jason2781
Regular Member
 
Posts: 18
Joined: June 30th, 2007, 9:50 pm

Re: Problem with pop ups; please help!

Unread postby Axephilic » January 29th, 2009, 5:29 pm

Please re-run the scan and make sure you follow this part of the directions:
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.


Then post the new MBAM log.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Problem with pop ups; please help!

Unread postby Jason2781 » January 29th, 2009, 10:43 pm

Sorry, I deleted all the infected files from the scan I did last night and re-ran it. Here's the log

Malwarebytes' Anti-Malware 1.33
Database version: 1707
Windows 5.1.2600 Service Pack 2

1/29/2009 9:44:23 PM
mbam-log-2009-01-29 (21-44-23).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 222460
Time elapsed: 1 hour(s), 37 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP1413\A0239404.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
Jason2781
Regular Member
 
Posts: 18
Joined: June 30th, 2007, 9:50 pm

Re: Problem with pop ups; please help!

Unread postby Axephilic » January 30th, 2009, 12:33 pm

Hi there,

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Run ComboFix and follow the prompts, allowing it to scan and produce a log.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

In your next reply, please include:
  1. Combofix log
  2. Kaspersky report
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Problem with pop ups; please help!

Unread postby Jason2781 » February 1st, 2009, 4:41 pm

Here you go,

ComboFix 09-01-21.04 - Owner 2009-01-31 11:48:18.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.945 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.

2009-01-29 18:14 . 2009-01-30 19:31 <DIR> d-------- c:\program files\DNA
2009-01-29 18:14 . 2009-01-29 18:14 <DIR> d-------- c:\program files\BitTorrent
2009-01-29 18:14 . 2009-01-31 11:43 <DIR> d-------- c:\documents and settings\Owner\Application Data\DNA
2009-01-29 18:14 . 2009-01-29 21:18 <DIR> d-------- c:\documents and settings\Owner\Application Data\BitTorrent
2009-01-28 23:51 . 2009-01-28 23:51 <DIR> d-------- c:\documents and settings\Owner\Application Data\WTablet
2009-01-28 21:36 . 2009-01-28 21:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-28 21:36 . 2009-01-28 21:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-01-28 21:36 . 2009-01-28 21:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-28 21:36 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-28 21:36 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-26 18:39 . 2009-01-28 00:06 <DIR> d-------- C:\Lop SD
2009-01-05 17:33 . 2009-01-05 17:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr
2008-12-25 23:18 . 2007-09-07 13:31 3,499,304 --------- c:\windows\system32\WacomTablet.cpl
2008-12-25 23:18 . 2007-09-05 16:30 1,910,035 --------- c:\windows\system32\WacomTablet.znc
2008-12-25 23:18 . 2004-08-04 00:56 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-25 23:18 . 2004-08-04 00:56 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-25 23:18 . 2004-08-03 22:58 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-12-25 23:18 . 2004-08-03 22:58 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-12-25 23:18 . 2007-02-15 19:11 11,440 --a------ c:\windows\system32\drivers\WacomVKHid.sys
2008-12-25 23:17 . 2008-12-25 23:17 <DIR> d-------- c:\windows\system32\WTablet
2008-12-25 23:17 . 2008-12-25 23:18 <DIR> d-------- c:\program files\Tablet
2008-12-25 23:17 . 2007-09-07 13:40 1,373,480 --------- c:\windows\system32\Wacom_Tablet.exe
2008-12-25 23:17 . 2007-09-07 13:20 181,544 --------- c:\windows\system32\Wintab32.dll
2008-12-25 23:17 . 2007-09-07 13:33 128,296 --------- c:\windows\system32\Wacom_Tablet.dll
2008-12-25 23:17 . 2007-02-16 13:30 12,848 --a------ c:\windows\system32\drivers\wacomvhid.sys
2008-12-25 23:17 . 2007-02-16 14:12 11,312 --a------ c:\windows\system32\drivers\wacommousefilter.sys
2008-12-10 18:37 . 2008-12-10 18:37 0 --a------ c:\windows\system32\ivakafot.tmp
2008-12-09 22:32 . 2008-12-09 22:32 <DIR> d-------- c:\program files\iPod
2008-12-09 22:32 . 2008-12-09 22:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 05:03 --------- d-----w c:\program files\Viewpoint
2009-01-17 09:34 --------- d-----w c:\program files\Google
2009-01-16 11:53 127,857 --sha-w c:\windows\system32\yozehuwu.dll
2009-01-15 23:47 127,869 --sha-w c:\windows\system32\pemugobo.dll
2008-12-25 17:59 6,944 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-12-25 17:58 --------- d-----w c:\program files\Electronic Arts
2008-12-25 17:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 03:32 --------- d-----w c:\program files\iTunes
2008-12-10 03:32 --------- d-----w c:\program files\Common Files\Apple
2008-12-10 03:31 --------- d-----w c:\program files\QuickTime
2008-12-10 03:22 --------- d-----w c:\program files\Safari
2008-12-09 23:41 94,463 ----a-w c:\windows\system32\huvagobi.dll
2008-12-09 11:41 94,895 ----a-w c:\windows\system32\mesakopi.dll
2008-12-08 23:41 93,801 ----a-w c:\windows\system32\pivejehu.dll
2008-12-06 01:36 --------- d-----w c:\program files\Sims2Pack Clean Installer
2008-11-13 16:26 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2007-12-05 23:04 284 -c--a-w c:\documents and settings\Owner\Application Data\ViewerApp.dat
2007-11-13 14:12 382 -c--a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2006-06-26 03:13 565,248 -csha-w c:\program files\ehthumbs.db
.

