Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with multiple malware including MSAntispyware2009, and Dropper-services/fake Please HELP!


  • This topic is locked This topic is locked
5 replies to this topic

#1 Karen075555

Karen075555

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 22 February 2009 - 08:34 PM

:thumbup2: Before I start, I am only a above average computer user. So I was browsing one day and I clicked on something as an pop up popped up, and so I accidentally clicked on it and was infected with malware. The main one seems to be a virus called MSAntispyware2009 that pretends to be a malware removal software. It also brought a bunch of other little friends with it. My little brother made a list last time he ran MBAM (MalwareBytes AntiMalware):

Adware.Vundo Variant
Adware.Tracking Cookie
Adware. Vundo-MsWorkerFake
Rogue.MsAntispyware2009
Rootkit.Protect
Trojan.Dropper-Services/Fake
Trojan.Dropper-Sys-NY
Trojan.Agent/Gen-Reader_S
Trojan.Agent/Gen-FakeAlert
Trojan.Agent/Gen-Numtemp
Trojan.Agent/Gen-Burn4Free
Trojan.Unknown Origin

No matter what we do they keep coming back, we've tried disabling system restore, but that doesn't stop them from coming back.

Symptoms:
A ton of services.exe, cmd.exe, and svchost appear in the process tap of the task manager
The computer runs slow, probably because of that
It has taken control of my firewall
It completely destroys my winsock, which will kill my internet unless I run a fix

BC AdBot (Login to Remove)

 


#2 Karen075555

Karen075555
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 22 February 2009 - 08:35 PM

Here is the log, thanks for any helpppp :thumbup2: :


DDS (Ver_09-02-01.01) - NTFSx86
Run by Howard at 20:11:28.37 on Sun 02/22/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.39 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
svchost.exe C:\WINDOWS\TEMP\VRT4.tmp
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Howard\reader_s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Howard\LOCALS~1\Temp\tf6f2vtv.exe
C:\DOCUME~1\Howard\LOCALS~1\Temp\sw34at2vwcj0n.exe
C:\DOCUME~1\Howard\LOCALS~1\Temp\cplgnznxh.exe
C:\DOCUME~1\Howard\LOCALS~1\Temp\bfgiwi35.exe
C:\DOCUME~1\Howard\LOCALS~1\Temp\mt41macv91a9.exe
C:\DOCUME~1\Howard\LOCALS~1\Temp\tg6ml4i.exe
C:\DOCUME~1\Howard\LOCALS~1\Temp\on5xvk0a6pxdt.exe
C:\DOCUME~1\Howard\LOCALS~1\Temp\nzq362xov8q2z.exe
C:\DOCUME~1\Howard\LOCALS~1\Temp\vdemwune5.exe
C:\DOCUME~1\Howard\LOCALS~1\Temp\n9sq5h7gv8j.exe
C:\DOCUME~1\Howard\LOCALS~1\Temp\wnm58ku.exe
C:\DOCUME~1\Howard\LOCALS~1\Temp\esv77fmur.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Howard\Desktop\dds.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
mWinlogon:

Userinit=,c:\windows\temp\init.exe,c:\windows\system32\idaw64.exe,c:\windows\system32\vmware-ufad.exe,c:\windows\system32\actcontroller.exe,c:\windows\system

32\hhupd.exe,c:\windows\system32\regwiz.exe,c:\windows\system32\7z.exe,c:\windows\system32\windres.exe,
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~2\MEGAUP~1.DLL
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe"

ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [jsf8uiw3jnjgffght] c:\windows\temp\winlognn.exe
uRun: [reader_s] c:\documents and settings\howard\reader_s.exe
uRun: [lrijh8s73jhbfgfd] c:\windows\temp\winlognn.exe
uRun: [ebj2lreut] c:\windows\temp\xzodga3bw.exe
uRun: [zbctabkk1pk] c:\windows\temp\haug5o.exe
uRun: [xuxp2mgqkcb0lghsj9u9jqy79oh9kklz1kvr39aakrc6r7cw7g] c:\windows\temp\xubaht0d.exe
uRun: [Installer] c:\windows\temp\rdlD.tmp
uRun: [lt45hw7af2fz4i1m970bwdz87nchu2qz] c:\windows\temp\lzvy9k.exe
uRun: [mvay67qyh79rbv0x] c:\docume~1\howard\locals~1\temp\pt4hdvqlpis.exe
uRun: [bwj7hpzbgcdaojl5ldxa4jt1hodfiqum2us5dfgcn] c:\windows\temp\dv40j5sewqpg.exe
uRun: [scm1jqwrvobgcji] c:\docume~1\howard\locals~1\temp\rl33nruqx.exe
uRun: [oq1z07gtva8kz8olzt470y2bd42xr4c07b61j9fq38kps] c:\docume~1\howard\locals~1\temp\htpi8htpv.exe
uRun: [cmofe3vz479j1qd1mr5v57nglzfud37ou2nafqv6] c:\docume~1\howard\locals~1\temp\go34qyx.exe
uRun: [gxonqt74bg4s4je0qu7fnvkp0wfhwnbnodhex6he24kh125vs] c:\docume~1\howard\locals~1\temp\n6tp9arnah4b7.exe
uRun: [ip9m6cp1pda091] c:\docume~1\howard\locals~1\temp\u0n7t5ik4w.exe
uRun: [s18idt4w5izjof5jkq2t45y4logncb6] c:\docume~1\howard\locals~1\temp\bzdsvhcw.exe
uRun: [oy636dimmew3auyeor] c:\docume~1\howard\locals~1\temp\qqptvnakawr.exe
uRun: [h75f7s93kwqo6duwyi23y430270ltu1wggcn] c:\docume~1\howard\locals~1\temp\jd1sls2mu3y5.exe
uRun: [nqy6khgxf0o2ip2d0m47hv90w675e6o60r] c:\docume~1\howard\locals~1\temp\ljnn7j.exe
uRun: [olq0qja2vkfz0io6i5zvf8] c:\docume~1\howard\locals~1\temp\gcc20y304hysj.exe
uRun: [alwx26wt6m530ypwmhi] c:\docume~1\howard\locals~1\temp\b5fzt9jvjwj32.exe
uRun: [s9tyubteiuxfhb] c:\docume~1\howard\locals~1\temp\j5wmgv5.exe
uRun: [p1ypxh2t2nsmik30lypfqfblg61xsykdx] c:\docume~1\howard\locals~1\temp\jpx5nqkf4i9t.exe
uRun: [a8g70b0n9kii6cndwxq] c:\docume~1\howard\locals~1\temp\teq5d4ks.exe
uRun: [qcmlpebzudngx50xsidk4xg] c:\docume~1\howard\locals~1\temp\gw1t8ay4q9.exe
uRun: [ylgrpk8q4] c:\docume~1\howard\locals~1\temp\r5psp4j.exe
uRun: [u0h9hl3pomjg3ji132t3i9rsgn4dospl23jmk510a] c:\docume~1\howard\locals~1\temp\kgdrcp6ldfq2f.exe
uRun: [fsx6txjalhwfid8jr5bdzru46ykzflv613oraxcrfnlsqoo5] c:\docume~1\howard\locals~1\temp\sj9j8p52ife.exe
uRun: [o36q3m5be2lrra53ih9] c:\docume~1\howard\locals~1\temp\se7gi8ledncq.exe
uRun: [izugyyouz1unkkl2iwrm8ykkf] c:\docume~1\howard\locals~1\temp\tove9p1z09mau.exe
uRun: [v9hd226rtvk] c:\docume~1\howard\locals~1\temp\llz5u82.exe
uRun: [ju9h1m37iu7q22rmcq3n] c:\docume~1\howard\locals~1\temp\khqzfx7rj8n2.exe
uRun: [drol671jzk1bhu1r0x4rh] c:\docume~1\howard\locals~1\temp\b4wcly0.exe
uRun: [j3nzap3iasgnhpqetwd] c:\docume~1\howard\locals~1\temp\eomzguy.exe
uRun: [g3rbfd19f2gk4fh4whaigm6hehz2pyvyfe] c:\docume~1\howard\locals~1\temp\bqfwuf.exe
uRun: [i8p6j6af27hyosv0qqz6dbe6xuijsqke7425odl0kzcopoc0un] c:\docume~1\howard\locals~1\temp\h303vr37rn.exe
uRun: [azv3egegazkna8lo908nj7757dhuwxnyznhspa43] c:\docume~1\howard\locals~1\temp\aqcl2de5lxq.exe
uRun: [din4fg5palqmpyqc3lwav56jpuhzq5k] c:\docume~1\howard\locals~1\temp\fyrx7bij.exe
uRun: [cl26x67gh9g2kr8npz5q16nbulfn9a3crn75u4ugka9wob72] c:\docume~1\howard\locals~1\temp\pbovtczj.exe
uRun: [vfiw8rad2wm67qs3g5ghkxjqs8ji5ap39anbw] c:\docume~1\howard\locals~1\temp\uwre11g.exe
uRun: [ei7sps3qjk5] c:\docume~1\howard\locals~1\temp\iu51384e23e.exe
uRun: [is4lodnwzmi2th10irpildem1h] c:\docume~1\howard\locals~1\temp\t10kphiaf.exe
uRun: [zmsd3r6n4fg3e9qc9pj47sr3vx98qak79qq1lazmxahqx6h7] c:\docume~1\howard\locals~1\temp\zvsujs9.exe
uRun: [n2tbakkwlid50qugi16o7sly8trdvskyosoyxu6djruoa79y] c:\docume~1\howard\locals~1\temp\myy69w1aam61n.exe
uRun: [vmm30b9coxd7cgjwggxa2f07xsjh25uxifazh] c:\docume~1\howard\locals~1\temp\xrjteldvw4zz.exe
uRun: [wrx7f88zxwanyneo6lrl] c:\docume~1\howard\locals~1\temp\pn7du94mfybs.exe
uRun: [q86gg5u0maxud1ydkt] c:\docume~1\howard\locals~1\temp\a1ewk1uc.exe
uRun: [ugul4rzzuf48rd067to19g] c:\docume~1\howard\locals~1\temp\o5baxfvt8u.exe
uRun: [y6ezwyzdtmktw0kpevm9] c:\docume~1\howard\locals~1\temp\iy9u5tr7e6mm.exe
uRun: [ki17bx6aclimp4ptfs52jekocrfpvojs7or] c:\docume~1\howard\locals~1\temp\kj0e601p1qkx0.exe
uRun: [unymf6a9a9269zmm2] c:\docume~1\howard\locals~1\temp\uxxnk5f6bb7a.exe
uRun: [wexque7wvuuw74woq9b580dqehukth2qetder8] c:\docume~1\howard\locals~1\temp\zweifnl.exe
uRun: [wx9y2h3non43gp1] c:\docume~1\howard\locals~1\temp\t2dss62z.exe
uRun: [c2r52xqo6ktgvgfef] c:\docume~1\howard\locals~1\temp\ha5ijtq4.exe
uRun: [z3dbsfhunn66rs] c:\docume~1\howard\locals~1\temp\pjh1tm4.exe
uRun: [rs73nxx6ijgowki4ynrsb6tkqf745d5a6j7b] c:\docume~1\howard\locals~1\temp\wi7mcyy39ft7l.exe
uRun: [j9oigv742tihewroo8wq9qq4nljoa4yonvrijvzh30vq3j] c:\docume~1\howard\locals~1\temp\kzep4nc.exe
uRun: [yafdl1z5abo75u0mx8hx049] c:\docume~1\howard\locals~1\temp\ztjdkn4z.exe
uRun: [euo5rmkhk1olydnua5] c:\docume~1\howard\locals~1\temp\zl1qadxsphu.exe
uRun: [kdzho6k7abnko18j2ml] c:\docume~1\howard\locals~1\temp\vx5wlcupv06.exe
uRun: [moaisr1cj433cqt853xxxo6] c:\docume~1\howard\locals~1\temp\r8ae8ghu8.exe
uRun: [nw6e668fdvlgqvzl2qjnkp9jdmv3v49epc1msx1xyglh7] c:\docume~1\howard\locals~1\temp\qilnmuosj6.exe
uRun: [xdqeek8vle70n7e200h8gipfb5] c:\docume~1\howard\locals~1\temp\arnsumilboa0.exe
uRun: [cwber7bcbuj66vmqbmx9379] c:\docume~1\howard\locals~1\temp\o4y2bqbnji2.exe
uRun: [saa3fgvteml2zs541x8p71u29x8] c:\docume~1\howard\locals~1\temp\axmj8hxrndgrc.exe
uRun: [j71np70c8tjhi422tkextkvmq] c:\docume~1\howard\locals~1\temp\t3fif3.exe
uRun: [u2pdiystzh82fwht5pn5edx83tto0] c:\docume~1\howard\locals~1\temp\a253yf25nd3l.exe
uRun: [u1tk6pfonqyww6y6t64t7sicy4zo] c:\docume~1\howard\locals~1\temp\sahnh4h.exe
uRun: [bv5u76kzr9l9r0m0l8q] c:\docume~1\howard\locals~1\temp\k6oox98.exe