((((((((((((((((((((((((((((( snapshot_2009-01-28_ 0.20.12.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-27 08:12:06 16,384 -csha-w c:\windows\Temp\Cookies\index.dat
+ 2009-01-31 00:31:36 16,384 -csha-w c:\windows\Temp\Cookies\index.dat
- 2009-01-27 08:12:06 16,384 -csha-w c:\windows\Temp\History\History.IE5\index.dat
+ 2009-01-31 00:31:36 16,384 -csha-w c:\windows\Temp\History\History.IE5\index.dat
+ 2009-01-31 00:31:41 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2f4.dat
+ 2009-01-31 00:31:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_828.dat
+ 2009-01-31 00:31:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8ac.dat
- 2009-01-27 08:12:06 32,768 -csha-w c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-31 00:31:36 32,768 -csha-w c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-06-20 1207080]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-04 133104]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-29 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ShowWnd"="ShowWnd.exe" [2003-09-19 c:\windows\ShowWnd.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-01-05 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-01-31 c:\windows\ALCWZRD.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\progra~1\mcafee\mcafee antispyware\mssshell.dll" [2005-07-17 155769]
path=
backup=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 04:25 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-22 12:34 2772992 c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-01-04 12:24 133104 c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a--c--- 2004-06-23 21:22 729088 c:\program files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2001-08-16 23:41 28738 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-01-07 15:02 495616 c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 01:42 212992 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a--c--- 2005-03-09 10:49 966656 c:\windows\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-13 11:26 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 17:54 37376 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a--c--- 2001-10-05 19:34 24576 c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a--c--- 2004-05-17 20:30 543232 c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Netscape\\Netscape\\Netscp.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MidTen Media\\Comic Collector Live\\CCL.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AUPDATE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-12-25 1373480]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-10 24652]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2009-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3980681228-1451906632-1211546294-1006.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-04 12:24]

2009-01-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5kfmn57h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 11:48:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000002

[HKEY_USERS\S-1-5-21-3980681228-1451906632-1211546294-1006\Software\SecuROM\License information*]
"datasecu"=hex:65,59,74,20,40,14,61,0e,7e,ee,57,ec,09,e4,bf,d4,01,90,2c,10,5d,
ff,f0,e9,a9,21,f9,e7,3b,d4,21,fb,70,5d,91,9e,fd,74,b3,83,5c,e1,fa,06,ff,26,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-31 11:51:36
ComboFix-quarantined-files.txt 2009-01-31 16:50:18
ComboFix2.txt 2009-01-28 05:22:37
ComboFix3.txt 2009-01-27 00:24:38
ComboFix4.txt 2007-10-09 15:29:25