uRun: [iphnrn8av3] c:\docume~1\howard\locals~1\temp\c2v8wei.exe
uRun: [phqzxv4rdmhmot1biju6fszb5vay2f77ey02ndtdrc11rpc] c:\docume~1\howard\locals~1\temp\ch9csb4prv.exe
uRun: [jbgkpylup8tfn6wauwc8wyh09] c:\docume~1\howard\locals~1\temp\np340d.exe
uRun: [uybz2erpyyz] c:\docume~1\howard\locals~1\temp\fvcsfgm4danp.exe
uRun: [q4tfwgnan] c:\docume~1\howard\locals~1\temp\t27b1p009y.exe
uRun: [j2hzhv73yvsk9baa95hkcl4lqiyh4p65sihcws] c:\docume~1\howard\locals~1\temp\tt9y0nts.exe
uRun: [smzn3y1k9ogm61z62vzz1ug46f4l] c:\docume~1\howard\locals~1\temp\hwzliat2h.exe
uRun: [x5zb1bid8d81pfc5] c:\docume~1\howard\locals~1\temp\vety8cr.exe
uRun: [ezs42bn7cb50cobjjbc7pfiuica736tz1f67xs2v37cgxm7mrj] c:\docume~1\howard\locals~1\temp\qa0z7h1.exe
uRun: [fn5ighrkn1jewgkcx7h7kov6] c:\docume~1\howard\locals~1\temp\tp72twut.exe
uRun: [u16f9xl7udfl6j8fa0xz2j] c:\docume~1\howard\locals~1\temp\qkv2dxiqk51.exe
uRun: [vki45z7p74g7qxikztdv5bda5wq9f4w1s7k] c:\docume~1\howard\locals~1\temp\yo7iesrz1up.exe
uRun: [mc7dbk89c2820du0yjwtj1fkwc28435w39piycc29dog0ehb] c:\docume~1\howard\locals~1\temp\b3elj7kjnnk2.exe
uRun: [v5wrmail9f1cbv] c:\docume~1\howard\locals~1\temp\u97kqcvl7b80v.exe
uRun: [ne67jzkq7avvzmtpnd6xxexwgiry] c:\docume~1\howard\locals~1\temp\h64pv3ih9zjg.exe
uRun: [t389raixlnuny550fs9ux8anlyx4b9stvojv59euixg81bznjs] c:\docume~1\howard\locals~1\temp\yd07jimgbjryh.exe
uRun: [ed8xy1wc1mme1022jd5v57ly4j9sdpnmws0zdn385e] c:\docume~1\howard\locals~1\temp\zxj8gf685j.exe
uRun: [uxhnvinvvwsfpp4j8u] c:\docume~1\howard\locals~1\temp\h1cohawhmp.exe
uRun: [tt3aupz5yz8hudhq28l2kaw9t] c:\docume~1\howard\locals~1\temp\jggxuny1.exe
uRun: [c7gxhoxazgagqkn6sf5vg5gju8yx7i03] c:\docume~1\howard\locals~1\temp\jlzhk4m.exe
uRun: [d49r99or3tr] c:\docume~1\howard\locals~1\temp\btu13a13gv.exe
uRun: [b8311pbypqst36df597gunqp1t8eoeuj7b7t76n] c:\docume~1\howard\locals~1\temp\u913gct.exe
uRun: [nlph61a8sbj] c:\docume~1\howard\locals~1\temp\d42h5n87uhjgg.exe
uRun: [cilfln3h0um076cart09ptrjzizk88hap8] c:\docume~1\howard\locals~1\temp\v0qil79kmq6to.exe
uRun: [e0qkj9i1kbl64w9r3ege6ykzm2et24cwmo6bl3h38hc6pdvzh] c:\docume~1\howard\locals~1\temp\yallan91f.exe
uRun: [wb9ls3ld5pb2v8pgf4j6w0bxsri7wmnalvwol] c:\docume~1\howard\locals~1\temp\rlg47qphi.exe
uRun: [ejueer5lx] c:\docume~1\howard\locals~1\temp\yf450lef.exe
uRun: [qzztr76s30ka5yfwlrk9bg0] c:\docume~1\howard\locals~1\temp\vas5km2c59g.exe
uRun: [zxcs5qwpvm4tuljdkbxw6y9k4j0nxt] c:\docume~1\howard\locals~1\temp\j8ps5tq.exe
uRun: [khw4kfig5f1td7f40tbngc6sby] c:\docume~1\howard\locals~1\temp\nx1tipme7.exe
uRun: [r3h2w5g77hly1nskut4wj4afbckn4gcp1k7c9k] c:\docume~1\howard\locals~1\temp\xpfexi4w9.exe
uRun: [zew782pfozd1v3ryh883z9rrluci0h0joeopoyas08lc7zv] c:\docume~1\howard\locals~1\temp\fne3g4lbh.exe
uRun: [u64oc0bvi6dv1rlyo3fejtg0laznq9twlphfepph1baouki] c:\docume~1\howard\locals~1\temp\lruunw078.exe
uRun: [j1o09bp1tid0ww4ncnuunfvlvnoir6txytlrqq] c:\docume~1\howard\locals~1\temp\lmiu7xo4fo0c.exe
uRun: [hkod027z5rgu5uyi5si1n4b3oqekzsrtfpxjly] c:\docume~1\howard\locals~1\temp\lr5nbme7v0k.exe
uRun: [ds1mklfhy0] c:\docume~1\howard\locals~1\temp\s0m256nu76css.exe
uRun: [iwcu9f9afabrcjtvfjaj6ul53hjr2opbw8nlaqifat1821ix] c:\docume~1\howard\locals~1\temp\bivv55lo690cs.exe
uRun: [arps9fldulegko8zx72rsie0spswryb83] c:\docume~1\howard\locals~1\temp\yu796z295.exe
uRun: [jcj7wwch6qyk] c:\docume~1\howard\locals~1\temp\r1jffd2qa.exe
uRun: [itqvmnep8ucnwzwtwe55ax8j1jfzu4ubgk] c:\docume~1\howard\locals~1\temp\cf7y55sgkkwq1.exe
uRun: [caw6kzhbybk9haj9wxgkzphys5ofzidy5] c:\docume~1\howard\locals~1\temp\zrvyp6gd.exe
uRun: [ym6714bfd8jw79gpi4uv69lv0iu0jopesx] c:\docume~1\howard\locals~1\temp\rn2z5b74.exe
uRun: [pmcgl6s7cor0jn5sf] c:\docume~1\howard\locals~1\temp\riqzpcv102j.exe
uRun: [jyfbi2qq53y3akb7r0vgdg9t51vvb3vsmimx16txs] c:\docume~1\howard\locals~1\temp\yce0iqkzge.exe
uRun: [z0wa60imh0lstc66pd8li71z7wkduqbnpja2ly9y2ie] c:\docume~1\howard\locals~1\temp\jeejolc6rh1.exe
uRun: [uuxlmu94xf7zz3tudo8zitzeitjvueq9gdq] c:\docume~1\howard\locals~1\temp\k52hfh63kq7a.exe
uRun: [m9k2l0ou9zcpt247c7j3ilgvi0gqe7] c:\docume~1\howard\locals~1\temp\ym9k76.exe
uRun: [d89jvvv7zsrvudv26v1jj7xbbp77x] c:\docume~1\howard\locals~1\temp\rsljesc.exe
uRun: [w38rnrlhk0kur2dtlv1] c:\docume~1\howard\locals~1\temp\imz9y4lp1d4hj.exe
uRun: [h7hg35js0afp0mjhj8qklmsxqcqjuv66pv181tglzhe434] c:\docume~1\howard\locals~1\temp\ndi0koh2t97j6.exe
uRun: [pbecj5z76n] c:\docume~1\howard\locals~1\temp\f4yaylhf.exe
uRun: [w2mb72qc83656uxpb6] c:\docume~1\howard\locals~1\temp\tlknvjr3rr.exe
uRun: [z435k0aag] c:\docume~1\howard\locals~1\temp\ucpl3jbesln.exe
uRun: [h6boihjn8x8kj7h2o2zkjnnjmly4] c:\docume~1\howard\locals~1\temp\tx8nfkf0yl6xa.exe
uRun: [c7i4leajir7uu0f8x3lkxr30e57ob3gmkuhpq7jad] c:\docume~1\howard\locals~1\temp\nr5xl7v4ovpo.exe
uRun: [c1m5zuml55x2gj0ohgu6hqlrn7bsikp7jp9p4f202eabb] c:\docume~1\howard\locals~1\temp\s7vduf9wi5.exe
uRun: [kyr7kvbjrmw9j30xtolcwzq1y7erzbbxx1g5nmi9yzevtg6o4] c:\docume~1\howard\locals~1\temp\ryd61bso0utdx.exe
uRun: [i9v5hdy9q0tv9hsndsi39mu44juvnxojsljdumb24m1t2n2x] c:\docume~1\howard\locals~1\temp\ju170gjfjomnh.exe
uRun: [iki0bsfpwanmxksfcclh4fov0wp36o1es4e9qp] c:\docume~1\howard\locals~1\temp\k4p58x.exe
uRun: [mh0b0uylszpz39v90bb] c:\docume~1\howard\locals~1\temp\otwnmak0gw0y.exe
uRun: [n4b8omvxptclkm4gj2pvysziqe43v4jjdhrcf5ur98] c:\docume~1\howard\locals~1\temp\drw4g0i7deh.exe
uRun: [lki1ms7rci901ssqcv3zu3zl76nphlbf29rzt] c:\docume~1\howard\locals~1\temp\b7asa1qwiks.exe
uRun: [aqf8bapcmk1swnvfwig40houzxpium3tlco1hp0yp5bk] c:\docume~1\howard\locals~1\temp\m0vfw92042.exe
uRun: [bnj7m7sc9ksxzk08v7dnl9accm86z0u] c:\docume~1\howard\locals~1\temp\quq0im39arf.exe
uRun: [vocmk87n7qk] c:\docume~1\howard\locals~1\temp\e643ucmj.exe
uRun: [dml6xf77qy0k9097kw7e6nnu5nevpo59ekj2hly] c:\docume~1\howard\locals~1\temp\teznui17w3e.exe
uRun: [nux625vdh8x0dscvkkg38ovkm1f1trmx] c:\docume~1\howard\locals~1\temp\pu6pqktq.exe
uRun: [w0hq9q4rw1qc] c:\docume~1\howard\locals~1\temp\e71az7wsil.exe
uRun: [xnmclx7ak8nqnab485ovp87fhkmhrrchs] c:\docume~1\howard\locals~1\temp\l6rvijq4.exe
uRun: [he93i58n5u0pxwkpqm9lc4zul1xsnodkkj7xk] c:\docume~1\howard\locals~1\temp\s5ygke.exe
uRun: [cuac1n219mwsmtt4ynhserwlomv] c:\docume~1\howard\locals~1\temp\m6qs7nk.exe
uRun: [u2fept7uf961rjowrcuk6lvpz22] c:\docume~1\howard\locals~1\temp\nlv4vf.exe
uRun: [rnn9n1kwy] c:\docume~1\howard\locals~1\temp\tkzempv00.exe
uRun: [xgyj33qx33tk7g] c:\docume~1\howard\locals~1\temp\is1zfd.exe
uRun: [m2lel94ulzsrn6xmljvlpk0r966m9bzytzp2c3x] c:\docume~1\howard\locals~1\temp\edk1rx7l.exe
uRun: [dj9ba2d11ujwun2xyw0gmc2init52nxsp] c:\docume~1\howard\locals~1\temp\x0wjyjin6.exe
uRun: [z7q40uxshwfoq22o1d34o4oqi0rofv8p3tmk] c:\docume~1\howard\locals~1\temp\b6zlis3gst.exe
uRun: [y7r7soe7r9cgm46kpzs8l0fgg4desqmech] c:\docume~1\howard\locals~1\temp\ucbkpxeichw.exe
uRun: [b8jgcs2qm7xjzv5e00d3ctswj7gr866] c:\docume~1\howard\locals~1\temp\qxumiy14ihfb9.exe
uRun: [pzyqas3nm77b1kf4m8uq0vcty9fc2jkcw1hbg49ypfe04v] c:\docume~1\howard\locals~1\temp\iykq7kxskbey.exe
uRun: [q49fy3tvkmg52aaum8gq3mvhtyqcc] c:\docume~1\howard\locals~1\temp\ab8r68oj35qr.exe
uRun: [qb3srxvwbq72q7wbvrkqoyvtn] c:\docume~1\howard\locals~1\temp\dq5elmt.exe
uRun: [phg2n8jq8c5v7l4eyswbid11oya356j0sw7raxhq73o7] c:\docume~1\howard\locals~1\temp\e0actmup.exe
uRun: [of8anchv76tcg1ehdau6d12qiot871xgliglgygujeasnz5] c:\docume~1\howard\locals~1\temp\k4qmjv9l.exe
uRun: [cf4w6ziot9kfh1gaw5o6n1ao5uuk2vb104xc9crp1q4gg8w] c:\docume~1\howard\locals~1\temp\oknrcpfr.exe
uRun: [sb95lsvocxpnoij6jqz1bjknpe] c:\docume~1\howard\locals~1\temp\brwg6w248cg.exe
uRun: [efqhb19r5oe1uucvow9o6bedtabcywl5qwva0n5] c:\docume~1\howard\locals~1\temp\kywci50r.exe
uRun: [n55xa4xj9ju] c:\docume~1\howard\locals~1\temp\gh70e2q.exe
uRun: [i6a1m99ggxh6ty2s] c:\docume~1\howard\locals~1\temp\sbi54jk.exe
uRun: [q3rwru22hjrnea0qr6f98ypnbe4i4h] c:\docume~1\howard\locals~1\temp\lhu4b5vp.exe
uRun: [uryvapryjms0obma5zkh1xl7k1ye] c:\docume~1\howard\locals~1\temp\tl63c04y.exe
uRun: [mfkxrid6fgqedn58lt5huiazt7spj1d] c:\docume~1\howard\locals~1\temp\dd1ortmg.exe
uRun: [fbbov33op6ykjt7onnahcjkspsha51etcld] c:\docume~1\howard\locals~1\temp\l7zkm8e8dyuk.exe
uRun: [e60kx6l1z7] c:\docume~1\howard\locals~1\temp\tbsj6knhu41r.exe
uRun: [au521h4j9qjbo2osypxnc4nw1xyl] c:\docume~1\howard\locals~1\temp\a5z1zycfagu.exe
uRun: [b44sfmzzz4qui5vx5b5ffy3jqf2us1pfa2z55jv] c:\docume~1\howard\locals~1\temp\zeu38ys49m.exe
uRun: [mrn3rjjzpu0x79r3jjydntfy7bigdg49opdhpsw8nolh4] c:\docume~1\howard\locals~1\temp\vqfs0gpiym.exe
uRun: [fhjnlxbizkc9h] c:\docume~1\howard\locals~1\temp\ein2djflbh.exe
uRun: [kj6zae35iurw7s40w8c1lc8iujvx4mdd1u] c:\docume~1\howard\locals~1\temp\mmgitoam7y.exe
uRun: [ybnzt1ap6hf9q3wnv0iaprunifwi2nslk32h2ly] c:\docume~1\howard\locals~1\temp\bkgzne8t4.exe
uRun: [yauquovqm519zu0hvqinz8arsx4] c:\docume~1\howard\locals~1\temp\om6nrn7szaafz.exe
uRun: [i9ob55xyu5jvr83e4weufo295q5xhjaiygh77] c:\docume~1\howard\locals~1\temp\eub2cupaxm1ip.exe
uRun: [zisy0bpvis2dx4m8uuzp35vsp3c3xohdj2c5pv3z9rw2f] c:\docume~1\howard\locals~1\temp\z0dnyfxis.exe
uRun: [gzq3emelkxltk0yo31] c:\docume~1\howard\locals~1\temp\d364ld5zws6d.exe
uRun: [dry6d0si8nbq] c:\docume~1\howard\locals~1\temp\zfradc2dlszj.exe
uRun: [lqtrzxnl10b7lkds9gmievr5plbqjakwbgdo026suv] c:\docume~1\howard\locals~1\temp\kyrtjm4poaiax.exe
uRun: [muzccvxccj0jrj27vygqsai4f4m5v57am9h20lb] c:\docume~1\howard\locals~1\temp\rs5emz.exe
uRun: [vdao5we0nnfgq6b6se2x6lpoj1uz19] c:\docume~1\howard\locals~1\temp\jotfl4.exe
uRun: [pqxt07jnen9oz8nh6igmu9im75] c:\docume~1\howard\locals~1\temp\hjk9x7wcgpry.exe
uRun: [ewl03zjiirzxx2l108j47a] c:\docume~1\howard\locals~1\temp\r7ji1w8tn.exe
uRun: [lpndyrfad894w27z8o0hcltao0p9ut64xjcr4oq1a] c:\docume~1\howard\locals~1\temp\l8wra3.exe
uRun: [agytqiv24v0cb8kxrhie8drka3qlxhn1sbh3ho78n009] c:\docume~1\howard\locals~1\temp\jfe2k26hdtyc.exe
uRun: [l6d8un14pi31wu6tezxqosbdmfub535mlsjycq] c:\docume~1\howard\locals~1\temp\wt3pbue.exe
uRun: [wd6ctz2q2ts1e2hnn8mg84m] c:\docume~1\howard\locals~1\temp\dxcuodrdrqwt.exe
uRun: [lsqkxzwd9tzc42orsys1bnug] c:\docume~1\howard\locals~1\temp\m637blr7ax.exe
uRun: [akievj8wha9] c:\docume~1\howard\locals~1\temp\id1dx2vhkwe.exe
uRun: [zsixlkc5vx0p1y9m7hkl7on4war0rlz07rva] c:\docume~1\howard\locals~1\temp\borwvmy.exe
uRun: [yc2z8majxxawwx4k0739c0ig9o7] c:\docume~1\howard\locals~1\temp\f9rlus5jb5u.exe
uRun: [u2shrjnsmugpebd74riu4dugzvctg] c:\docume~1\howard\locals~1\temp\d0g0z44hl.exe
uRun: [tjv7d4gv42gb4bx1kdjpimu2w75] c:\docume~1\howard\locals~1\temp\f7t44n.exe
uRun: [anaq9r6zcrmoikjioky0gcgc7yr5pi5d7g] c:\docume~1\howard\locals~1\temp\dkr6syv62qyzp.exe
uRun: [e75qu6j06b0a86gcngw8er3li] c:\docume~1\howard\locals~1\temp\nhhgzw6ectk.exe
uRun: [awffitziu2k2z27f5] c:\docume~1\howard\locals~1\temp\uqqz50.exe
uRun: [p6s2inkav5b61c4j54x0yculp] c:\docume~1\howard\locals~1\temp\a71h8iex54.exe
uRun: [blb9dyogevcpqzdmw10] c:\docume~1\howard\locals~1\temp\nf6wt8wf3g.exe
uRun: [q0zvx7hwscaudda1p9uoisludg8qm9711e] c:\docume~1\howard\locals~1\temp\bmiffhab.exe
uRun: [b0vhguzpey1eewvu84oossts0m9203lmg] c:\docume~1\howard\locals~1\temp\f2fkrbgy.exe
uRun: [qgja9py380imxs6s3] c:\docume~1\howard\locals~1\temp\dwaocv09v.exe
uRun: [atzl9h30k] c:\docume~1\howard\locals~1\temp\dsev1r.exe
uRun: [u31iz1lo0sobotkwgs03lki7kv6myyfndnzv5v] c:\docume~1\howard\locals~1\temp\gd1p116o.exe
uRun: [si7asrqxk72x6jce6ptt5qdkeg41cnjbfwr285le5a6rho] c:\docume~1\howard\locals~1\temp\l6mv5x3.exe