Pre-Run: 31,458,918,400 bytes free
Post-Run: 31,434,022,912 bytes free

257 --- E O F --- 2009-01-30 06:56:04


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 1, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 01, 2009 16:02:58
Records in database: 1735157
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 170448
Threat name: 42
Infected objects: 154
Suspicious objects: 0
Duration of the scan: 02:34:21


File name / Threat name / Threats count
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0e0e-1c7b7d37.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\23354cf3-678213a2 Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\25d09bb3-6925c751 Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\57\538bb179-3e574d45 Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\each new axis love\DASH ROAD.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\each new axis love\fast drive.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\BARBSIGNUPLOAD.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\bdwlqloh.exe Infected: Trojan.Win32.Obfuscated.en 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\cfjilnwd.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\dwrfgzpl.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\fjtellvj.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\fmmrsfra.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\fxtoarxa.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\gnybapeh.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\jsgypvwx.exe Infected: Trojan.Win32.Obfuscated.en 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\khyvhnce.exe Infected: Trojan.Win32.Inject.sp 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\nfbkckag.exe Infected: Trojan.Win32.Obfuscated.en 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\ojmyykhk.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\oqaxjwio.exe Infected: Trojan.Win32.Obfuscated.io 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\qhlzkuae.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\qshtifsm.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\rapbulnl.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\rrbeltfg.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\sblrymdt.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\Show tray.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\tetbcdag.exe Infected: Trojan.Win32.Obfuscated.deb 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\tkbkzaqg.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\vdpovnts.exe Infected: Trojan.Win32.Obfuscated.en 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\wadifirz.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\ygzsbyjt.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\ztdwbmgc.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\ztmkacfi.exe Infected: Trojan.Win32.Obfuscated.en 1
C:\Lop SD\Backup-Lop\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\zxvgvrzi.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\QooBox\Quarantine\C\DOCUME~1(3)\Owner\APPLIC~1(3)\SCURIT~1\wоwexec.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gc 1
C:\QooBox\Quarantine\C\DOCUME~1(3)\Owner\MYDOCU~1\YSTEM~1\wucrtupd.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.ev 1
C:\QooBox\Quarantine\C\Program Files\Uninstall Fun Web Products.dll.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ea 1
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\crap.1165322059.old.vir Infected: Trojan-Clicker.Win32.BHO.r 1
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\crap.1165947043.old.vir Infected: Trojan-Clicker.Win32.BHO.r 1
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\crap.1166051515.old.vir Infected: Trojan-Clicker.Win32.BHO.s 1
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\crap.1166073476.old.vir Infected: Trojan-Clicker.Win32.BHO.s 1
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\crap.1166336981.old.vir Infected: Trojan-Clicker.Win32.BHO.s 1
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\crap.1166571235.old.vir Infected: Trojan-Clicker.Win32.BHO.s 1
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\matrix.dll.1165947043.old.vir Infected: Trojan-Clicker.Win32.BHO.r 1
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\matrix.dll.1166051515.old.vir Infected: Trojan-Clicker.Win32.BHO.r 1
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\matrix.dll.1166073475.old.vir Infected: Trojan-Clicker.Win32.BHO.r 1
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\matrix.dll.1166336980.old.vir Infected: Trojan-Clicker.Win32.BHO.r 1
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\matrix.dll.1166571235.old.vir Infected: Trojan-Clicker.Win32.BHO.r 1