uRun: [ilfmh3kz870bj17pw1] c:\docume~1\howard\locals~1\temp\mxrtwenm.exe
uRun: [fz25enqk3jurn81zw] c:\docume~1\howard\locals~1\temp\pvhwicg6i.exe
uRun: [myt3wuy2k9qacx] c:\docume~1\howard\locals~1\temp\aehfo3izl6.exe
uRun: [x9bau54zs5i5vg8aqs2u5idxuglkdeo5sqrl0g4hyp2rrfaw] c:\docume~1\howard\locals~1\temp\bomdw32am0b.exe
uRun: [w8qi4l2c1m4f47hb60au] c:\docume~1\howard\locals~1\temp\lx7i4vd3vihhn.exe
uRun: [vuruf3mdil4] c:\docume~1\howard\locals~1\temp\zazslg653v9t.exe
uRun: [b70o2mbjg3eq5glj464hp3kus8uvkrswj2jhlyrbmtkz2zp] c:\docume~1\howard\locals~1\temp\ha9vyo6awgql.exe
uRun: [ehzp0idyuv4npecsgnorgx7e57] c:\docume~1\howard\locals~1\temp\gftuaqfz.exe
uRun: [qmpwewdan5g2153wbgzi1r] c:\docume~1\howard\locals~1\temp\oyf7vr8egwn.exe
uRun: [vm5jfxazw] c:\docume~1\howard\locals~1\temp\f67x3vdjoqs.exe
uRun: [hjqsv0xbx61zcxqye4x1auemncl] c:\docume~1\howard\locals~1\temp\ue2ym5.exe
uRun: [rnp38fwen93gk5l0f552e82v2kw01fkzugguzdgrmal9m] c:\docume~1\howard\locals~1\temp\pxlbzfp551pv.exe
uRun: [hbbjb9jbx6bi73j76px5klgfl5ajggzfew] c:\docume~1\howard\locals~1\temp\qp7g95fvr8s1.exe
uRun: [y37am75jdkxrsyat] c:\docume~1\howard\locals~1\temp\btuew19n.exe
uRun: [p4abdysmytbjb6n4pe93cycehowh] c:\docume~1\howard\locals~1\temp\bbmvmhcj8.exe
uRun: [cugdij8jfwjju3kngyc7grujhlm1d9dfoj2twyaktkqfhp1ns] c:\docume~1\howard\locals~1\temp\x4iwjm.exe
uRun: [donsd7aiu96w774jnqpg0h4viv1thq9a8l1qvnreuge8w7b9] c:\docume~1\howard\locals~1\temp\urp74b.exe
uRun: [rtg7ofh84gpphs1t3m] c:\docume~1\howard\locals~1\temp\s23b6e3.exe
uRun: [iei8vlyopteu9mis22l5igdgecpy] c:\docume~1\howard\locals~1\temp\shhfls82mz.exe
uRun: [bl8pa7n012] c:\docume~1\howard\locals~1\temp\hfhff169j.exe
uRun: [obnmcvl0w8tvwdktfoqt] c:\docume~1\howard\locals~1\temp\q2d6rf6i1h25.exe
uRun: [b7uor424uu7i8] c:\docume~1\howard\locals~1\temp\thk9duzlntxpd.exe
uRun: [o8ma9eengsy9ayo8sdm57r8pzegl] c:\docume~1\howard\locals~1\temp\f0drbjca4fe.exe
uRun: [atucvtjewuab0lhzoccro7orfr2kgu4h4tlizq3vz0pdhm] c:\docume~1\howard\locals~1\temp\mzk840yke.exe
uRun: [tk3hyuapoparqwanztiu9j2] c:\docume~1\howard\locals~1\temp\qr0v089asqpf8.exe
uRun: [fac0h9kuo20o] c:\docume~1\howard\locals~1\temp\aaxkegk3uen.exe
uRun: [nbpspg91nm1u4vs76sa37] c:\docume~1\howard\locals~1\temp\cprw1bffo9f.exe
uRun: [im3u537yz8229c132geghn191lynh] c:\docume~1\howard\locals~1\temp\cmcrsgj.exe
uRun: [zh6ipzbpkbs44306bmdmv37oi6av7kfqza4kb14yy] c:\docume~1\howard\locals~1\temp\jyt1q3qrxr4ea.exe
uRun: [h0s73eyogpg7ltvfac14ht8ooq1n1796rfnx9] c:\docume~1\howard\locals~1\temp\lz6emf90r32b.exe
uRun: [x1n7515nn5xbfamwu9v11bv2nkrgz] c:\docume~1\howard\locals~1\temp\sydz5r3c7y.exe
uRun: [dtzqy94b7rptt9ef7m] c:\docume~1\howard\locals~1\temp\stufftyy7fv.exe
uRun: [w3l1adqmm1mou77yx2v74n69] c:\docume~1\howard\locals~1\temp\n5cafqlt.exe
uRun: [w7b3ymxv8rlp78rzl4lot9l6ti] c:\docume~1\howard\locals~1\temp\bjnryk.exe
uRun: [n3ig6zemsvrweaasezd4] c:\docume~1\howard\locals~1\temp\ddc70tk0uc.exe
uRun: [f262q7qgcrj52f0fws] c:\docume~1\howard\locals~1\temp\k2sfrgikxue6.exe
uRun: [eph4iuounhk4qmqfe4pm9ty9q65hlubuq16jfp6ygcs1qzx4] c:\docume~1\howard\locals~1\temp\z0o67yv2e0y.exe
uRun: [ccvxzhc1bi70ixp] c:\docume~1\howard\locals~1\temp\hevpx9l.exe
uRun: [b918iwhmilied0yd3ruomtf0ng] c:\docume~1\howard\locals~1\temp\cpxdsbhejc.exe
uRun: [j67q0yhvfg4i56o6wd36i84rtjviwx8kyn8afl2ey9grfesb] c:\docume~1\howard\locals~1\temp\zajqdec.exe
uRun: [n5jp4b4f8aki4miljvlc] c:\docume~1\howard\locals~1\temp\w57qgf0gx0.exe
uRun: [keovoitfw6kefcwcp17xg63nscu3cipt] c:\docume~1\howard\locals~1\temp\sgv830nl.exe
uRun: [wcght4ob0aqgym09vw0] c:\docume~1\howard\locals~1\temp\blr6fr24ls.exe
uRun: [uqr2rn047qhy64k3av35hmhr1qvcpr5z75jur4avzny3] c:\docume~1\howard\locals~1\temp\mnrplxe2xpe.exe
uRun: [t8t12vfgo0z] c:\docume~1\howard\locals~1\temp\s7hcgtv021d.exe
uRun: [f2q8ywoyacenmbzriwahh7oap0zrin5by3] c:\docume~1\howard\locals~1\temp\alovrug.exe
uRun: [h51vq1lak38oga7hsiok2eo5lr2jbxlmrrfw] c:\docume~1\howard\locals~1\temp\bvttelm1.exe
uRun: [yielsjmngiiuei4n8jsk4w5yrg2wahhmc1n8olj1w29k5e] c:\docume~1\howard\locals~1\temp\iv02z65sxwtyv.exe
uRun: [py97mpdf5t3xmrn5b115o8o9r6l8jr] c:\docume~1\howard\locals~1\temp\j550qn.exe
uRun: [eckrifl7rjb7okjf5f694krv4moaj9l7fggjv2zoh7o2lhicqw] c:\docume~1\howard\locals~1\temp\wov5bw72tk.exe
uRun: [jt0fwmprcbu9ftqfp2] c:\docume~1\howard\locals~1\temp\cxkj14k6alq.exe
uRun: [fufiavwt66uhm02kmd6z6m9sa9e1ye9yrgz90n2qlk] c:\docume~1\howard\locals~1\temp\oq80yv6aex4xr.exe
uRun: [otg2x4mgpusml31isq35tk4udifi58p9fn13lp1tjib2kqcs] c:\docume~1\howard\locals~1\temp\q5c9s88bifv.exe
uRun: [lvzd99j4gvqx76igfcbqbwjladn0qio2nk849] c:\docume~1\howard\locals~1\temp\zkaumt7a4bm.exe
uRun: [wnjaq4da2gltbbvlxsocpq6rfv3oc3ka4qxfzzqypbspy6b] c:\docume~1\howard\locals~1\temp\kyydclx.exe
uRun: [o8mw2kh8t0ft40yjso1bb8jpuip56svhdqg1doz4w06jejcm8h] c:\docume~1\howard\locals~1\temp\rxoyvgrcuzzpj.exe
uRun: [qvnezsu8rdl3fk] c:\docume~1\howard\locals~1\temp\f5gomkfh2t4oq.exe
uRun: [zczvo5n8b9x3vg2km6ak9ko] c:\docume~1\howard\locals~1\temp\a2kwq3g.exe
uRun: [fueuq5z5eaopwzy64jorz3h3iihtt2gxv482fod] c:\docume~1\howard\locals~1\temp\t9d2gyx.exe
uRun: [y0fj26a2as6eal8phvkcmuze71e3] c:\docume~1\howard\locals~1\temp\pqjyclbx.exe
uRun: [aui4xgnpdbm3eu6h] c:\docume~1\howard\locals~1\temp\gh44aq.exe
uRun: [wmpyl7u8acvkx498939l85vp1sxh4k9lr] c:\docume~1\howard\locals~1\temp\f236pfv98uy.exe
uRun: [vx0ri05311wlr7sqog3a2lbb] c:\docume~1\howard\locals~1\temp\r5676h.exe
uRun: [doyzvv4zkcntg1evff830jw3] c:\docume~1\howard\locals~1\temp\nszpw3o.exe
uRun: [ao5qsp76ofn] c:\docume~1\howard\locals~1\temp\rhu7qi1e4.exe
uRun: [amo5sze9d6lo854vh14vn5uy8n5q0l395vag] c:\docume~1\howard\locals~1\temp\a98h9cf.exe
uRun: [fuxdhq2jgo3wdfoeafy693d268mgoiuti8c5z8bt] c:\docume~1\howard\locals~1\temp\jx4f4i4dd.exe
uRun: [h4yumk6hdnqmcc4j0t9waoatjeq0uuax6bprdsei33alzl] c:\docume~1\howard\locals~1\temp\etbgknv4w.exe
uRun: [xsol7p55fz01jgk5ro4m7etaavljy8] c:\docume~1\howard\locals~1\temp\jjnzug9r.exe
uRun: [tf3a0i2ig2w04det5oev8jpnrsayd9pdl4vdye0mv4fhv3] c:\docume~1\howard\locals~1\temp\bf1333tcmn.exe
uRun: [wksvv8ewn3skiz5qykkagxxf806tldvaxa51d685tgxrehktn] c:\docume~1\howard\locals~1\temp\phhkmdwmnef9.exe
uRun: [sxovb1tuv9a1k17i43fc46tu2gef] c:\docume~1\howard\locals~1\temp\lty8ruz8o.exe
uRun: [o224yseg0fwc89oulsp7ufb80kvmrpx] c:\docume~1\howard\locals~1\temp\n7raty.exe
uRun: [am705jdk4v92hj9l2fvtxze7m548xoma] c:\docume~1\howard\locals~1\temp\qo2sfzzvba.exe
uRun: [lzwpckeb4gg8b7ikeve5baxkmsv4pmum0jbvl] c:\docume~1\howard\locals~1\temp\z236l6o2.exe
uRun: [zzsbe7f49j7bcqkdx98mla5z9ywg3g87y5s5x] c:\docume~1\howard\locals~1\temp\dihbx0up.exe
uRun: [quqne0hbzm2g2rakhgv626ktwqkokbhak0njmm8w] c:\docume~1\howard\locals~1\temp\i7gngcdq5b.exe
uRun: [ddapb3p9xji1stbizrzafnlvupuxoiye4] c:\docume~1\howard\locals~1\temp\xybogisevzpih.exe
uRun: [ayinr8s36n8muf] c:\docume~1\howard\locals~1\temp\d9mfatj4juy.exe
uRun: [co04h3yk3e4h0vwcn5aiygs8r3zgk43gt4my7gfpzn3l63j6] c:\docume~1\howard\locals~1\temp\obmyg3lxmchu.exe
uRun: [m9io2m0cm1gsqonbc0hki7ffp9bsokqa9zdldwl] c:\docume~1\howard\locals~1\temp\s0yzaz.exe
uRun: [dqov92j7bxivr1ecykvu4wpvlckfig64xj9xrjz7hga4bdo2] c:\docume~1\howard\locals~1\temp\a4afuu.exe
uRun: [zyi089jnyy0s] c:\docume~1\howard\locals~1\temp\ocj5ly.exe
uRun: [cev4cm4av4bvsvkan52t8m0o] c:\docume~1\howard\locals~1\temp\o7755zjm5.exe
uRun: [ov9b0zk5m0cdati8tvo] c:\docume~1\howard\locals~1\temp\jil9qj3xai.exe
uRun: [t10qtmhr0szkktrgm9x9dsttqm3s1t5zyfgsmsbg0r3e5] c:\docume~1\howard\locals~1\temp\g3i7rmlot9i8.exe
uRun: [lirpt56p56kc2h1wxx8103mndpq4midoss0x] c:\docume~1\howard\locals~1\temp\z54b767a1ja60.exe
uRun: [kng2n3go3hx33gi13bic4bur462d12h94op] c:\docume~1\howard\locals~1\temp\mxzwmg8s37ysl.exe
uRun: [vyun0ts95ux6zit3z0wg0lcpw940qfdk5fzocgsp] c:\docume~1\howard\locals~1\temp\efp0b24g51ef.exe
uRun: [cbor2sui3z8lepxu6w15tyo3wlpwykt6e1mou0b1c2k5h5z3] c:\docume~1\howard\locals~1\temp\q181e9712j.exe
uRun: [uvpvyia4xxvjs2enui7b6jl8] c:\docume~1\howard\locals~1\temp\tb3l3p.exe
uRun: [znihf43dn5t3as4acuvow5txac8] c:\docume~1\howard\locals~1\temp\iohpccrk.exe
uRun: [y9ag44f3ex8lv2rn64bdpf8hpzwrjnnsiq4] c:\docume~1\howard\locals~1\temp\h90r5wv6ad.exe
uRun: [ijl2a8jsvp0zo1lah] c:\docume~1\howard\locals~1\temp\g9xxdu4.exe
uRun: [gg74ywfaq52t1a300fkgdp5s5vfa] c:\docume~1\howard\locals~1\temp\h02v4boy.exe
uRun: [pbd1pijfi22ga9xntesbhs3wrr1ab6o07h5] c:\docume~1\howard\locals~1\temp\yrn12g.exe
uRun: [yj3nzc4emg256gssmkktlr7bp9tvb54d6dn89] c:\docume~1\howard\locals~1\temp\dq406txhz.exe
uRun: [ac44468cjfpe5upxcfv05c4j2fxfhhkhug0undm2j7i] c:\docume~1\howard\locals~1\temp\vmb1mho8i.exe
uRun: [mcf40uousgbf2ub8wwjv] c:\docume~1\howard\locals~1\temp\vyz1pic5pkci.exe
uRun: [ojhjyg0xowynaoqsp82efym92hbziw8g] c:\docume~1\howard\locals~1\temp\evav2781.exe
uRun: [lqk2k81mdfotdhlcybwdceh31] c:\docume~1\howard\locals~1\temp\fmfttosta.exe
uRun: [zjd5h31qtzp7b7b283wephu7p8264ubh] c:\docume~1\howard\locals~1\temp\ib70e1eo.exe
uRun: [iefz9y4tza9zgw8m7392k4zkrt5cwiijdmbfu] c:\docume~1\howard\locals~1\temp\paelxd.exe
uRun: [c1nay7bnx5g466mcv0vqg1gp7yewf7uogwsjbxgrcio2mjo] c:\docume~1\howard\locals~1\temp\vig88811txk.exe
uRun: [e394r549mbrwoq8339jd47nool88qj08f3hd0r1w1ed] c:\docume~1\howard\locals~1\temp\di6bo0.exe
uRun: [w0c6rwpxaagojf] c:\docume~1\howard\locals~1\temp\n5pwnb23v.exe
uRun: [acilczb4o3n1y76ediy5] c:\docume~1\howard\locals~1\temp\vjdwdmst533ed.exe
uRun: [i8l359msl5zb0qmbqjzm3wciyp5lrv1e4tmowomor] c:\docume~1\howard\locals~1\temp\g2wfjd.exe
uRun: [yl7jlsqtkbaektumwmf1srze1a4d11qbgwyv] c:\docume~1\howard\locals~1\temp\i89v56i92gof.exe
uRun: [z6dpj82r8maau2i4z652yqkfxt29endtm] c:\docume~1\howard\locals~1\temp\oguix1sah.exe
uRun: [ikq02i3nh9rovkvjenhoneb97satrt83i15k0mt2] c:\docume~1\howard\locals~1\temp\w6617upx.exe
uRun: [ebrs3xojzd1e3jdich72gp2] c:\docume~1\howard\locals~1\temp\v3ol6gji3.exe
uRun: [yfr0knygbc69jngqm6fy0pncu6fa] c:\docume~1\howard\locals~1\temp\f0lqu7pe.exe
uRun: [fd4ox5z6e73ti9eeygxxteupcb06lw4ppg0s251g42r9j] c:\docume~1\howard\locals~1\temp\jhz2pr1.exe
uRun: [lmoyzu4t7rwwvlr8171x4aic0] c:\docume~1\howard\locals~1\temp\wcv9912pg33k.exe
uRun: [y1dexx9gyj4rkkrpz0xxn] c:\docume~1\howard\locals~1\temp\hj9hoggpa0k.exe
uRun: [mmhfw66ntugwg4ko9u2xt2kna875w2aie] c:\docume~1\howard\locals~1\temp\pi7rg6d80raik.exe
uRun: [kyuu1x56ysizqewgbnxwnjln89hld55n5d3ho60ku] c:\docume~1\howard\locals~1\temp\eg78awbfx9rr.exe
uRun: [x8l7y0s21y36gjnqtampi5fykw5o6rhc3kbp8es] c:\docume~1\howard\locals~1\temp\dp2ajfrnwfw.exe
uRun: [cn2tpv9hxe6is5tzst8fec8] c:\docume~1\howard\locals~1\temp\pxlvvkim.exe
uRun: [j2bzhrtn78925wubpb2uv0p0qxsx68cr8wmxans8l9g] c:\docume~1\howard\locals~1\temp\k3nzhoquox8j.exe
uRun: [iqfi6b7483asznheag0b24pvekrfud2sjdssbozn7fxcvvjx] c:\docume~1\howard\locals~1\temp\cld36amz7ao.exe
uRun: [kr88r5vt4z3] c:\docume~1\howard\locals~1\temp\h5gfv9xa24d.exe
uRun: [yynbe1phujfmmaz63u5tpgqsw2oq] c:\docume~1\howard\locals~1\temp\evlcptg.exe
uRun: [yr8gf4jes8hro1m5uaiupskpmcpkou2x54jaqascudwm] c:\docume~1\howard\locals~1\temp\s8gmk95zqg4.exe
uRun: [jxzp4nv9thgpklghx21x8307bojzn9j0ib246] c:\docume~1\howard\locals~1\temp\xox2o5.exe
uRun: [oxuypscpnshsdmod4e] c:\docume~1\howard\locals~1\temp\dmn5akz.exe
uRun: [zak5b65f5iid8wfr] c:\docume~1\howard\locals~1\temp\ac9l44e875s.exe
uRun: [j8myq4ur8n5fxa5uzqjjwf7n044eywzgsnpeqyji4g8ug9xkee] c:\docume~1\howard\locals~1\temp\w9g4h66r.exe
uRun: [tktxmsrop7o6yvtbokhn047ntiaaz191z0ldwk6h] c:\docume~1\howard\locals~1\temp\pfsm7bhtn.exe
uRun: [xxlwzj1if3e19] c:\docume~1\howard\locals~1\temp\glrwkuy1ht.exe
uRun: [gbtzxiqtve9po4rhmcosjid8qf8h4tauwa5vy2qgvzjnma3ad3] c:\docume~1\howard\locals~1\temp\t444k7uoatm.exe
uRun: [xnpb23jvjtmtcv5f0lt2ejbmfs7ju70ixrv6pcqahr6zw00] c:\docume~1\howard\locals~1\temp\gxfw4vmyona92.exe
uRun: [l7worabvl58zcidgyut8v96pknn2dw] c:\docume~1\howard\locals~1\temp\ds3wowav.exe
uRun: [gc43db5ohe5hpjmbhdh69zevly3h79rb59bs5micfpsyt8st0] c:\docume~1\howard\locals~1\temp\wtwb5kgjf5.exe
uRun: [wctng3kp9p3wxucm7a0h2lr6q6p1sw54goz7] c:\docume~1\howard\locals~1\temp\ghc39qw.exe
uRun: [zaqtisdvh6s] c:\docume~1\howard\locals~1\temp\uo7mvzamwhf8q.exe
uRun: [x4fhailaww] c:\docume~1\howard\locals~1\temp\m1e6bn1dfbr1a.exe
uRun: [yjnj0cnl6nfkbl7682qa8v7sgw9sdpmqv66n] c:\docume~1\howard\locals~1\temp\n1o1wo4o4z.exe
uRun: [vjc7dgqlmtgtra4o3ne787z5] c:\docume~1\howard\locals~1\temp\bivn5dzkct8a.exe
uRun: [psu3kzhppn6c] c:\docume~1\howard\locals~1\temp\qgv4i3xr9b8.exe
uRun: [hfysht71b] c:\docume~1\howard\locals~1\temp\cs0lwujcdrttx.exe
uRun: [wg5mpld28q91u5] c:\docume~1\howard\locals~1\temp\nbj424.exe
uRun: [w7qzhmsbnv5g095] c:\docume~1\howard\locals~1\temp\rq02qkhjao37.exe
uRun: [m4hms394ehijh] c:\docume~1\howard\locals~1\temp\tf6f2vtv.exe
uRun: [wt3x6b23wjgodid8666badmay68qeqrel49qym0l4kbm7vr] c:\docume~1\howard\locals~1\temp\jrq6f6d7ti2.exe
uRun: [raw2e7w16iezq9ah93rj] c:\docume~1\howard\locals~1\temp\tjl8uzepvn7.exe
uRun: [igan98k8ce067o] c:\docume~1\howard\locals~1\temp\lsdzi03m.exe
uRun: [at7vbawrwsdygxv61kbvz] c:\docume~1\howard\locals~1\temp\pv6x5ys3k60.exe
uRun: [exvox3aaprkvjshq2gws6bk1azzy4fmhwmbymmm71bgo562k] c:\docume~1\howard\locals~1\temp\sw34at2vwcj0n.exe
uRun: [vy4klz4c2hoyhdwzq0sjpc4ec4ttt5lrah] c:\docume~1\howard\locals~1\temp\kdw1uk7r30.exe
uRun: [a3vqrm8fmwd0cezyb8jyvlz1c9q7vg8rwvk0] c:\docume~1\howard\locals~1\temp\wzw2xrac.exe
uRun: [jdc4r1ih59a7vcprvb6pgo367yspv17emdudm60] c:\docume~1\howard\locals~1\temp\bfgiwi35.exe
uRun: [t0f0e5wneucv11aljt8rb3zjm3e7w5] c:\docume~1\howard\locals~1\temp\cplgnznxh.exe
uRun: [nkjkad7d7cskmdbu94st0qroa5aobm0s4kt4rz] c:\docume~1\howard\locals~1\temp\jj9hgdcv.exe
uRun: [yazhjg0lbczl0fq797jhvofaz9ir2hm03bv1] c:\docume~1\howard\locals~1\temp\uls034e70.exe
uRun: [lwfatsz2bhdhhhje45w80lju2835gh9tsvyytqiz1ymc9] c:\docume~1\howard\locals~1\temp\mt41macv91a9.exe
uRun: [kjcztle8ozplsrx] c:\docume~1\howard\locals~1\temp\tg6ml4i.exe
uRun: [vbxg2l59ax1tblbho2xbi5h8g74nhvxqt679oyp11dpqloc] c:\docume~1\howard\locals~1\temp\wq16akzrbpl.exe
uRun: [kt9x3kbot0co6hwfpjch5w1k0uad4k2d1eujxw20ul5lamxi] c:\docume~1\howard\locals~1\temp\on5xvk0a6pxdt.exe
uRun: [o5603a1fsz2cr] c:\docume~1\howard\locals~1\temp\nzq362xov8q2z.exe
uRun: [bgh0q2go5zdvx] c:\docume~1\howard\locals~1\temp\vdemwune5.exe
uRun: [twbxtsofx8h7022k0ylbk9jts1ntm18goh0uzvxp6wg4vh7znq] c:\docume~1\howard\locals~1\temp\n9sq5h7gv8j.exe
uRun: [ti250mw15tgdrke3k8wa5rzy9m1nvwid9vjiagesul9t01jrcs] c:\docume~1\howard\locals~1\temp\wnm58ku.exe
uRun: [zch29ubt24nfvyx1ehlwchcnnx] c:\docume~1\howard\locals~1\temp\esv77fmur.exe
uRun: [m9txm5m8bgbxagyrbxl2e9x6rfodvd5kshak] c:\docume~1\howard\locals~1\temp\xyr6sfc.exe
uRun: [ovti0ofc0yhrwcgmmnr6sumc7gj96nrljfqashlof9] c:\docume~1\howard\locals~1\temp\f2kq25t.exe
uRun: [btwepwtddjz8ctqq405d2wvffeiolm5qs] c:\docume~1\howard\locals~1\temp\s5qhlvuj8yes5.exe
uRun: [k0ds56ypxkfkvpukj8kxka1ab69po76w3nof] c:\docume~1\howard\locals~1\temp\vl1s5nq6we.exe
uRun: [gsehrhfgikri] c:\docume~1\howard\locals~1\temp\cjf76m41o.exe
uRun: [xhi2bimu9bq9mvsf3mfi9m67zfx45dcs95mf06brcy6n8v0l3] c:\docume~1\howard\locals~1\temp\ijvnfsnuan4.exe
uRun: [agrl80vy3lf8554w83cw1w] c:\docume~1\howard\locals~1\temp\pi2ph4h69.exe
uRun: [brzsjlblu] c:\docume~1\howard\locals~1\temp\o9k1o00fro9p.exe
uRun: [dxos7f230j] c:\docume~1\howard\locals~1\temp\ku3khk.exe
uRun: [ncfbm8rvifbh55z64r2hb] c:\docume~1\howard\locals~1\temp\polgqub.exe
uRun: [vdc2ot2za2bdt3b2slnz6] c:\docume~1\howard\locals~1\temp\pt40zb.exe
uRun: [ffynyk5fyhziwq193i31ehkyfbqjvefoid7sqifoc2x6m] c:\docume~1\howard\locals~1\temp\e6i48fjf.exe
uRun: [t5vnsrsm8hksyqebb1kemqlz7if8yba4l1hr853h2nq0oc] c:\docume~1\howard\locals~1\temp\k03b9ryu11n2.exe
uRun: [p8nahvhciwiuf4b2f6waem3dsrllxuup43llutdrbqdcw] c:\docume~1\howard\locals~1\temp\di3t0xxt.exe
uRun: [k28gmqdmxmlst6] c:\docume~1\howard\locals~1\temp\s9yuj3ch17y.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [POINTER] point32.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NoteBurner] c:\program files\noteburner\VTBurnerGUI.exe /silence
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [jsf8uiw3jnjgffght] c:\windows\temp\winlognn.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [lrijh8s73jhbfgfd] c:\windows\temp\winlognn.exe
mRun: [Xfabiqorefubeq] rundll32.exe "c:\windows\Kvadifucipisozo.dll",e
mRun: [Jxelaqapejucohot] rundll32.exe "c:\windows\icifenoy.dll",e
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [services] c:\windows\services.exe
dRun: [tezrtsjhfr84iusjfo84f] c:\windows\temp\csrssc.exe
dRun: [xlmngvfu.exe] c:\windows\xlmngvfu.exe
dRun: [rvgvykqc.exe] c:\windows\rvgvykqc.exe
dRun: [jsf8uiw3jnjgffght] c:\windows\temp\winlognn.exe
dRun: [reader_s] c:\documents and settings\howard\reader_s.exe
dRun: [services] c:\windows\services.exe
mExplorerRun: [services] c:\windows\services.exe
dExplorerRun: [services] c:\windows\services.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: crypt - crypts.dll
AppInit_DLLs: vevldk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\howard\applic~1\mozilla\firefox\profiles\qbukem2u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.dallascowboys.com/home.cfm
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\howard\application

data\mozilla\firefox\profiles\qbukem2u.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - HiddenExtension: XUL Cache: {5AA17D1A-33A6-4DBA-8762-E5CC70C2D296} - c:\documents and settings\howard\local settings\application

data\{5AA17D1A-33A6-4DBA-8762-E5CC70C2D296}

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-8-17 5632]
R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 31744]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 45132]
R3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S1 ikhfile;File Security Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhfile.sys --> c:\windows\system32\drivers\ikhfile.sys [?]
S1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys --> c:\windows\system32\drivers\ikhlayer.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-8-24 16512]
S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?]
UnknownUnknown protect;protect; [x]

=============== Created Last 30 ================

2009-02-22 19:50 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-02-22 19:50 41,985 a------- c:\windows\services.exe
2009-02-22 19:50 46,080 a------- c:\windows\system32\windres.exe
2009-02-22 19:50 30,208 a------- c:\windows\system32\reader_s.exe
2009-02-22 19:50 37,376 a------- c:\windows\system32\17.tmp
2009-02-22 19:49 67,585 a------- c:\windows\system32\12.tmp
2009-02-22 19:49 168 a------- c:\windows\system32\7.tmp
2009-02-22 16:52 37,888 a------- c:\windows\system32\33.tmp
2009-02-22 16:51 67,585 a------- c:\windows\system32\31.tmp
2009-02-22 16:51 0 a------- c:\windows\system32\30.tmp
2009-02-22 16:51 168 a------- c:\windows\system32\2F.tmp
2009-02-22 16:45 37,888 a------- c:\windows\system32\2D.tmp
2009-02-22 16:45 168 a------- c:\windows\system32\24.tmp
2009-02-22 11:55 64,512 a------- c:\windows\system32\actcontroller.exe
2009-02-22 11:55 37,376 a------- c:\windows\system32\26.tmp
2009-02-22 11:55 67,585 a------- c:\windows\system32\22.tmp
2009-02-22 11:55 25,601 a------- c:\windows\system32\19.tmp
2009-02-22 11:53 43,009 a------- c:\windows\services.ex_
2009-02-22 11:53 64,512 a------- c:\windows\system32\vmware-ufad.exe
2009-02-22 11:49 64,512 a------- c:\windows\system32\idaw64.exe
2009-02-22 00:02 64,512 a------- c:\windows\system32\hhupd.exe
2009-02-21 23:17 64,512 a------- c:\windows\system32\7z.exe
2009-02-21 23:17 36,864 a------- c:\windows\system32\78.tmp
2009-02-21 23:17 67,585 a------- c:\windows\system32\76.tmp
2009-02-21 23:17 168 a------- c:\windows\system32\72.tmp
2009-02-21 22:56 64,512 a------- c:\windows\system32\ndetect.exe
2009-02-21 22:56 37,376 a------- c:\windows\system32\25.tmp
2009-02-21 22:56 67,585 a------- c:\windows\system32\23.tmp
2009-02-21 22:56 168 a------- c:\windows\system32\20.tmp
2009-02-21 22:52 64,512 a------- c:\windows\system32\undname.exe
2009-02-21 22:23 37,376 a------- c:\windows\system32\21.tmp
2009-02-21 22:23 67,585 a------- c:\windows\system32\1F.tmp
2009-02-21 22:23 168 a------- c:\windows\system32\15.tmp
2009-02-21 21:54 37,888 a------- c:\windows\system32\1E.tmp
2009-02-21 21:54 168 a------- c:\windows\system32\2.tmp
2009-02-21 19:57 37,376 a------- c:\windows\system32\2B.tmp
2009-02-21 19:57 30,208 a------- c:\windows\system32\2A.tmp
2009-02-21 19:57 168 a------- c:\windows\system32\27.tmp
2009-02-21 19:06 37,376 a------- c:\windows\system32\1B.tmp
2009-02-21 19:06 168 a------- c:\windows\system32\11.tmp
2009-02-21 15:39 37,376 a------- c:\windows\system32\16.tmp
2009-02-21 15:39 168 a------- c:\windows\system32\F.tmp
2009-02-21 12:27 1 a------- c:\windows\system32\3B.tmp
2009-02-21 12:27 88 a------- c:\windows\system32\3A.tmp
2009-02-21 11:48 1 a------- c:\windows\system32\D.tmp
2009-02-21 11:48 88 a------- c:\windows\system32\C.tmp
2009-02-21 11:31 1 a------- c:\windows\system32\7F.tmp
2009-02-21 11:31 88 a------- c:\windows\system32\7E.tmp
2009-02-21 09:23 133,120 a------- c:\windows\icifenoy.dll
2009-02-21 09:12 1 a------- c:\windows\system32\A.tmp
2009-02-21 09:12 88 a------- c:\windows\system32\8.tmp
2009-02-21 08:27 38,912 a------- c:\windows\Kvadifucipisozo.dll
2009-02-21 08:26 <DIR> --d----- c:\program files\Microsoft Common
2009-02-21 08:26 1 a------- c:\windows\system32\6.tmp
2009-02-21 08:26 88 a------- c:\windows\system32\5.tmp
2009-02-20 23:16 36,864 a------- c:\windows\system32\13.tmp
2009-02-20 23:16 208 a------- c:\windows\system32\E.tmp
2009-02-20 21:26 37,376 a------- c:\windows\system32\1D.tmp
2009-02-20 21:26 2,560 a------- c:\windows\system32\1C.tmp
2009-02-20 21:26 88,065 a------- c:\windows\system32\1A.tmp
2009-02-20 21:26 208 a------- c:\windows\system32\18.tmp
2009-02-20 21:00 616 a------- c:\windows\system32\B.tmp
2009-02-20 20:59 47,616 a------- c:\documents and settings\howard\reader_s.exe
2009-02-20 20:59 105,542 a------- c:\windows\system32\CcEvtSvc.exe
2009-02-20 20:59 208 a------- c:\windows\system32\4.tmp
2009-02-07 16:16 0 a------- c:\windows\system32\75.tmp
2009-02-07 16:14 0 a------- c:\windows\system32\73.tmp
2009-02-07 16:07 0 a------- c:\windows\system32\6D.tmp
2009-02-07 16:07 61,093 a------- c:\windows\system32\6B.tmp
2009-02-07 16:06 212 a------- c:\windows\system32\66.tmp
2009-02-05 11:08 14,750 a------- c:\windows\system32\mdc8021x.vxd
2009-02-05 11:08 1,726 a------- c:\windows\ndinst.exe
2009-02-05 11:07 20,747 a------- c:\windows\system32\drivers\mdc8021x.sys
2009-02-05 09:25 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-03 16:21 32,768 a---h--- c:\documents and settings\howard\mhx.exe
2009-02-03 16:21 66,560 ----h--- c:\windows\system32\secupdat.dat
2009-02-03 16:12 0 a------- c:\windows\system32\43.tmp
2009-02-03 13:49 527 a------- c:\windows\system32\win32hlp.cnf
2009-02-03 13:12 1 a------- c:\windows\system32\uniq.tll
2009-02-03 13:12 1 a------- c:\windows\system32\test.ttt
2009-02-03 00:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-02-03 00:55 <DIR> --d----- c:\program files\common files\iS3
2009-02-03 00:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-02-02 23:57 5 a------- c:\windows\_id.dat
2009-02-02 23:57 130 a------- c:\windows\adobe.bat
2009-01-26 22:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-26 22:41 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-26 22:40 <DIR> --d----- c:\docume~1\howard\applic~1\SUPERAntiSpyware.com
2009-01-26 22:40 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2009-02-22 16:45 64,512 a------- c:\windows\system32\regwiz.exe
2009-02-20 20:59 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-02-03 13:48 142,848 a------- c:\windows\system32\userinit.exe
2009-01-15 13:44 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-21 18:29 142,810 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat

============= FINISH: 20:13:09.43 ===============

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:22 PM

Posted 23 February 2009 - 05:45 AM

Hi,

I have bad news for you :thumbup2:

I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 Karen075555

Karen075555
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 23 February 2009 - 06:59 PM

Oh god, is there any other option outside of formatting? I know you said that is the best option, as did the link. I can easily move my files to our other computer, but I would like to keep using this computer, and I wouldn't have another copy of Windows to reinstall.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:22 PM

Posted 23 February 2009 - 07:08 PM

Hi,

Not sure if you have read my blogpost. In your case, there is no other option unfortunately. You're not only dealing with several nasty infections, but you're also dealing with a file infector which has infected almost every exe file on your drives + webpages.
So as I said, do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files... because they are all infected!
If you would like to keep using your computer, then the only way is a format and reinstall. There's is really no other way. Cleaning this up manually would be nuts, because files will be corrupted anyway, causing a broken Windows. Also, every minute that this SEVERLY infected computer is connected to the internet is a minute too long. This because your computer is responsible for infecting a lot of other computers as well (mainly via P2P software).
So, do yourself and everyone else a favor and format and reinstall asap. It's the only responsible act and solution.

Edited by miekiemoes, 23 February 2009 - 07:09 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:22 PM

Posted 01 March 2009 - 12:44 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users