C:\QooBox\Quarantine\C\Program Files\WinBudget\bin\matrix.dll.vir Infected: Trojan-Clicker.Win32.BHO.r 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bahurefa.dll.vir Infected: Trojan.Win32.Monder.amxk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bajujami.dll.vir Infected: Backdoor.Win32.Agent.adbl 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bizozuye.dll.vir Infected: Trojan.Win32.Agent.bilk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\byrkuj.dll.vir Infected: Trojan.Win32.Agent.bjxa 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dafajone.dll.vir Infected: Trojan.Win32.Monder.amxk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dupupimo.dll.vir Infected: Trojan.Win32.Monder.amxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\f10WtR\f10WtR1099.exe.vir Infected: Trojan-Downloader.Win32.VB.awj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fasodoya.dll.vir Infected: Trojan.Win32.Monder.aaua 1
C:\QooBox\Quarantine\C\WINDOWS\system32\feyulisu.dll.vir Infected: Trojan.Win32.Monder.aavx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\furimaro.dll.vir Infected: Trojan.Win32.Monder.aavx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\galifuza.dll.vir Infected: Trojan.Win32.Monder.amxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gedobago.dll.vir Infected: Trojan.Win32.Monder.amxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gjjjmdiu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gopohiyu.dll.vir Infected: Trojan.Win32.Agent.bjxa 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gosavaja.dll.vir Infected: Trojan.Win32.Monder.aaua 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hafasego.dll.vir Infected: Packed.Win32.Krap.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hasilibo.dll.tmp.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hevajonu.dll.vir Infected: Packed.Win32.Krap.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hurevubi.dll.vir Infected: Trojan.Win32.Monder.amxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jarugede.dll.vir Infected: Trojan.Win32.Agent.bktc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jihikowi.dll.vir Infected: Trojan.Win32.Agent.bilk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jilijavu.dll.vir Infected: Packed.Win32.Krap.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qxs 1
C:\QooBox\Quarantine\C\WINDOWS\system32\juzuhugo.dll.vir Infected: Trojan.Win32.Agent.bjxa 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kajohewa.dll.vir Infected: Trojan.Win32.Monder.amxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kajojife.dll.vir Infected: Trojan.Win32.Agent.bilk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\keyiyiho.dll.vir Infected: Trojan.Win32.Monder.amxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kibivegi.dll.tmp.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kibozebe.dll.vir Infected: Trojan.Win32.Agent.bilk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kozayuzi.dll.vir Infected: Trojan-Downloader.Win32.BHO.dww 1
C:\QooBox\Quarantine\C\WINDOWS\system32\larirugi.dll.vir Infected: Packed.Win32.Krap.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lilevenu.dll.vir Infected: Packed.Win32.Krap.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lirolohu.dll.vir Infected: Trojan.Win32.Monder.aaua 1
C:\QooBox\Quarantine\C\WINDOWS\system32\losesafa.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\losogoyu.dll.vir Infected: Backdoor.Win32.Agent.adbl 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lusafipi.dll.vir Infected: Trojan.Win32.Monder.acku 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mesirako.dll.vir Infected: Trojan.Win32.Monder.amxk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mljgg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qxs 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mljwss.dll.vir Infected: Trojan.Win32.Agent.bktc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nimuhoke.dll.vir Infected: Trojan.Win32.Monder.absp 1
C:\QooBox\Quarantine\C\WINDOWS\system32\numukari.dll.vir Infected: Packed.Win32.Krap.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\palozora.dll.vir Infected: Trojan.Win32.Agent.bktc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pasavepe.dll.vir Infected: Packed.Win32.Krap.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pudosuji.dll.vir Infected: Trojan.Win32.Monder.aavx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\quogqn.dll.vir Infected: Trojan.Win32.Agent.bktc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\redetodo.dll.vir Infected: Backdoor.Win32.Agent.adbl 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rikevuku.dll.vir Infected: Trojan.Win32.Monder.amxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rodederi.dll.vir Infected: Trojan.Win32.Monder.aela 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rofazito.dll.tmp.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sesefuhu.dll.tmp.vir Infected: Trojan.Win32.Agent.bilk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\setideru.dll.vir Infected: Trojan.Win32.Monder.amxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\shpujk.dll.vir Infected: Trojan.Win32.Agent.bktc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sitizeme.dll.vir Infected: Packed.Win32.Krap.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sotogiko.dll.tmp.vir Infected: Trojan.Win32.Agent.bilk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sulezuto.dll.vir Infected: Trojan.Win32.Monder.amxk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\suvatonu.dll.vir Infected: Trojan.Win32.Monder.aavx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\suvobepo.dll.vir Infected: Trojan.Win32.Monder.amxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tejohare.dll.vir Infected: Packed.Win32.Krap.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\uascyk.dll.vir Infected: Trojan.Win32.Agent.bjxa 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vahakohe.dll.vir Infected: Packed.Win32.Krap.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vomobozi.dll.vir Infected: Trojan.Win32.Monder.aavx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vowayawu.dll.vir Infected: Trojan.Win32.Agent.bktc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vumiwivo.dll.vir Infected: Packed.Win32.Krap.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\walonupu.dll.vir Infected: Trojan.Win32.Monder.amxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\whxwwt.dll.vir Infected: Trojan.Win32.Agent.bktc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wojefere.dll.vir Infected: Trojan.Win32.Monder.aouv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yejoheti.dll.vir Infected: Trojan-Spy.Win32.Agent.gan 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yekotaju.dll.vir Infected: Trojan.Win32.Monder.aouv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yeteyoya.dll.vir Infected: Trojan.Win32.Monder.amxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yijugahi.dll.vir Infected: Trojan.Win32.Monder.aaua 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yodohasi.dll.vir Infected: Trojan.Win32.Monder.aavx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yomumahe.dll.vir Infected: Trojan.Win32.Monder.aela 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yotukuzo.dll.vir Infected: Trojan.Win32.Agent.bilk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yoyamama.dll.vir Infected: Trojan.Win32.Agent.bktc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yukajubi.dll.vir Infected: Trojan.Win32.Monder.afwc 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yunuduha.dll.vir Infected: Trojan-Spy.Win32.Agent.nwh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yutayigi.dll.vir Infected: Trojan.Win32.Monder.amxj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\zikujame.dll.vir Infected: Trojan.Win32.Agent.bilk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\zilebobi.dll.vir Infected: Packed.Win32.Krap.f 1
C:\QooBox\Quarantine\C\WINDOWS\system32\zusekuga.dll.vir Infected: Trojan.Win32.Monder.amxk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.uent 1
C:\VundoFix Backups\awvtq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.qxs 1
C:\VundoFix Backups\pmkhh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.qxs 1
C:\VundoFix Backups\svknhis.dll .bad Infected: not-a-virus:AdWare.Win32.PurityScan.gd 1
C:\WINDOWS\system32\bituvosu.dll.tmp Infected: Trojan.Win32.Monder.afwc 1
C:\WINDOWS\system32\guwozova.dll.tmp Infected: Trojan.Win32.Monder.acku 1
C:\WINDOWS\system32\leperamu.dll.tmp Infected: Trojan.Win32.Monder.afwc 1
C:\WINDOWS\system32\leruwuzu.dll.tmp Infected: Packed.Win32.Krap.f 1
C:\WINDOWS\system32\mizejeti.dll.tmp Infected: Trojan-Downloader.Win32.BHO.dww 1
C:\WINDOWS\system32\motimuha.dll.tmp Infected: Trojan-Downloader.Win32.BHO.dww 1
C:\WINDOWS\system32\pemugobo.dll Infected: Trojan-Spy.Win32.Agent.pni 1
C:\WINDOWS\system32\poyasava.dll.tmp Infected: Packed.Win32.Krap.f 1
C:\WINDOWS\system32\rokogusi.dll.tmp Infected: Trojan.Win32.Monder.acku 1
C:\WINDOWS\system32\wuzopagu.dll.tmp Infected: Trojan-Downloader.Win32.BHO.dww 1
C:\WINDOWS\system32\yoyebinu.dll.tmp Infected: Packed.Win32.Krap.f 1
C:\WINDOWS\system32\yozehuwu.dll Infected: Trojan-Spy.Win32.Agent.pni 1
C:\WINDOWS\system32\zagokagi.dll.tmp Infected: Trojan.Win32.Monder.acku 1
C:\WINDOWS\system32\zuvozaju.dll.tmp Infected: Trojan.Win32.Monder.afwc 1
C:\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\DOCUME~1\Owner\APPLIC~1\dumbsavereadme\Show tray.exe Infected: Trojan.Win32.Obfuscated.en 1
C:\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\Program Files\poolsv\wr-1-0000077.exe Infected: Trojan-Downloader.Win32.Small.eqn 1
C:\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\Program Files\svhost\wr-1-0000077.exe Infected: Trojan-Downloader.Win32.Small.eqn 1
C:\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\QooBox\Quarantine\C\WINDOWS\system32\cfmbgyoj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki 1
C:\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\QooBox\Quarantine\C\WINDOWS\system32\dbexxotb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kj 1
C:\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\QooBox\Quarantine\C\WINDOWS\system32\dvqfsxda.dll.vir Infected: Trojan-Spy.Win32.VBStat.h 1
C:\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\QooBox\Quarantine\C\WINDOWS\system32\jkkjj.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp 1
C:\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\_OTMoveIt\MovedFiles\WINDOWS\system32\config\systemprofile\Application Data\dumbsavereadme\Show tray.exe Infected: Trojan.Win32.Obfuscated.en 1

The selected area was scanned.



Logfile of HijackThis v1.99.1
Scan saved at 3:43:25 PM, on 2/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Hijackthis\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures04.aim.com/ygp/aol/plugi ... .5.1.8.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/tel ... tTeleX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Jason2781
Regular Member
 
Posts: 18
Joined: June 30th, 2007, 9:50 pm

Re: Problem with pop ups; please help!

Unread postby Axephilic » February 1st, 2009, 5:53 pm

Hi there,

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
c:\windows\system32\ivakafot.tmp
c:\windows\system32\yozehuwu.dll
c:\windows\system32\pemugobo.dll
c:\windows\system32\huvagobi.dll
c:\windows\system32\mesakopi.dll
c:\windows\system32\pivejehu.dll
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0e0e-1c7b7d37.zip
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\23354cf3-678213a2
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\25d09bb3-6925c751
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\57\538bb179-3e574d45
C:\WINDOWS\system32\bituvosu.dll.tmp
C:\WINDOWS\system32\guwozova.dll.tmp
C:\WINDOWS\system32\leperamu.dll.tmp
C:\WINDOWS\system32\leruwuzu.dll.tmp
C:\WINDOWS\system32\mizejeti.dll.tmp
C:\WINDOWS\system32\motimuha.dll.tmp
C:\WINDOWS\system32\pemugobo.dll
C:\WINDOWS\system32\poyasava.dll.tmp
C:\WINDOWS\system32\rokogusi.dll.tmp
C:\WINDOWS\system32\wuzopagu.dll.tmp
C:\WINDOWS\system32\yoyebinu.dll.tmp
C:\WINDOWS\system32\yozehuwu.dll
C:\WINDOWS\system32\zagokagi.dll.tmp
C:\WINDOWS\system32\zuvozaju.dll.tmp

Folder::
c:\program files\DNA
c:\program files\BitTorrent
c:\documents and settings\Owner\Application Data\DNA
c:\documents and settings\Owner\Application Data\BitTorrent
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\23354cf3-678213a2
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\51\25d09bb3-6925c751
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\57\538bb179-3e574d45
C:\VundoFix Backups

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Eset Online Scanner

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

In your next reply, please include:
  1. Combofix log
  2. ESET log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Problem with pop ups; please help!

Unread postby Axephilic » February 4th, 2009, 5:16 pm

Hello,

THREE DAY BUMP!

It has been three days since my last post.
  • Do you still need help with this?
  • Do you need more time?
  • Are you having problems following my instructions?

If after 48 hours you have not replied to this thread, then it will have to be closed!

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware