Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virtumonde


  • This topic is locked This topic is locked
25 replies to this topic

#1 Tifffany

Tifffany

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 07 March 2009 - 10:27 AM

I have 2 Virtumonde.sdn registry keys that show up when I run Spybot that it is unable to fix. I tried unhooking from the internet, restarting, and letting spybot run before anything else a couple of times and it still is not working. This is causing tons of popups and some other issues.

Here is my DDS Log:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Owner at 10:15:38.26 on Sat 03/07/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1391.655 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\AOL\1157980189\ee\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
uStart Page = hxxp://www.netflix.com/WiHome?lnkctr=mhWN&lnkce=mhwi
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: WinGDI Class: {12c7290a-157b-4f43-b109-97e792c598ed} - c:\windows\iehost.dll
BHO: {39b9849a-47e2-4a77-9fb6-f140b1449de1} - c:\windows\system32\ati3dua.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {ab28d5d1-bedc-4f16-808f-842ff8e0e62c} - c:\windows\system32\bidapoyi.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {02db34af-13a7-fefa-fbe4-ae21bbfc20cf}: {fc02cfbb-12ea-4ebf-afef-7a31fa43bd20} - c:\windows\system32\tpeikh.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] ""
uRun: [Remote Army] "\Windowbuildjunk.exe"
uRun: [LDM] "c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe"
uRun: [ziyeyisori] "Rundll32.exe " "c:\windows\system32\vororeni.dll",s
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [readericon] "c:\program files\digital media reader\readericon45G.exe"
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [Alcmtr] "ALCMTR.EXE"
mRun: [Recguard] "%WINDIR%\SMINST\RECGUARD.EXE"
mRun: [Reminder] "%WINDIR%\Creator\Remind_XP.exe"
mRun: [IPHSend] "c:\program files\common files\aol\iphsend\IPHSend.exe"
mRun: [NeroCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [c:\windows\system32\kddhl.exe] "c:\windows\system32\kddhl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ROAD ITCH AMOK PING] "c:\documents and settings\all users\application data\long slow road itch\Shim Browse.exe"
mRun: [ziyeyisori] Rundll32.exe "c:\windows\system32\vororeni.dll",s
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe"
mRun: [CPM3f2d5cf7] Rundll32.exe "c:\windows\system32\jomebogo.dll",a
mRun: [3c1e6f6b] rundll32.exe "c:\windows\system32\hapevapu.dll",b
mRunOnce: [SpybotDeletingA4143] command.com /c del "c:\windows\system32\jomebogo.dll_old"
mRunOnce: [SpybotDeletingC3367] cmd.exe /c del "c:\windows\system32\jomebogo.dll_old"
mRunOnce: [SpybotDeletingA9197] command.com /c del "c:\windows\system32\hapevapu.dll_old"
mRunOnce: [SpybotDeletingC2699] cmd.exe /c del "c:\windows\system32\hapevapu.dll_old"
dRun: [Power2GoExpress] NA
dRun: [ziyeyisori] Rundll32.exe "c:\windows\system32\vororeni.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
TCP: {F21FE860-5414-49C8-9909-6D59ADD24509} = 85.255.112.114;85.255.112.14
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: WINDOWS\system32\boruyani.dll c:\windows\system32\hozuyofu.dll c:\windows\system32\zatasura.dll c:\windows\system32\yowajaka.dll c:\windows\system32\jomebogo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jomebogo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jomebogo.dll
LSA: Notification Packages = cecli c:\windows\system32\boruyani.dll c:\windows\system32\hozuyofu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\m9zl8j9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://antsmarching.org/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58757&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\m9zl8j9g.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\components\Engine.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\m9zl8j9g.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 futhwejw;futhwejw;c:\windows\system32\drivers\futhwejw.sys [2006-9-11 23424]

=============== Created Last 30 ================

2009-03-07 10:04 1,832,443 ---sh--- c:\windows\system32\upavepah.ini
2009-03-01 18:18 <DIR> --d----- c:\program files\STARTUP COP!LOT
2009-03-01 14:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-28 20:11 <DIR> --d----- c:\docume~1\owner\applic~1\mIRC
2009-02-28 20:11 <DIR> --d----- c:\program files\mIRC
2009-02-28 13:29 <DIR> --d----- c:\program files\MagicDVDRipper
2009-02-28 11:49 0 a------- c:\windows\system32\AAWService_2009_02_28_11_49_47.dmp
2009-02-28 11:42 231,438 a---h--- C:\aaw7boot.cmd
2009-02-28 10:12 645,120 a------- C:\Windowbuildjunk.exe
2009-02-28 08:53 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0
2009-02-26 06:55 144,100 a--sh--- c:\windows\system32\fytvki.dll
2009-02-25 18:55 143,098 a--sh--- c:\windows\system32\inwwau.dll
2009-02-25 06:55 144,162 a--sh--- c:\windows\system32\unqbjx.dll
2009-02-24 18:54 144,103 a--sh--- c:\windows\system32\esljly.dll
2009-02-24 06:54 144,155 a--sh--- c:\windows\system32\gyzoou.dll
2009-02-23 18:54 144,042 a--sh--- c:\windows\system32\fdcolh.dll
2009-02-23 06:53 143,138 a--sh--- c:\windows\system32\fzukhx.dll
2009-02-22 18:53 144,090 a--sh--- c:\windows\system32\oihqcd.dll
2009-02-22 06:53 142,936 a--sh--- c:\windows\system32\pgdane.dll
2009-02-21 18:53 143,053 a--sh--- c:\windows\system32\wrcjxa.dll
2009-02-21 06:53 144,061 a--sh--- c:\windows\system32\kxcljv.dll
2009-02-20 18:52 143,072 a--sh--- c:\windows\system32\zxwcsu.dll
2009-02-20 06:52 143,179 a--sh--- c:\windows\system32\abpjsf.dll
2009-02-19 18:52 142,992 a--sh--- c:\windows\system32\hkqcyd.dll
2009-02-19 06:51 143,048 a--sh--- c:\windows\system32\kedask.dll
2009-02-18 18:51 143,954 a--sh--- c:\windows\system32\oqwquy.dll
2009-02-18 06:51 143,979 a--sh--- c:\windows\system32\ustrut.dll
2009-02-17 18:52 144,009 a--sh--- c:\windows\system32\kculjy.dll
2009-02-17 01:46 143,101 a--sh--- c:\windows\system32\bomuqz.dll
2009-02-16 13:45 143,111 a--sh--- c:\windows\system32\sdknur.dll
2009-02-16 01:45 144,029 a--sh--- c:\windows\system32\ffbdfr.dll
2009-02-15 21:10 19,968 a------- c:\windows\iehost.dll
2009-02-15 13:48 144,138 a--sh--- c:\windows\system32\mrlebo.dll
2009-02-15 01:43 143,052 a--sh--- c:\windows\system32\dnknyk.dll
2009-02-14 13:43 143,005 a--sh--- c:\windows\system32\qbhghg.dll
2009-02-14 01:43 143,154 a--sh--- c:\windows\system32\qjrzxb.dll
2009-02-13 13:43 144,140 a--sh--- c:\windows\system32\pditgt.dll
2009-02-13 12:42 143,190 a--sh--- c:\windows\system32\jjmsnp.dll
2009-02-11 12:41 143,118 a--sh--- c:\windows\system32\gxnagb.dll
2009-02-11 00:41 140,893 a--sh--- c:\windows\system32\gdazbr.dll
2009-02-10 06:52 25,088 a------- c:\windows\system32\__c002DE7C.dat
2009-02-10 00:40 140,407 a--sh--- c:\windows\system32\cezlcw.dll
2009-02-09 12:40 141,991 a--sh--- c:\windows\system32\spnlqf.dll
2009-02-08 12:39 141,951 a--sh--- c:\windows\system32\kgdopt.dll
2009-02-07 12:38 140,390 a--sh--- c:\windows\system32\mugyst.dll
2009-02-06 23:38 142,011 a--sh--- c:\windows\system32\zcjoko.dll
2009-02-06 11:38 142,022 a--sh--- c:\windows\system32\wxjazv.dll
2009-02-06 07:15 25,088 a------- c:\windows\system32\__c00AE570.dat
2009-02-05 22:37 142,517 a--sh--- c:\windows\system32\arachb.dll
2009-02-05 10:37 142,447 a--sh--- c:\windows\system32\bgztzw.dll

==================== Find3M ====================

2009-03-05 07:06 105,984 a--sh--- c:\windows\system32\pojavoru.dll
2009-03-05 07:06 100,864 -------- c:\windows\system32\legidonu.dll
2009-03-02 19:04 101,376 -------- c:\windows\system32\tefageso.dll
2009-03-02 07:04 106,496 a--sh--- c:\windows\system32\jeniguju.dll
2009-03-01 07:05 4,268 a------- C:\xcrashdump.dat
2009-02-28 19:03 102,912 a--sh--- c:\windows\system32\lezowafu.dll
2009-02-28 07:03 109,568 a--sh--- c:\windows\system32\voyutepu.dll
2009-02-28 07:03 103,936 -------- c:\windows\system32\pelujefo.dll
2009-02-27 19:02 107,008 a--sh--- c:\windows\system32\yokuwalu.dll
2009-02-27 19:02 103,424 a--sh--- c:\windows\system32\fotidifa.dll
2009-02-27 07:02 102,400 a--sh--- c:\windows\system32\tezimawi.dll
2009-02-26 19:02 103,424 -------- c:\windows\system32\jalomomo.dll
2009-02-26 19:02 109,568 a--sh--- c:\windows\system32\zivuloro.dll
2009-02-26 18:55 72,872 a--sh--- c:\windows\system32\kolodiza.dll
2009-02-26 18:55 109,864 a--sh--- c:\windows\system32\jenuhisu.dll
2009-02-26 18:55 95,471 -------- c:\windows\system32\vamodimu.dll
2009-02-26 06:55 144,100 a--sh--- c:\windows\system32\gadulego.dll
2009-02-26 06:55 110,227 a--sh--- c:\windows\system32\zayimuyu.dll
2009-02-26 06:55 95,555 -------- c:\windows\system32\ruziwaba.dll
2009-02-25 18:55 143,098 a--sh--- c:\windows\system32\rutineri.dll
2009-02-25 18:55 109,701 a--sh--- c:\windows\system32\katedeve.dll
2009-02-25 18:55 95,422 -------- c:\windows\system32\peyohagu.dll
2009-02-25 06:55 144,162 a--sh--- c:\windows\system32\davudubi.dll
2009-02-25 06:55 109,314 a--sh--- c:\windows\system32\tinuredi.dll
2009-02-25 06:55 95,548 -------- c:\windows\system32\botobijo.dll
2009-02-24 18:54 144,103 a--sh--- c:\windows\system32\kiyeziba.dll
2009-02-24 18:54 108,805 a--sh--- c:\windows\system32\hakusahe.dll
2009-02-24 18:54 95,401 -------- c:\windows\system32\luvitahu.dll
2009-02-24 06:54 144,155 a--sh--- c:\windows\system32\kidikeso.dll
2009-02-24 06:54 109,790 a--sh--- c:\windows\system32\povatebu.dll
2009-02-24 06:54 95,316 -------- c:\windows\system32\jirojihu.dll
2009-02-23 18:54 144,042 a--sh--- c:\windows\system32\binezitu.dll
2009-02-23 18:54 95,491 -------- c:\windows\system32\vaposezu.dll
2009-02-23 18:54 109,777 a--sh--- c:\windows\system32\netigetu.dll
2009-02-23 06:53 143,138 a--sh--- c:\windows\system32\tevifulo.dll
2009-02-23 06:53 109,904 a--sh--- c:\windows\system32\hekehoyi.dll
2009-02-23 06:53 95,413 -------- c:\windows\system32\wizejimi.dll
2009-02-22 18:53 144,090 a--sh--- c:\windows\system32\retupodi.dll
2009-02-22 18:53 95,380 -------- c:\windows\system32\nazayeda.dll
2009-02-22 18:53 110,310 a--sh--- c:\windows\system32\hekunupi.dll
2009-02-22 06:53 142,936 a--sh--- c:\windows\system32\kejewihi.dll
2009-02-22 06:53 107,865 a--sh--- c:\windows\system32\dedufaro.dll
2009-02-22 06:53 95,471 -------- c:\windows\system32\tikijedi.dll
2009-02-21 18:53 143,053 a--sh--- c:\windows\system32\jopokano.dll
2009-02-21 18:53 95,566 -------- c:\windows\system32\nahivoyi.dll
2009-02-21 06:53 144,061 a--sh--- c:\windows\system32\dupiduhu.dll
2009-02-21 06:53 95,499 -------- c:\windows\system32\notewufe.dll
2009-02-21 06:53 107,724 a--sh--- c:\windows\system32\kuzazigo.dll
2009-02-20 18:52 143,072 a--sh--- c:\windows\system32\kofipulo.dll
2009-02-20 18:52 108,766 a--sh--- c:\windows\system32\kemuboti.dll
2009-02-20 18:52 95,486 -------- c:\windows\system32\fobamito.dll
2009-02-20 06:52 143,179 a--sh--- c:\windows\system32\geyedeza.dll
2009-02-20 06:52 109,151 a--sh--- c:\windows\system32\jubodaso.dll
2009-02-20 06:52 95,521 -------- c:\windows\system32\vewuhigi.dll
2009-02-19 18:52 142,992 a--sh--- c:\windows\system32\mivivohe.dll
2009-02-19 18:52 110,268 a--sh--- c:\windows\system32\bafotigu.dll
2009-02-19 18:52 95,556 a--sh--- c:\windows\system32\tigufana.dll
2009-02-19 06:51 143,048 a--sh--- c:\windows\system32\naboguhi.dll
2009-02-19 06:51 110,435 a--sh--- c:\windows\system32\revovole.dll
2009-02-19 06:51 95,541 a--sh--- c:\windows\system32\hofofema.dll
2009-02-18 18:51 143,954 a--sh--- c:\windows\system32\jeleraji.dll
2009-02-18 18:51 95,553 a--sh--- c:\windows\system32\zohojusu.dll
2009-02-18 18:51 109,697 a--sh--- c:\windows\system32\delehele.dll
2009-02-18 06:51 143,979 a--sh--- c:\windows\system32\yikibaho.dll
2009-02-18 06:51 95,388 a--sh--- c:\windows\system32\suvatepe.dll
2009-02-18 06:51 110,394 a--sh--- c:\windows\system32\hegizuku.dll
2009-02-17 18:52 108,788 a--sh--- c:\windows\system32\pofolehe.dll
2009-02-17 18:52 144,009 a--sh--- c:\windows\system32\gakilime.dll
2009-02-17 18:52 95,370 a--sh--- c:\windows\system32\jubevuto.dll
2009-02-17 01:46 143,101 a--sh--- c:\windows\system32\fitiwali.dll
2009-02-17 01:46 95,541 -------- c:\windows\system32\zurorala.dll
2009-02-17 01:46 109,634 a--sh--- c:\windows\system32\lumasoka.dll
2009-02-16 13:45 143,111 a--sh--- c:\windows\system32\mahaviye.dll
2009-02-16 13:45 109,310 a--sh--- c:\windows\system32\mifunabi.dll
2009-02-16 01:45 95,449 a--sh--- c:\windows\system32\podabahu.dll
2009-02-16 01:45 108,214 a--sh--- c:\windows\system32\rimuwuka.dll
2009-02-15 13:48 144,138 a--sh--- c:\windows\system32\boruviya.dll
2009-02-15 13:48 107,816 a--sh--- c:\windows\system32\zifewiba.dll
2009-02-15 01:43 143,052 a--sh--- c:\windows\system32\palimode.dll
2009-02-15 01:43 95,355 a--sh--- c:\windows\system32\tofuropi.dll
2009-02-15 01:43 109,725 a--sh--- c:\windows\system32\tadezote.dll
2009-02-14 13:43 95,518 a--sh--- c:\windows\system32\jogefedo.dll
2009-02-14 13:43 143,005 a--sh--- c:\windows\system32\gohejane.dll
2009-02-14 13:43 109,334 a--sh--- c:\windows\system32\nifolije.dll
2009-02-14 01:43 143,154 a--sh--- c:\windows\system32\biyijuya.dll
2009-02-14 01:43 108,782 a--sh--- c:\windows\system32\babeleso.dll
2009-02-14 01:43 95,367 -------- c:\windows\system32\jumowedu.dll
2009-02-13 13:43 144,140 a--sh--- c:\windows\system32\fimamile.dll
2009-02-13 13:43 107,782 a--sh--- c:\windows\system32\sogidona.dll
2009-02-13 13:43 95,462 -------- c:\windows\system32\yasijote.dll
2009-02-13 12:42 72,871 a--sh--- c:\windows\system32\dojudemu.dll
2009-02-13 12:42 143,190 a--sh--- c:\windows\system32\dijanumo.dll
2009-02-13 12:42 110,207 a--sh--- c:\windows\system32\mulivusi.dll
2009-02-11 12:41 143,118 a--sh--- c:\windows\system32\lewowesa.dll
2009-02-11 12:41 108,852 a--sh--- c:\windows\system32\zojarepi.dll
2009-02-11 12:41 102,493 -------- c:\windows\system32\semabawe.dll
2009-02-11 00:41 140,893 a--sh--- c:\windows\system32\remebeyi.dll
2009-02-11 00:41 108,164 a--sh--- c:\windows\system32\narenodo.dll
2009-02-11 00:41 102,124 -------- c:\windows\system32\yiyawefo.dll
2009-02-10 00:40:09 -------- 102,060 c:\windows\system32\gigijomo.dll
2008-12-05 19:53 93,920 a--sh--- c:\windows\system32\barinoka.dll
0000-00-00 00:00 72,872 a--sh--- c:\windows\system32\bidapoyi.dll
2008-11-20 09:23 90,164 a--sh--- c:\windows\system32\bifibubo.dll
2008-11-22 09:24 90,164 a--sh--- c:\windows\system32\bimuroda.dll
0000-00-00 00:00 73,728 a--sh--- c:\windows\system32\bodonope.dll
2008-11-20 21:24 90,164 a--sh--- c:\windows\system32\buzalevu.dll
0000-00-00 00:00 100,352 a--sh--- c:\windows\system32\fanudugu.dll
2008-12-04 07:52 94,773 a--sh--- c:\windows\system32\fasapako.dll
0000-00-00 00:00 72,871 a--sh--- c:\windows\system32\feloviko.dll
2008-09-05 07:53 1,024 a--sh--- c:\windows\system32\gifawudi.dll
2008-12-03 13:02 94,773 a--sh--- c:\windows\system32\girulala.dll
2008-09-16 16:01 76,800 a--sh--- c:\windows\system32\hoheyuli.dll
0000-00-00 00:00 72,872 a--sh--- c:\windows\system32\hozuyofu.dll
2008-12-04 19:53 65,589 a--sh--- c:\windows\system32\jazukimo.dll
2008-12-02 01:02 64,052 a--sh--- c:\windows\system32\joyubaho.dll
0000-00-00 00:00 52,224 a--sh--- c:\windows\system32\kawihevo.dll
2008-12-06 07:53 94,318 a--sh--- c:\windows\system32\kipipasu.dll
2008-12-02 01:02 93,236 a--sh--- c:\windows\system32\ledoliwu.dll
2008-12-05 19:53 64,076 a--sh--- c:\windows\system32\lelasuba.dll
2008-11-21 09:24 90,164 a--sh--- c:\windows\system32\levisaku.dll
2008-12-04 19:53 94,773 a--sh--- c:\windows\system32\lomofasi.dll
2008-11-21 21:24 90,164 a--sh--- c:\windows\system32\lutokujo.dll
2008-09-05 07:53 4,096 a--sh--- c:\windows\system32\misehula.dll
0000-00-00 00:00 91,136 a--sh--- c:\windows\system32\mulipiza.dll
0000-00-00 00:00 71,901 a--sh--- c:\windows\system32\nusoyeta.dll
0000-00-00 00:00 79,872 a--sh--- c:\windows\system32\panifiye.dll
2008-12-03 01:02 93,237 a--sh--- c:\windows\system32\ruwidupa.dll
0000-00-00 00:00 33,792 a--sh--- c:\windows\system32\sufohuwe.dll
0000-00-00 00:00 71,901 a--sh--- c:\windows\system32\tehirojo.dll
2008-11-30 13:01 95,284 a--sh--- c:\windows\system32\tugokubu.dll
0000-00-00 00:00 72,871 a--sh--- c:\windows\system32\tugufapi.dll
0000-00-00 00:00 101,376 a--sh--- c:\windows\system32\vedemavi.dll
2008-12-02 13:02 93,237 a--sh--- c:\windows\system32\vehujega.dll
2008-11-22 21:24 90,164 a--sh--- c:\windows\system32\vilijazi.dll
2008-12-01 13:01 94,772 a--sh--- c:\windows\system32\vimeyeza.dll
0000-00-00 00:00 72,872 a--sh--- c:\windows\system32\vororeni.dll
2008-11-23 09:24 90,164 a--sh--- c:\windows\system32\vumodetu.dll
0000-00-00 00:00 71,901 a--sh--- c:\windows\system32\wagadobe.dll
0000-00-00 00:00 33,792 a--sh--- c:\windows\system32\webumoki.dll
2008-12-04 07:52 64,053 a--sh--- c:\windows\system32\wirijepi.dll
2008-09-29 18:07 77,824 a--sh--- c:\windows\system32\wonogeba.dll
2008-12-05 08:55 2,098 ---sh--- c:\windows\system32\yamihimo.dll
0000-00-00 00:00 75,776 a--sh--- c:\windows\system32\yesitepo.dll
2008-12-01 01:01 95,284 a--sh--- c:\windows\system32\yibabofi.dll
2008-09-08 19:54 88,576 a--sh--- c:\windows\system32\yivuribo.dll
0000-00-00 00:00 72,871 a--sh--- c:\windows\system32\yonetaso.dll
0000-00-00 00:00 67,584 a--sh--- c:\windows\system32\zahutezo.dll

============= FINISH: 10:16:50.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:10:30 PM

Posted 19 March 2009 - 09:23 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Tifffany

Tifffany
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 20 March 2009 - 08:14 AM

Thank you for the response! I understand that you all are incredibly busy and I am just glad for any help that I can get with my problem. Here is the DDS.txt file:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 9:03:21.53 on Fri 03/20/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1391.605 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\1157980189\ee\aolsoftware.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
uStart Page = hxxp://www.netflix.com/WiHome?lnkctr=mhWN&lnkce=mhwi
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: WinGDI Class: {12c7290a-157b-4f43-b109-97e792c598ed} - c:\windows\iehost.dll
BHO: {39b9849a-47e2-4a77-9fb6-f140b1449de1} - c:\windows\system32\ati3dua.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {b8510b07-0d90-8d48-7d24-a206b194eb28}: {82be491b-602a-42d7-84d8-09d070b0158b} - c:\windows\system32\hjygzz.dll
BHO: {ab28d5d1-bedc-4f16-808f-842ff8e0e62c} - c:\windows\system32\bidapoyi.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] ""
uRun: [Remote Army] "\Windowbuildjunk.exe"
uRun: [LDM] "c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe"
uRun: [ziyeyisori] "Rundll32.exe " "c:\windows\system32\vororeni.dll",s
uRunOnce: [SpybotDeletingB1123] command.com /c del "c:\windows\system32\bubodozu.dll_old"
uRunOnce: [SpybotDeletingD1720] cmd.exe /c del "c:\windows\system32\bubodozu.dll_old"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [readericon] "c:\program files\digital media reader\readericon45G.exe"
mRun: [RTHDCPL] "RTHDCPL.EXE"
mRun: [Alcmtr] "ALCMTR.EXE"
mRun: [Recguard] "%WINDIR%\SMINST\RECGUARD.EXE"
mRun: [Reminder] "%WINDIR%\Creator\Remind_XP.exe"
mRun: [IPHSend] "c:\program files\common files\aol\iphsend\IPHSend.exe"
mRun: [NeroCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [c:\windows\system32\kddhl.exe] "c:\windows\system32\kddhl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ROAD ITCH AMOK PING] "c:\documents and settings\all users\application data\long slow road itch\Shim Browse.exe"
mRun: [ziyeyisori] Rundll32.exe "c:\windows\system32\vororeni.dll",s
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe"
mRun: [3c1e6f6b] rundll32.exe "c:\windows\system32\votoselu.dll",b
mRun: [CPM3f2d5cf7] Rundll32.exe "c:\windows\system32\yuzemasa.dll",a
mRunOnce: [SpybotDeletingA2673] command.com /c del "c:\windows\system32\bubodozu.dll_old"
mRunOnce: [SpybotDeletingC5524] cmd.exe /c del "c:\windows\system32\bubodozu.dll_old"
dRun: [Power2GoExpress] NA
dRun: [ziyeyisori] Rundll32.exe "c:\windows\system32\vororeni.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
TCP: {F21FE860-5414-49C8-9909-6D59ADD24509} = 85.255.112.114;85.255.112.14
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\hozuyofu.dll c:\windows\system32\yuzemasa.dll hjygzz.dll c:\windows\system32\zibuyiri.dll c:\windows\system32\bojigenu.dll c:\windows\system32\rolivepa.dll c:\windows\system32\lekamupi.dll c:\windows\system32\lalihihe.dll c:\windows\system32\jobapoja.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yuzemasa.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\lalihihe.dll
LSA: Notification Packages = cecli c:\windows\system32\boruyani.dll c:\windows\system32\hozuyofu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\m9zl8j9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://antsmarching.org/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58757&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\m9zl8j9g.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\components\Engine.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\m9zl8j9g.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 futhwejw;futhwejw;c:\windows\system32\drivers\futhwejw.sys [2006-9-11 23424]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-21 24652]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-20 27904]

=============== Created Last 30 ================

2009-03-20 08:12 1,797,437 ---sh--- c:\windows\system32\ivufuyoy.ini
2009-03-20 08:12 140,288 a--sh--- c:\windows\system32\hjygzz.dll
2009-03-19 20:12 1,797,437 ---sh--- c:\windows\system32\ulesotov.ini
2009-03-19 20:12 141,312 a--sh--- c:\windows\system32\yxshej.dll
2009-03-19 08:13 1,794,094 ---sh--- c:\windows\system32\igabimel.ini
2009-03-19 08:11 141,824 a--sh--- c:\windows\system32\ggmivi.dll
2009-03-18 20:11 142,848 a--sh--- c:\windows\system32\iowgla.dll
2009-03-18 08:11 140,800 a--sh--- c:\windows\system32\nrvyay.dll
2009-03-16 08:10 142,848 a--sh--- c:\windows\system32\uvarka.dll
2009-03-15 20:10 142,848 a--sh--- c:\windows\system32\ifujxa.dll
2009-03-15 08:10 141,277 a--sh--- c:\windows\system32\bawayeka.dll
2009-03-15 08:10 121 ---sh--- c:\windows\system32\inafehoy.ini
2009-03-01 18:18 <DIR> --d----- c:\program files\STARTUP COP!LOT
2009-03-01 14:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-28 20:11 <DIR> --d----- c:\docume~1\owner\applic~1\mIRC
2009-02-28 20:11 <DIR> --d----- c:\program files\mIRC
2009-02-28 13:29 <DIR> --d----- c:\program files\MagicDVDRipper
2009-02-28 11:49 0 a------- c:\windows\system32\AAWService_2009_02_28_11_49_47.dmp
2009-02-28 11:42 231,438 a---h--- C:\aaw7boot.cmd
2009-02-28 10:12 645,120 a------- C:\Windowbuildjunk.exe
2009-02-28 08:53 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0
2009-02-26 06:55 144,100 a--sh--- c:\windows\system32\fytvki.dll
2009-02-25 18:55 143,098 a--sh--- c:\windows\system32\inwwau.dll
2009-02-25 06:55 144,162 a--sh--- c:\windows\system32\unqbjx.dll
2009-02-24 18:54 144,103 a--sh--- c:\windows\system32\esljly.dll
2009-02-24 06:54 144,155 a--sh--- c:\windows\system32\gyzoou.dll
2009-02-23 18:54 144,042 a--sh--- c:\windows\system32\fdcolh.dll
2009-02-23 06:53 143,138 a--sh--- c:\windows\system32\fzukhx.dll
2009-02-22 18:53 144,090 a--sh--- c:\windows\system32\oihqcd.dll
2009-02-22 06:53 142,936 a--sh--- c:\windows\system32\pgdane.dll
2009-02-21 18:53 143,053 a--sh--- c:\windows\system32\wrcjxa.dll
2009-02-21 06:53 144,061 a--sh--- c:\windows\system32\kxcljv.dll
2009-02-20 18:52 143,072 a--sh--- c:\windows\system32\zxwcsu.dll
2009-02-20 06:52 143,179 a--sh--- c:\windows\system32\abpjsf.dll
2009-02-19 18:52 142,992 a--sh--- c:\windows\system32\hkqcyd.dll
2009-02-19 06:51 143,048 a--sh--- c:\windows\system32\kedask.dll
2009-02-18 18:51 143,954 a--sh--- c:\windows\system32\oqwquy.dll

==================== Find3M ====================

2009-03-20 08:12 102,912 a--sh--- c:\windows\system32\yoyufuvi.dll
2009-03-20 08:12 140,288 a--sh--- c:\windows\system32\nituworo.dll
2009-03-20 08:12 107,008 a--sh--- c:\windows\system32\yuzemasa.dll
2009-03-19 20:12 103,424 -------- c:\windows\system32\votoselu.dll
2009-03-19 20:12 141,312 a--sh--- c:\windows\system32\hizuwiba.dll
2009-03-19 20:12 106,496 a--sh--- c:\windows\system32\lekamupi.dll
2009-03-19 08:11 101,376 -------- c:\windows\system32\lemibagi.dll
2009-03-19 08:11 141,824 a--sh--- c:\windows\system32\rubigote.dll
2009-03-19 08:11 108,032 a--sh--- c:\windows\system32\hirukuto.dll
2009-03-18 20:11 142,848 a--sh--- c:\windows\system32\zerakede.dll
2009-03-18 08:11 102,400 -------- c:\windows\system32\kikububu.dll
2009-03-18 08:11 140,800 a--sh--- c:\windows\system32\talodowa.dll
2009-03-18 08:11 108,032 a--sh--- c:\windows\system32\jobapoja.dll
2009-03-16 08:10 142,848 a--sh--- c:\windows\system32\bemubize.dll
2009-03-16 08:10 102,400 -------- c:\windows\system32\tevajoge.dll
2009-03-16 08:10 107,520 a--sh--- c:\windows\system32\lalihihe.dll
2009-03-15 20:10 142,848 a--sh--- c:\windows\system32\jejowada.dll
2009-03-15 20:10 101,376 a--sh--- c:\windows\system32\papulihe.dll
2009-03-15 20:10 107,520 a--sh--- c:\windows\system32\zibuyiri.dll
2009-03-15 08:10 107,008 a--sh--- c:\windows\system32\rolivepa.dll
2009-03-15 08:10 103,424 a--sh--- c:\windows\system32\yohefani.dll
2009-03-08 19:07 107,520 a--sh--- c:\windows\system32\bojigenu.dll
2009-03-08 19:07 100,864 -------- c:\windows\system32\turazapu.dll
2009-03-08 07:07 107,520 a--sh--- c:\windows\system32\dimidiva.dll
2009-03-08 07:07 100,352 -------- c:\windows\system32\sikizela.dll
2009-03-07 19:07 101,888 -------- c:\windows\system32\behiyaga.dll
2009-03-07 19:07 108,032 a--sh--- c:\windows\system32\yomoviya.dll
2009-03-05 07:06 105,984 a--sh--- c:\windows\system32\pojavoru.dll
2009-03-05 07:06 100,864 -------- c:\windows\system32\legidonu.dll
2009-03-02 19:04 101,376 -------- c:\windows\system32\tefageso.dll
2009-03-02 07:04 106,496 a--sh--- c:\windows\system32\jeniguju.dll
2009-03-01 07:05 4,268 a------- C:\xcrashdump.dat
2009-02-28 19:03 102,912 a--sh--- c:\windows\system32\lezowafu.dll
2009-02-28 07:03 109,568 a--sh--- c:\windows\system32\voyutepu.dll
2009-02-28 07:03 103,936 -------- c:\windows\system32\pelujefo.dll
2009-02-27 19:02 107,008 a--sh--- c:\windows\system32\yokuwalu.dll
2009-02-27 19:02 103,424 a--sh--- c:\windows\system32\fotidifa.dll
2009-02-27 07:02 102,400 a--sh--- c:\windows\system32\tezimawi.dll
2009-02-26 19:02 103,424 -------- c:\windows\system32\jalomomo.dll
2009-02-26 19:02 109,568 a--sh--- c:\windows\system32\zivuloro.dll
2009-02-26 18:55 72,872 a--sh--- c:\windows\system32\kolodiza.dll
2009-02-26 18:55 109,864 a--sh--- c:\windows\system32\jenuhisu.dll
2009-02-26 18:55 95,471 -------- c:\windows\system32\vamodimu.dll
2009-02-26 06:55 144,100 a--sh--- c:\windows\system32\gadulego.dll
2009-02-26 06:55 110,227 a--sh--- c:\windows\system32\zayimuyu.dll
2009-02-26 06:55 95,555 -------- c:\windows\system32\ruziwaba.dll
2009-02-25 18:55 143,098 a--sh--- c:\windows\system32\rutineri.dll
2009-02-25 18:55 109,701 a--sh--- c:\windows\system32\katedeve.dll
2009-02-25 18:55 95,422 -------- c:\windows\system32\peyohagu.dll
2009-02-25 06:55 144,162 a--sh--- c:\windows\system32\davudubi.dll
2009-02-25 06:55 109,314 a--sh--- c:\windows\system32\tinuredi.dll
2009-02-25 06:55 95,548 -------- c:\windows\system32\botobijo.dll
2009-02-24 18:54 144,103 a--sh--- c:\windows\system32\kiyeziba.dll
2009-02-24 18:54 108,805 a--sh--- c:\windows\system32\hakusahe.dll
2009-02-24 18:54 95,401 -------- c:\windows\system32\luvitahu.dll
2009-02-24 06:54 144,155 a--sh--- c:\windows\system32\kidikeso.dll
2009-02-24 06:54 109,790 a--sh--- c:\windows\system32\povatebu.dll
2009-02-24 06:54 95,316 -------- c:\windows\system32\jirojihu.dll
2009-02-23 18:54 144,042 a--sh--- c:\windows\system32\binezitu.dll
2009-02-23 18:54 95,491 -------- c:\windows\system32\vaposezu.dll
2009-02-23 18:54 109,777 a--sh--- c:\windows\system32\netigetu.dll
2009-02-23 06:53 143,138 a--sh--- c:\windows\system32\tevifulo.dll
2009-02-23 06:53 109,904 a--sh--- c:\windows\system32\hekehoyi.dll
2009-02-23 06:53 95,413 -------- c:\windows\system32\wizejimi.dll
2009-02-22 18:53 144,090 a--sh--- c:\windows\system32\retupodi.dll
2009-02-22 18:53 95,380 -------- c:\windows\system32\nazayeda.dll
2009-02-22 18:53 110,310 a--sh--- c:\windows\system32\hekunupi.dll
2009-02-22 06:53 142,936 a--sh--- c:\windows\system32\kejewihi.dll
2009-02-22 06:53 107,865 a--sh--- c:\windows\system32\dedufaro.dll
2009-02-22 06:53 95,471 -------- c:\windows\system32\tikijedi.dll
2009-02-21 18:53 143,053 a--sh--- c:\windows\system32\jopokano.dll
2009-02-21 18:53 95,566 -------- c:\windows\system32\nahivoyi.dll
2009-02-21 06:53 144,061 a--sh--- c:\windows\system32\dupiduhu.dll
2009-02-21 06:53 95,499 -------- c:\windows\system32\notewufe.dll
2009-02-21 06:53 107,724 a--sh--- c:\windows\system32\kuzazigo.dll
2009-02-20 18:52 143,072 a--sh--- c:\windows\system32\kofipulo.dll
2009-02-20 18:52 108,766 a--sh--- c:\windows\system32\kemuboti.dll
2009-02-20 18:52 95,486 -------- c:\windows\system32\fobamito.dll
2009-02-20 06:52 143,179 a--sh--- c:\windows\system32\geyedeza.dll
2009-02-20 06:52 109,151 a--sh--- c:\windows\system32\jubodaso.dll
2009-02-20 06:52 95,521 -------- c:\windows\system32\vewuhigi.dll
2009-02-19 18:52 142,992 a--sh--- c:\windows\system32\mivivohe.dll
2009-02-19 18:52 110,268 a--sh--- c:\windows\system32\bafotigu.dll
2009-02-19 18:52 95,556 a--sh--- c:\windows\system32\tigufana.dll
2009-02-19 06:51 143,048 a--sh--- c:\windows\system32\naboguhi.dll
2009-02-19 06:51 110,435 a--sh--- c:\windows\system32\revovole.dll
2009-02-19 06:51 95,541 a--sh--- c:\windows\system32\hofofema.dll
2009-02-18 18:51 143,954 a--sh--- c:\windows\system32\jeleraji.dll
2009-02-18 18:51 95,553 a--sh--- c:\windows\system32\zohojusu.dll
2009-02-18 18:51 109,697 a--sh--- c:\windows\system32\delehele.dll
2009-02-18 06:51 143,979 a--sh--- c:\windows\system32\yikibaho.dll
2009-02-18 06:51 143,979 a--sh--- c:\windows\system32\ustrut.dll
2009-02-18 06:51 95,388 a--sh--- c:\windows\system32\suvatepe.dll
2009-02-18 06:51 110,394 a--sh--- c:\windows\system32\hegizuku.dll
2009-02-17 18:52 108,788 a--sh--- c:\windows\system32\pofolehe.dll
2009-02-17 18:52 144,009 a--sh--- c:\windows\system32\kculjy.dll
2009-02-17 18:52 144,009 a--sh--- c:\windows\system32\gakilime.dll
2009-02-17 18:52 95,370 a--sh--- c:\windows\system32\jubevuto.dll
2009-02-17 01:46 143,101 a--sh--- c:\windows\system32\fitiwali.dll
2009-02-17 01:46:17 A--SH--- 143,101 c:\windows\system32\bomuqz.dll
2008-12-05 19:53 93,920 a--sh--- c:\windows\system32\barinoka.dll
2008-12-15 20:58 67,266 a--sh--- c:\windows\system32\bibarude.dll
0000-00-00 00:00 72,872 a--sh--- c:\windows\system32\bidapoyi.dll
2008-11-20 09:23 90,164 a--sh--- c:\windows\system32\bifibubo.dll
2008-11-22 09:24 90,164 a--sh--- c:\windows\system32\bimuroda.dll
0000-00-00 00:00 73,728 a--sh--- c:\windows\system32\bodonope.dll
2008-11-20 21:24 90,164 a--sh--- c:\windows\system32\buzalevu.dll
2008-12-18 17:02 97,569 a--sh--- c:\windows\system32\dewokike.dll
2008-12-12 08:56 92,932 a--sh--- c:\windows\system32\doneboho.dll
0000-00-00 00:00 100,352 a--sh--- c:\windows\system32\fanudugu.dll
2008-12-04 07:52 94,773 a--sh--- c:\windows\system32\fasapako.dll
2008-12-13 20:56 90,696 a--sh--- c:\windows\system32\fateguda.dll
0000-00-00 00:00 72,871 a--sh--- c:\windows\system32\feloviko.dll
2008-12-10 08:55 93,254 a--sh--- c:\windows\system32\femavoti.dll
2008-12-07 07:53 93,484 a--sh--- c:\windows\system32\fojayoho.dll
2008-09-05 07:53 1,024 a--sh--- c:\windows\system32\gifawudi.dll
2008-12-03 13:02 94,773 a--sh--- c:\windows\system32\girulala.dll
2008-09-16 16:01 76,800 a--sh--- c:\windows\system32\hoheyuli.dll
0000-00-00 00:00 72,872 a--sh--- c:\windows\system32\hozuyofu.dll
2008-12-04 19:53 65,589 a--sh--- c:\windows\system32\jazukimo.dll
2008-12-17 05:01 95,980 a--sh--- c:\windows\system32\jobazujo.dll
2008-12-02 01:02 64,052 a--sh--- c:\windows\system32\joyubaho.dll
0000-00-00 00:00 52,224 a--sh--- c:\windows\system32\kawihevo.dll
2008-12-13 08:56 91,391 a--sh--- c:\windows\system32\kelogusu.dll
2008-12-06 07:53 94,318 a--sh--- c:\windows\system32\kipipasu.dll
2008-12-02 01:02 93,236 a--sh--- c:\windows\system32\ledoliwu.dll
2008-12-05 19:53 64,076 a--sh--- c:\windows\system32\lelasuba.dll
2008-11-21 09:24 90,164 a--sh--- c:\windows\system32\levisaku.dll
2008-12-08 19:54 64,630 a--sh--- c:\windows\system32\lodavuva.dll
2008-12-04 19:53 94,773 a--sh--- c:\windows\system32\lomofasi.dll
2008-12-12 20:56 92,811 a--sh--- c:\windows\system32\lutegeru.dll
2008-11-21 21:24 90,164 a--sh--- c:\windows\system32\lutokujo.dll
2008-12-09 08:54 93,847 a--sh--- c:\windows\system32\mejowehi.dll
2008-12-08 20:54 93,976 a--sh--- c:\windows\system32\mesaveti.dll
2008-09-05 07:53 4,096 a--sh--- c:\windows\system32\misehula.dll
2008-12-08 07:54 93,482 a--sh--- c:\windows\system32\mojutuje.dll
0000-00-00 00:00 91,136 a--sh--- c:\windows\system32\mulipiza.dll
2008-12-15 08:57 91,896 a--sh--- c:\windows\system32\nelefujo.dll
2008-12-11 20:56 91,744 a--sh--- c:\windows\system32\nipurowe.dll
0000-00-00 00:00 71,901 a--sh--- c:\windows\system32\nusoyeta.dll
0000-00-00 00:00 79,872 a--sh--- c:\windows\system32\panifiye.dll
2008-12-14 08:57 90,880 a--sh--- c:\windows\system32\pizidobe.dll
2008-12-11 08:56 92,726 a--sh--- c:\windows\system32\raheviro.dll
2008-12-16 17:01 97,572 a--sh--- c:\windows\system32\refomoyo.dll
2008-12-03 01:02 93,237 a--sh--- c:\windows\system32\ruwidupa.dll
2008-12-17 17:01 100,032 a--sh--- c:\windows\system32\sopijawe.dll
0000-00-00 00:00 33,792 a--sh--- c:\windows\system32\sufohuwe.dll
2008-12-10 20:55 92,847 a--sh--- c:\windows\system32\suhaguva.dll
2008-12-14 20:57 91,425 a--sh--- c:\windows\system32\suwahisa.dll
0000-00-00 00:00 71,901 a--sh--- c:\windows\system32\tehirojo.dll
2008-12-06 19:53 94,452 a--sh--- c:\windows\system32\tepepodu.dll
2008-11-30 13:01 95,284 a--sh--- c:\windows\system32\tugokubu.dll
0000-00-00 00:00 72,871 a--sh--- c:\windows\system32\tugufapi.dll
2008-12-07 19:54 94,309 a--sh--- c:\windows\system32\tuzotaro.dll
0000-00-00 00:00 101,376 a--sh--- c:\windows\system32\vedemavi.dll
2008-12-02 13:02 93,237 a--sh--- c:\windows\system32\vehujega.dll
2008-11-22 21:24 90,164 a--sh--- c:\windows\system32\vilijazi.dll
2008-12-01 13:01 94,772 a--sh--- c:\windows\system32\vimeyeza.dll
0000-00-00 00:00 72,872 a--sh--- c:\windows\system32\vororeni.dll
2008-11-23 09:24 90,164 a--sh--- c:\windows\system32\vumodetu.dll
0000-00-00 00:00 71,901 a--sh--- c:\windows\system32\wagadobe.dll
0000-00-00 00:00 33,792 a--sh--- c:\windows\system32\webumoki.dll
2008-12-04 07:52 64,053 a--sh--- c:\windows\system32\wirijepi.dll
2008-09-29 18:07 77,824 a--sh--- c:\windows\system32\wonogeba.dll
2008-12-05 08:55 2,098 ---sh--- c:\windows\system32\yamihimo.dll
0000-00-00 00:00 75,776 a--sh--- c:\windows\system32\yesitepo.dll
2008-12-01 01:01 95,284 a--sh--- c:\windows\system32\yibabofi.dll
2008-09-08 19:54 88,576 a--sh--- c:\windows\system32\yivuribo.dll
0000-00-00 00:00 72,871 a--sh--- c:\windows\system32\yonetaso.dll
2008-12-16 16:01 66,662 a--sh--- c:\windows\system32\yubuguyi.dll
0000-00-00 00:00 67,584 a--sh--- c:\windows\system32\zahutezo.dll
2008-12-09 20:54 95,020 a--sh--- c:\windows\system32\zejibihe.dll
2008-12-10 20:55 61,550 a--sh--- c:\windows\system32\zomujefi.dll
2008-12-18 05:01 101,946 a--sh--- c:\windows\system32\zudorava.dll

============= FINISH: 9:08:55.37 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 20 March 2009 - 10:40 AM

Hello.

You do have an awful a lot of vundo files on your system.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 23 March 2009 - 03:24 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Tifffany

Tifffany
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 23 March 2009 - 04:52 PM

Hi extremeboy.

I'm so sorry that I didn't respond but I didn't see your reply (and oddly didn't get an email notification). Thanks for bumping this so that I got an email about it. And thanks for helping!

I ran the ComboFix. Here is the log:

ComboFix 09-03-22.01 - Owner 2009-03-23 17:18:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1391.875 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\b.exe
c:\windows\IE4 Error Log.txt
c:\windows\iehost.dll
c:\windows\system32\__c002DE7C.dat
c:\windows\system32\__c003DD00.dat
c:\windows\system32\__c006C1C4.exe
c:\windows\system32\__c0070561.exe
c:\windows\system32\__c00AE570.dat
c:\windows\system32\__c00CCED6.exe
c:\windows\system32\__c00EF810.dat
c:\windows\system32\abpjsf.dll
c:\windows\system32\ahtn.htm
c:\windows\system32\amfccw.dll
c:\windows\system32\amuwayuh.ini
c:\windows\system32\aokxws.dll
c:\windows\system32\apezpa.dll
c:\windows\system32\arachb.dll
c:\windows\system32\babeleso.dll
c:\windows\system32\badayeso.dll
c:\windows\system32\bafotigu.dll
c:\windows\system32\barinoka.dll
c:\windows\system32\basaburu.dll
c:\windows\system32\bawayeka.dll
c:\windows\system32\behiyaga.dll
c:\windows\system32\bekafawa.dll
c:\windows\system32\bekiratu.dll
c:\windows\system32\bemajotu.dll
c:\windows\system32\bemubize.dll
c:\windows\system32\benufopi.dll.tmp
c:\windows\system32\bepesata.dll.tmp
c:\windows\system32\bgztzw.dll
c:\windows\system32\bibarude.dll
c:\windows\system32\bidapoyi.dll
c:\windows\system32\biginuwi.dll
c:\windows\system32\binezitu.dll
c:\windows\system32\biyijuya.dll
c:\windows\system32\bodonope.dll
c:\windows\system32\bohusika.dll
c:\windows\system32\bojigenu.dll
c:\windows\system32\bomuqz.dll
c:\windows\system32\boruviya.dll
c:\windows\system32\botobijo.dll
c:\windows\system32\budegawe.dll.tmp
c:\windows\system32\bunuwuru.dll
c:\windows\system32\buwapome.dll
c:\windows\system32\cddcbaaabefaccec.dll
c:\windows\system32\cezlcw.dll
c:\windows\system32\davudubi.dll
c:\windows\system32\dayititu.dll
c:\windows\system32\dedufaro.dll
c:\windows\system32\degujonu.dll
c:\windows\system32\delehele.dll
c:\windows\system32\detosazu.dll
c:\windows\system32\dewokike.dll
c:\windows\system32\dewozuzi.dll
c:\windows\system32\dfhloq.dll
c:\windows\system32\dijanumo.dll
c:\windows\system32\dimidiva.dll
c:\windows\system32\dinelezi.dll
c:\windows\system32\dnknyk.dll
c:\windows\system32\dojudemu.dll
c:\windows\system32\doneboho.dll
c:\windows\system32\dorizala.dll
c:\windows\system32\dufuloge.dll
c:\windows\system32\dugoneka.dll.tmp
c:\windows\system32\dukiridu.dll
c:\windows\system32\dukupada.dll.tmp
c:\windows\system32\dupiduhu.dll
c:\windows\system32\dzkzyb.dll
c:\windows\system32\edjamt.dll
c:\windows\system32\egolufud.ini
c:\windows\system32\esljly.dll
c:\windows\system32\evyyiw.dll
c:\windows\system32\fakodubu.dll.tmp
c:\windows\system32\fasapako.dll
c:\windows\system32\fateguda.dll
c:\windows\system32\fdcolh.dll
c:\windows\system32\feloviko.dll
c:\windows\system32\femavoti.dll
c:\windows\system32\fetlwn.dll
c:\windows\system32\ffbdfr.dll
c:\windows\system32\fimamile.dll
c:\windows\system32\fimefili.dll.tmp
c:\windows\system32\fitiwali.dll
c:\windows\system32\fiziseda.dll
c:\windows\system32\fojayoho.dll
c:\windows\system32\fotesope.dll
c:\windows\system32\fotidifa.dll
c:\windows\system32\fozusayo.dll
c:\windows\system32\fuhefija.dll
c:\windows\system32\fukujalo.dll
c:\windows\system32\fulaweto.dll.tmp
c:\windows\system32\fytvki.dll
c:\windows\system32\fzukhx.dll
c:\windows\system32\gadulego.dll
c:\windows\system32\gajibera.dll
c:\windows\system32\gakilime.dll
c:\windows\system32\gavqxk.dll
c:\windows\system32\gdazbr.dll
c:\windows\system32\gehageko.dll
c:\windows\system32\geyedeza.dll
c:\windows\system32\gezizeki.dll
c:\windows\system32\ggmivi.dll
c:\windows\system32\gifuzasa.dll
c:\windows\system32\ginivawu.dll
c:\windows\system32\girowile.dll
c:\windows\system32\girulala.dll
c:\windows\system32\giviminu.dll.tmp
c:\windows\system32\glgjnj.dll
c:\windows\system32\godisida.dll
c:\windows\system32\gohejane.dll
c:\windows\system32\goputomo.dll
c:\windows\system32\goyazime.dll.tmp
c:\windows\system32\guzazuwo.dll
c:\windows\system32\gxkkex.dll
c:\windows\system32\gxnagb.dll
c:\windows\system32\gyzoou.dll
c:\windows\system32\hakokulo.dll
c:\windows\system32\hakusahe.dll
c:\windows\system32\hefisidu.dll
c:\windows\system32\hegizuku.dll
c:\windows\system32\hekehoyi.dll
c:\windows\system32\hekunupi.dll
c:\windows\system32\hemamunu.dll
c:\windows\system32\hepamiwu.dll
c:\windows\system32\herizepu.dll.tmp
c:\windows\system32\hevanuze.dll
c:\windows\system32\hinirole.dll
c:\windows\system32\hirukuto.dll
c:\windows\system32\hizuwiba.dll
c:\windows\system32\hjygzz.dll
c:\windows\system32\hkqcyd.dll
c:\windows\system32\hofofema.dll
c:\windows\system32\hojuside.dll
c:\windows\system32\hosavare.dll
c:\windows\system32\hozuyofu.dll
c:\windows\system32\hubateri.dll
c:\windows\system32\hulujige.dll
c:\windows\system32\huyawuma.dll
c:\windows\system32\ifujxa.dll
c:\windows\system32\igabimel.ini
c:\windows\system32\igiwuzuf.ini
c:\windows\system32\ihabisek.ini
c:\windows\system32\inafehoy.ini
c:\windows\system32\inwwau.dll
c:\windows\system32\iowgla.dll
c:\windows\system32\isssih.dll
c:\windows\system32\ituvutep.ini
c:\windows\system32\ivufuvon.ini
c:\windows\system32\ivufuyoy.ini
c:\windows\system32\jafogaze.dll
c:\windows\system32\jahetili.dll.tmp
c:\windows\system32\jalahoma.dll
c:\windows\system32\jalezada.dll
c:\windows\system32\jalomomo.dll
c:\windows\system32\japefeja.dll.tmp
c:\windows\system32\jaroboyo.dll
c:\windows\system32\jatereya.dll
c:\windows\system32\jayimehe.dll
c:\windows\system32\jayodano.dll.tmp
c:\windows\system32\jazukimo.dll
c:\windows\system32\jejowada.dll
c:\windows\system32\jeleraji.dll
c:\windows\system32\jeniguju.dll
c:\windows\system32\jenuhisu.dll
c:\windows\system32\jhmsba.dll
c:\windows\system32\jidesoti.dll
c:\windows\system32\jirojihu.dll
c:\windows\system32\jivobumo.dll
c:\windows\system32\jjmsnp.dll
c:\windows\system32\jmawya.dll
c:\windows\system32\jobapoja.dll.vir
c:\windows\system32\jobazujo.dll
c:\windows\system32\jogefedo.dll
c:\windows\system32\joliyusi.dll
c:\windows\system32\jopokano.dll
c:\windows\system32\joyubaho.dll
c:\windows\system32\jubevuto.dll
c:\windows\system32\jubodaso.dll
c:\windows\system32\juuius.dll
c:\windows\system32\jywdxh.dll
c:\windows\system32\kafimehe.dll
c:\windows\system32\kajopezi.dll.tmp
c:\windows\system32\katedeve.dll
c:\windows\system32\kawihevo.dll
c:\windows\system32\kculjy.dll
c:\windows\system32\kedask.dll
c:\windows\system32\kejewihi.dll
c:\windows\system32\kelogusu.dll
c:\windows\system32\kemuboti.dll
c:\windows\system32\kgdopt.dll
c:\windows\system32\kidikeso.dll
c:\windows\system32\kikububu.dll
c:\windows\system32\kipabina.dll
c:\windows\system32\kipipasu.dll
c:\windows\system32\kiwumeti.dll
c:\windows\system32\kiyeziba.dll
c:\windows\system32\kofipulo.dll
c:\windows\system32\kolodiza.dll
c:\windows\system32\kotedadi.dll.tmp
c:\windows\system32\kotefale.dll
c:\windows\system32\krnjzn.dll
c:\windows\system32\ksggma.dll
c:\windows\system32\kugaluso.dll
c:\windows\system32\kusitozo.dll.tmp
c:\windows\system32\kuzazigo.dll
c:\windows\system32\kxcljv.dll
c:\windows\system32\kydefa.dll
c:\windows\system32\lacysj.dll
c:\windows\system32\laduwape.dll
c:\windows\system32\lalihihe.dll
c:\windows\system32\ledoliwu.dll
c:\windows\system32\legidonu.dll
c:\windows\system32\lehanepo.dll
c:\windows\system32\lekamupi.dll
c:\windows\system32\lelasuba.dll
c:\windows\system32\lemibagi.dll
c:\windows\system32\lepawahe.dll
c:\windows\system32\leridamu.dll
c:\windows\system32\lewowesa.dll
c:\windows\system32\lezowafu.dll
c:\windows\system32\lizofeje.dll
c:\windows\system32\lodavuva.dll
c:\windows\system32\lomofasi.dll
c:\windows\system32\lorotani.dll
c:\windows\system32\lubanuvu.dll
c:\windows\system32\lubumubi.dll
c:\windows\system32\lumasoka.dll
c:\windows\system32\lunesefa.dll
c:\windows\system32\lutegeru.dll
c:\windows\system32\luvitahu.dll
c:\windows\system32\mahaviye.dll
c:\windows\system32\makezimu.dll
c:\windows\system32\mejowehi.dll
c:\windows\system32\mesaveti.dll
c:\windows\system32\mfqubj.dll
c:\windows\system32\mifunabi.dll
c:\windows\system32\mivivohe.dll
c:\windows\system32\miyovawa.dll
c:\windows\system32\modubuzo.dll
c:\windows\system32\mojutuje.dll
c:\windows\system32\mokosuha.dll
c:\windows\system32\mrlebo.dll
c:\windows\system32\mudagodu.dll
c:\windows\system32\mugyst.dll
c:\windows\system32\mulipiza.dll
c:\windows\system32\mulivusi.dll
c:\windows\system32\naboguhi.dll
c:\windows\system32\nafzbc.dll
c:\windows\system32\nakavadu.dll
c:\windows\system32\narenodo.dll
c:\windows\system32\negitavo.dll
c:\windows\system32\nelefujo.dll
c:\windows\system32\netigetu.dll
c:\windows\system32\nifolije.dll
c:\windows\system32\nipurowe.dll
c:\windows\system32\nituworo.dll
c:\windows\system32\novufuvi.dll
c:\windows\system32\nrvyay.dll
c:\windows\system32\nujupefo.dll
c:\windows\system32\nusoyeta.dll
c:\windows\system32\nusoyeta.dll.tmp
c:\windows\system32\ogolofeb.ini
c:\windows\system32\oihqcd.dll
c:\windows\system32\oinqfx.dll
c:\windows\system32\oqwquy.dll
c:\windows\system32\pafigewi.dll
c:\windows\system32\palimode.dll
c:\windows\system32\panifiye.dll
c:\windows\system32\papulihe.dll
c:\windows\system32\pawunomo.dll
c:\windows\system32\payojuvi.dll.tmp
c:\windows\system32\pazakane.dll.tmp
c:\windows\system32\pazitimo.dll
c:\windows\system32\pditgt.dll
c:\windows\system32\pelujefo.dll
c:\windows\system32\petuvuti.dll
c:\windows\system32\peyohagu.dll
c:\windows\system32\pgdane.dll
c:\windows\system32\pipuhasi.dll
c:\windows\system32\piwodife.dll
c:\windows\system32\pizidobe.dll
c:\windows\system32\podabahu.dll
c:\windows\system32\podaliba.dll
c:\windows\system32\pofolehe.dll
c:\windows\system32\pohazagu.dll
c:\windows\system32\pojavoru.dll
c:\windows\system32\polgmv.dll
c:\windows\system32\pomosini.dll
c:\windows\system32\ponewadu.dll
c:\windows\system32\porajiha.dll
c:\windows\system32\povatebu.dll
c:\windows\system32\pudosuji.dll
c:\windows\system32\pusemiha.dll
c:\windows\system32\qbhghg.dll
c:\windows\system32\qjrzxb.dll
c:\windows\system32\ragipijo.dll
c:\windows\system32\raheviro.dll
c:\windows\system32\ranutoka.dll.tmp
c:\windows\system32\refomoyo.dll
c:\windows\system32\relepera.dll
c:\windows\system32\remebeyi.dll
c:\windows\system32\retupodi.dll
c:\windows\system32\revovole.dll
c:\windows\system32\ridibola.dll
c:\windows\system32\rimuwuka.dll
c:\windows\system32\rmlevz.dll
c:\windows\system32\rnktkn.dll
c:\windows\system32\rohitelu.dll
c:\windows\system32\rolivepa.dll
c:\windows\system32\rubigote.dll
c:\windows\system32\rulisofo.dll
c:\windows\system32\rutineri.dll
c:\windows\system32\ruwidupa.dll
c:\windows\system32\ruyobuje.dll.tmp
c:\windows\system32\ruziwaba.dll
c:\windows\system32\sajalozo.dll
c:\windows\system32\salerude.dll
c:\windows\system32\saouic.dll
c:\windows\system32\sarapoga.dll.tmp
c:\windows\system32\sdknur.dll
c:\windows\system32\sikizela.dll
c:\windows\system32\sirelugi.dll.tmp
c:\windows\system32\siwewoso.dll
c:\windows\system32\sogidona.dll
c:\windows\system32\somurine.dll
c:\windows\system32\sopijawe.dll
c:\windows\system32\spnlqf.dll
c:\windows\system32\sufohuwe.dll
c:\windows\system32\suhaguva.dll
c:\windows\system32\sujuviji.dll
c:\windows\system32\supamadi.dll
c:\windows\system32\suvatepe.dll
c:\windows\system32\suwahisa.dll
c:\windows\system32\tabahebe.dll
c:\windows\system32\tadezote.dll
c:\windows\system32\talodowa.dll
c:\windows\system32\tanupedi.dll.tmp
c:\windows\system32\taskkill.exe
c:\windows\system32\tedapayu.dll
c:\windows\system32\tefageso.dll
c:\windows\system32\tehirojo.dll
c:\windows\system32\tehirojo.dll.tmp
c:\windows\system32\tepepodu.dll
c:\windows\system32\tepoditi.dll.tmp
c:\windows\system32\test.ttt
c:\windows\system32\tevajeke.dll
c:\windows\system32\tevajoge.dll
c:\windows\system32\tevifulo.dll
c:\windows\system32\tezimawi.dll
c:\windows\system32\tifebiwu.dll
c:\windows\system32\tigufana.dll
c:\windows\system32\tileloki.dll
c:\windows\system32\tinuredi.dll
c:\windows\system32\tnglwc.dll
c:\windows\system32\tofepira.dll
c:\windows\system32\tofuropi.dll
c:\windows\system32\tohuyota.dll
c:\windows\system32\tomuzipu.dll
c:\windows\system32\toninoji.dll
c:\windows\system32\torayiya.dll
c:\windows\system32\tosofove.dll
c:\windows\system32\tozoneba.dll
c:\windows\system32\tpeikh.dll
c:\windows\system32\tufamovo.dll
c:\windows\system32\tugokubu.dll
c:\windows\system32\tugufapi.dll
c:\windows\system32\tukeqe.dll
c:\windows\system32\tumibule.dll
c:\windows\system32\turazapu.dll
c:\windows\system32\tuzotaro.dll
c:\windows\system32\ubahuhat.ini
c:\windows\system32\ugivuraw.ini
c:\windows\system32\ujerahog.ini
c:\windows\system32\ulesotov.ini
c:\windows\system32\unqbjx.dll
c:\windows\system32\upwcbg.dll
c:\windows\system32\ustrut.dll
c:\windows\system32\uvarka.dll
c:\windows\system32\vamodimu.dll
c:\windows\system32\vaposezu.dll
c:\windows\system32\varabefa.dll.tmp
c:\windows\system32\varareto.dll
c:\windows\system32\vatikefo.dll
c:\windows\system32\vedemavi.dll
c:\windows\system32\vehujega.dll
c:\windows\system32\veniweki.dll
c:\windows\system32\vimeyeza.dll
c:\windows\system32\vimipibe.dll
c:\windows\system32\vinomisu.dll
c:\windows\system32\vororeni.dll
c:\windows\system32\votoselu.dll
c:\windows\system32\voyutepu.dll
c:\windows\system32\vozusoto.dll
c:\windows\system32\vpbizx.dll
c:\windows\system32\wagadobe.dll
c:\windows\system32\wagadobe.dll.tmp
c:\windows\system32\warning.gif
c:\windows\system32\wavenimu.dll
c:\windows\system32\webumoki.dll
c:\windows\system32\wijumube.dll
c:\windows\system32\wikolule.dll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\wirijepi.dll
c:\windows\system32\wizejimi.dll
c:\windows\system32\woyejiwa.dll
c:\windows\system32\wrcjxa.dll
c:\windows\system32\wxjazv.dll
c:\windows\system32\xfaxif.dll
c:\windows\system32\xprjch.dll
c:\windows\system32\xulxmv.dll
c:\windows\system32\yahatohu.dll
c:\windows\system32\yefinuli.dll
c:\windows\system32\yemuhiya.dll.tmp
c:\windows\system32\yesitepo.dll
c:\windows\system32\yezafegi.dll
c:\windows\system32\yibabofi.dll
c:\windows\system32\yiborewa.dll
c:\windows\system32\yidopamo.dll
c:\windows\system32\yigekote.dll.tmp
c:\windows\system32\yikibaho.dll
c:\windows\system32\yiyureku.dll
c:\windows\system32\ylgjex.dll
c:\windows\system32\yohefani.dll
c:\windows\system32\yokuwalu.dll
c:\windows\system32\yomoviya.dll
c:\windows\system32\yonetaso.dll
c:\windows\system32\yotetefu.dll
c:\windows\system32\yoyufuvi.dll
c:\windows\system32\yubuguyi.dll
c:\windows\system32\yuhefala.dll
c:\windows\system32\yunapuku.dll.tmp
c:\windows\system32\yuzemasa.dll
c:\windows\system32\yxshej.dll
c:\windows\system32\yypnfs.dll
c:\windows\system32\zahutezo.dll
c:\windows\system32\zahutova.dll
c:\windows\system32\zakekefi.dll
c:\windows\system32\zakoyiki.dll
c:\windows\system32\zapisiwi.dll
c:\windows\system32\zasezara.dll.tmp
c:\windows\system32\zayimuyu.dll
c:\windows\system32\zcaizd.dll
c:\windows\system32\zcjoko.dll
c:\windows\system32\zejibihe.dll
c:\windows\system32\zerakede.dll
c:\windows\system32\zevupayi.dll
c:\windows\system32\zibuyiri.dll
c:\windows\system32\zifewiba.dll
c:\windows\system32\zivuloro.dll
c:\windows\system32\zobirawa.dll
c:\windows\system32\zobudome.dll
c:\windows\system32\zohojusu.dll
c:\windows\system32\zojarepi.dll
c:\windows\system32\zokumuyi.dll
c:\windows\system32\zomudumu.dll
c:\windows\system32\zomujefi.dll
c:\windows\system32\zoribinu.dll
c:\windows\system32\zoviyada.dll
c:\windows\system32\zqeanc.dll
c:\windows\system32\ztmiei.dll
c:\windows\system32\zudorava.dll
c:\windows\system32\zxwcsu.dll
C:\xcrashdump.dat
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://sunmicro.ht.rd.llnw.net
hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.

2009-03-20 20:12 . 2009-03-20 20:12 184,848 --a------ C:\tsqhvw.exe
2009-03-20 20:12 . 2009-03-20 20:12 41,984 --a------ c:\windows\Cvuzu.dll
2009-03-20 20:12 . 2009-03-20 20:12 41,984 --a------ C:\qurdchd.exe
2009-03-20 20:12 . 2009-03-20 20:12 30,208 --a------ C:\aywbok.exe
2009-03-20 20:12 . 2009-03-20 20:12 10,240 --a------ C:\stjr.exe
2009-03-20 20:12 . 2009-03-20 20:12 8,704 --a------ C:\gosfrwtt.exe
2009-03-01 18:18 . 2009-03-07 10:30 <DIR> d-------- c:\program files\STARTUP COP!LOT
2009-03-01 14:48 . 2009-03-01 15:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-28 20:11 . 2009-02-28 20:12 <DIR> d-------- c:\program files\mIRC
2009-02-28 20:11 . 2009-02-28 22:00 <DIR> d-------- c:\documents and settings\Owner\Application Data\mIRC
2009-02-28 13:29 . 2009-02-28 13:29 <DIR> d-------- c:\program files\MagicDVDRipper
2009-02-28 11:49 . 2009-02-28 11:49 0 --a------ c:\windows\system32\AAWService_2009_02_28_11_49_47.dmp
2009-02-28 11:42 . 2009-02-28 11:49 231,438 --ah----- C:\aaw7boot.cmd
2009-02-28 10:12 . 2009-01-31 16:30 645,120 --a------ C:\Windowbuildjunk.exe
2009-02-28 08:53 . 2009-02-28 13:12 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2009-02-28 08:52 . 2009-02-28 13:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 03:54 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-16 13:19 --------- d-----w c:\program files\BitTornado
2009-03-15 13:38 --------- d-----w c:\program files\LimeWire
2009-02-28 18:12 --------- d-----w c:\program files\Lavasoft
2009-02-28 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\Regs name this fork
2009-01-31 21:32 --------- d-----w c:\documents and settings\Owner\Application Data\dumb help bind
2009-01-31 21:31 --------- d-----w c:\documents and settings\All Users\Application Data\Long slow road itch
2009-01-31 21:30 --------- d-----w c:\program files\dumb help bind
2009-01-29 04:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg8(2)
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
2008-11-20 14:23 90,164 --sha-w c:\windows\system32\bifibubo.dll
2008-11-22 14:24 90,164 --sha-w c:\windows\system32\bimuroda.dll
2008-11-21 02:24 90,164 --sha-w c:\windows\system32\buzalevu.dll
1601-01-01 00:12 100,352 --sha-w c:\windows\system32\fanudugu.dll
2008-09-05 12:53 1,024 --sha-w c:\windows\system32\gifawudi.dll
2008-09-16 21:01 76,800 --sha-w c:\windows\system32\hoheyuli.dll
2008-11-21 14:24 90,164 --sha-w c:\windows\system32\levisaku.dll
2008-11-22 02:24 90,164 --sha-w c:\windows\system32\lutokujo.dll
2008-09-05 12:53 4,096 --sha-w c:\windows\system32\misehula.dll
2008-11-23 02:24 90,164 --sha-w c:\windows\system32\vilijazi.dll
2008-11-23 14:24 90,164 --sha-w c:\windows\system32\vumodetu.dll
2008-09-29 23:07 77,824 --sha-w c:\windows\system32\wonogeba.dll
2008-12-05 13:55 2,098 --sh--w c:\windows\system32\yamihimo.dll
2008-09-09 00:54 88,576 --sha-w c:\windows\system32\yivuribo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39B9849A-47E2-4A77-9FB6-F140B1449DE1}]
2006-01-15 08:34 96256 --a------ c:\windows\system32\ati3dua.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Remote Army"="\Windowbuildjunk.exe" [2009-01-31 645120]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-24 67128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2003-07-13 155648]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-19 185632]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"ROAD ITCH AMOK PING"="c:\documents and settings\All Users\Application Data\Long slow road itch\Shim Browse.exe" [2009-03-23 724992]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157980189\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157980189\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157980189\\EE\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Compact Wireless-G USB Network Adapter with SpeedBooster\\WUSB54GSC.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\Program Files\\AIM6\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

R0 futhwejw;futhwejw;c:\windows\system32\drivers\futhwejw.sys [2006-09-11 23424]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-02-21 24652]
R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [2007-09-18 53307]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-20 27904]
.
Contents of the 'Scheduled Tasks' folder

2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-23 c:\windows\Tasks\AF814174906EFAC4.job
- c:\docume~1\owner\applic~1\dumbhe~1\amok hole license.exe [2009-01-31 16:32]

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6b01487e-e501-439d-a0c7-f9934007964e} - c:\windows\system32\jmawya.dll
BHO-{ab28d5d1-bedc-4f16-808f-842ff8e0e62c} - c:\windows\system32\bidapoyi.dll
HKCU-Run-ziyeyisori - c:\windows\system32\vororeni.dll
HKCU-Run-Aim6 - (no file)
HKLM-Run-c:\windows\system32\kddhl.exe - c:\windows\system32\kddhl.exe
HKLM-Run-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
HKU-Default-Run-ziyeyisori - c:\windows\system32\vororeni.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/WiHome?lnkctr=mhWN&lnkce=mhwi
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\m9zl8j9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://antsmarching.org/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58757&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\m9zl8j9g.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\components\Engine.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\m9zl8j9g.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 17:26:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\15aeadf3863cb9a5b4077c32c5c3f34a.sys 39936 bytes executable
c:\windows\system32\_15aeadf3863cb9a5b4077c32c5c3f34a.sys_.vir 39936 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\15aeadf3863cb9a5b4077c32c5c3f34a]
"ImagePath"="system32\15aeadf3863cb9a5b4077c32c5c3f34a.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
c:\program files\Common Files\AOL\1157980189\EE\aolsoftware.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-23 17:29:47 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-03-23 22:29:16

Pre-Run: 55,715,332,096 bytes free
Post-Run: 55,849,168,896 bytes free

674

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 23 March 2009 - 08:30 PM

Hello again.

Always a pleasure to help. :thumbup2:

There is still a WHOLE lot of infections on your system and one of them is a backdoor and rootkit.

The best option is to format the whole system and start over. If you wish to continue remove this infection please follow the instructions below. Your computer was compromised though and now has a lot of junk on it and many unwanted things.

A few programs to be warned about:

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case
BitTornado and LimeWire
). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

View Point Programs Warning

Viewpoint Manager and Viewpoint Media Player is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Additional instructions on removing program can be found here.


Run ComboFix with CFScript

We will run ComboFix again. This time it will be slightly different from the initial run.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste EVERYTHING in the codebox text below into notepad. Make sure you do NOT miss any.:
    http://www.bleepingcomputer.com/forums/t/209114/infected-with-virtumonde/
    Collect::[68]
    C:\Windowbuildjunk.exe
    c:\windows\system32\bifibubo.dll
    c:\windows\system32\bimuroda.dll
    c:\windows\system32\buzalevu.dll
    c:\windows\system32\fanudugu.dll
    c:\windows\system32\gifawudi.dll
    c:\windows\system32\hoheyuli.dll
    c:\windows\system32\levisaku.dll
    c:\windows\system32\lutokujo.dll
    c:\windows\system32\misehula.dll
    c:\windows\system32\vilijazi.dll
    c:\windows\system32\vumodetu.dll
    c:\windows\system32\wonogeba.dll
    c:\windows\system32\yamihimo.dll
    c:\windows\system32\yivuribo.dll
    File::
    C:\tsqhvw.exe
    C:\qurdchd.exe
    C:\aywbok.exe
    C:\stjr.exe
    C:\gosfrwtt.exe
    C:\aaw7boot.cmd
    c:\windows\Cvuzu.dll
    c:\windows\system32\ati3dua.dll
    c:\windows\Tasks\AF814174906EFAC4.job
    c:\docume~1\owner\applic~1\dumbhe~1\amok hole license.exe 
    Rootkit::
    c:\windows\system32\drivers\futhwejw.sys 
    c:\windows\system32\drivers\ndisprot.sys
    c:\windows\system32\15aeadf3863cb9a5b4077c32c5c3f34a.sys 
    c:\windows\system32\_15aeadf3863cb9a5b4077c32c5c3f34a.sys_.vir 
    Registry::
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\15aeadf3863cb9a5b4077c32c5c3f34a]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39B9849A-47E2-4A77-9FB6-F140B1449DE1}]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    Drivers::
    futhwejw
    Ndisprot
    15aeadf3863cb9a5b4077c32c5c3f34a
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Upload Samples by ComboFix

When Combofix finishes running, the ComboFix log will open along with a message box. With the above script, ComboFix captured some files to submit for analysis.
  • Important: Ensure you are connected to the internet before clicking OK on the message box.
  • A blue-screen would appear auto-uploading the zipped file I requested.
  • After the uploading is done you should see a message near the bottom saying "Upload was Succesfull".
**NOTE**
=================
  • IF for some reason Combofix fails to upload anything please do the following:
  • Go to Start >> My Computer > C:\
  • Then Navigate to the C:\Qoobox\Quarantine folder.
  • Find the archive zip file called "[4]-Submit_Date_Time.zip"
  • Simply go to This Channel and upload the submit.zip archive file to me.
  • Follow the instructions on that page to copy/paste/send the requested file.

Let me know how it goes and if the upload went successfully or not in your next reply.

Download and run LopS&D

Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • After the reboot, run Gmer again and click on the Rootkit tab.[list]
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
If GMER doesn't work in Normal Mode try running it in Safe Mode

Important!:Please do not select the Show all checkbox during the scan..

Post back with:
-Combofix log
-Lop S&D log
-GMER log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 Tifffany

Tifffany
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 23 March 2009 - 09:17 PM

Thank you again extremeboy. I have uploaded the files from ComboFix that you described and have run the ComboFix and the LOPS&D. I removed the ViewPoints program as well. I attempted to run the gmer.exe but I got derailed here:

Click the >>>
Click on Settings, then check the first five settings:

After I clicked the >>> tab at the top I didn't see anthing labelled settings. There were some checkboxes to the right but not everything you described and not in the right order. I didn't want to mess anything up so I thought I would check back and see if I am missing something. Am I clicking in the wrong place?

Here are the 2 log files that I have so far

ComboFix Log:

ComboFix 09-03-22.01 - Owner 2009-03-23 21:46:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1391.956 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\aaw7boot.cmd
C:\aywbok.exe
c:\docume~1\owner\applic~1\dumbhe~1\amok hole license.exe
C:\gosfrwtt.exe
C:\qurdchd.exe
C:\stjr.exe
C:\tsqhvw.exe
c:\windows\Cvuzu.dll
c:\windows\system32\ati3dua.dll
c:\windows\Tasks\AF814174906EFAC4.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\aaw7boot.cmd
C:\aywbok.exe
c:\docume~1\owner\applic~1\dumbhe~1\amok hole license.exe
C:\gosfrwtt.exe
C:\qurdchd.exe
C:\stjr.exe
C:\tsqhvw.exe
C:\Windowbuildjunk.exe
c:\windows\Cvuzu.dll
c:\windows\system32\_15aeadf3863cb9a5b4077c32c5c3f34a.sys_.vir
c:\windows\system32\15aeadf3863cb9a5b4077c32c5c3f34a.sys
c:\windows\system32\ati3dua.dll
c:\windows\system32\bifibubo.dll
c:\windows\system32\bimuroda.dll
c:\windows\system32\buzalevu.dll
c:\windows\system32\drivers\futhwejw.sys
c:\windows\system32\drivers\ndisprot.sys
c:\windows\system32\fanudugu.dll
c:\windows\system32\gifawudi.dll
c:\windows\system32\hoheyuli.dll
c:\windows\system32\levisaku.dll
c:\windows\system32\lutokujo.dll
c:\windows\system32\misehula.dll
c:\windows\system32\vilijazi.dll
c:\windows\system32\vumodetu.dll
c:\windows\system32\wonogeba.dll
c:\windows\system32\yamihimo.dll
c:\windows\system32\yivuribo.dll
c:\windows\Tasks\AF814174906EFAC4.job

.
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-01 18:18 . 2009-03-07 10:30 <DIR> d-------- c:\program files\STARTUP COP!LOT
2009-03-01 14:48 . 2009-03-01 15:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-28 20:11 . 2009-02-28 20:12 <DIR> d-------- c:\program files\mIRC
2009-02-28 20:11 . 2009-02-28 22:00 <DIR> d-------- c:\documents and settings\Owner\Application Data\mIRC
2009-02-28 13:29 . 2009-02-28 13:29 <DIR> d-------- c:\program files\MagicDVDRipper
2009-02-28 11:49 . 2009-02-28 11:49 0 --a------ c:\windows\system32\AAWService_2009_02_28_11_49_47.dmp
2009-02-28 08:53 . 2009-02-28 13:12 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2009-02-28 08:52 . 2009-02-28 13:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 02:47 --------- d-----w c:\documents and settings\Owner\Application Data\dumb help bind
2009-03-24 02:45 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-21 03:54 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-16 13:19 --------- d-----w c:\program files\BitTornado
2009-03-15 13:38 --------- d-----w c:\program files\LimeWire
2009-02-28 18:12 --------- d-----w c:\program files\Lavasoft
2009-02-28 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\Regs name this fork
2009-01-31 21:31 --------- d-----w c:\documents and settings\All Users\Application Data\Long slow road itch
2009-01-31 21:30 --------- d-----w c:\program files\dumb help bind
2009-01-29 04:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg8(2)
2006-05-06 16:42 7,260,160 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-23_17.28.13.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-24 02:51:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-24 67128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2003-07-13 155648]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-19 185632]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"ROAD ITCH AMOK PING"="c:\documents and settings\All Users\Application Data\Long slow road itch\Shim Browse.exe" [2009-03-23 724992]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cecli

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157980189\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157980189\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157980189\\EE\\aim6.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Compact Wireless-G USB Network Adapter with SpeedBooster\\WUSB54GSC.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\Program Files\\AIM6\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

R0 futhwejw;futhwejw;c:\windows\system32\drivers\futhwejw.sys --> c:\windows\system32\drivers\futhwejw.sys [?]
R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [2007-09-18 53307]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys --> c:\windows\system32\drivers\Ndisprot.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Remote Army - \Windowbuildjunk.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.netflix.com/WiHome?lnkctr=mhWN&lnkce=mhwi
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3508
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\m9zl8j9g.default\
FF - prefs.js: browser.startup.homepage - hxxp://antsmarching.org/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58757&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\m9zl8j9g.default\extensions\{18b8f08d-62fe-4dfc-ad6c-9ce46515d5ec}\components\Engine.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\m9zl8j9g.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07010901.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 21:51:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\AOL\1157980189\EE\aolsoftware.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2009-03-23 21:55:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-24 02:54:47
ComboFix2.txt 2009-03-23 22:29:50

Pre-Run: 55,833,698,304 bytes free
Post-Run: 55,818,260,480 bytes free

210

LOPS&D Log:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel® Celeron® D CPU 3.33GHz )
BIOS : Default System BIOS
USER : Owner ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:148 Go (Free:52 Go)
D:\ (Local Disk) - FAT32 - Total:4 Go (Free:2 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 03/23/2009|21:58 )

--------------------\\ Listing folders in APPLIC~1

[01/28/2009|11:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[12/03/2008|05:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[02/28/2009|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ~0
[08/17/2007|07:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> 16 new ping long
[11/18/2008|07:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[09/11/2006|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[02/21/2008|05:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[11/18/2008|07:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[01/08/2007|07:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[06/01/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[06/01/2008|11:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[01/28/2009|11:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8(2)
[10/20/2006|02:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[09/29/2006|05:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[03/20/2009|10:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[12/23/2006|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ESTsoft
[03/27/2008|09:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[02/28/2009|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[01/31/2009|04:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Long slow road itch
[09/11/2006|08:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[02/05/2007|10:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[09/03/2007|05:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[09/13/2006|07:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[09/11/2006|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[09/11/2006|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[03/02/2007|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[02/28/2009|11:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Regs name this fork
[03/01/2009|03:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[07/02/2007|06:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[03/23/2009|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[09/18/2006|04:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[09/13/2006|07:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL
[09/11/2006|02:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[09/11/2006|08:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[09/11/2006|08:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[09/11/2006|08:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[09/13/2006|05:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[01/28/2009|10:34] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[11/17/2006|10:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla

[01/28/2009|10:34] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[09/14/2006|09:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> .BitTornado
[09/11/2006|08:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> acccore
[12/11/2007|10:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[06/16/2007|09:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM
[08/08/2007|09:25] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Aim
[09/13/2006|07:13] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AOL
[07/17/2008|06:49] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[12/22/2006|12:03] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CyberLink
[03/23/2009|09:47] C:\DOCUME~1\Owner\APPLIC~1\<DIR> dumb help bind
[11/17/2007|11:43] C:\DOCUME~1\Owner\APPLIC~1\<DIR> dvdcss
[12/23/2006|12:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> ESTsoft
[10/03/2006|09:02] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[09/11/2006|02:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[03/27/2008|09:56] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Intuit
[03/02/2007|10:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[09/28/2006|06:25] C:\DOCUME~1\Owner\APPLIC~1\<DIR> McAfee.com Personal Firewall
[10/09/2006|06:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Media Player Classic
[03/27/2008|10:02] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[02/28/2009|10:00] C:\DOCUME~1\Owner\APPLIC~1\<DIR> mIRC
[10/15/2007|10:15] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Move Networks
[08/30/2008|10:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[10/27/2006|11:12] C:\DOCUME~1\Owner\APPLIC~1\<DIR> NeroVision
[01/31/2008|06:54] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real
[09/11/2006|08:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SampleView
[09/11/2006|10:02] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[03/27/2008|10:02] C:\DOCUME~1\Owner\APPLIC~1\<DIR> U3
[10/18/2006|07:01] C:\DOCUME~1\Owner\APPLIC~1\<DIR> vlc
[09/11/2006|08:10] C:\DOCUME~1\Owner\APPLIC~1\<DIR> You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/23/2009 08:55 AM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[03/18/2009 02:50 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[03/23/2009 09:51 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 02:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[09/11/2006|08:07] C:\Program Files\<DIR> Adobe
[10/27/2006|11:04] C:\Program Files\<DIR> Ahead
[08/08/2007|09:25] C:\Program Files\<DIR> AIM
[11/18/2008|07:47] C:\Program Files\<DIR> AIM6
[09/11/2006|08:11] C:\Program Files\<DIR> America Online 9.0
[09/25/2006|06:13] C:\Program Files\<DIR> AOD
[09/12/2006|08:27] C:\Program Files\<DIR> AOL
[09/03/2008|07:06] C:\Program Files\<DIR> Apple Software Update
[09/04/2007|06:57] C:\Program Files\<DIR> BigFix
[03/16/2009|08:19] C:\Program Files\<DIR> BitTornado
[10/08/2008|05:21] C:\Program Files\<DIR> Bonjour
[10/20/2006|02:51] C:\Program Files\<DIR> Canon
[03/23/2009|09:48] C:\Program Files\<DIR> Common Files
[09/18/2007|04:31] C:\Program Files\<DIR> Compact Wireless-G USB Network Adapter with SpeedBooster
[07/28/2005|12:38] C:\Program Files\<DIR> ComPlus Applications
[09/11/2006|07:49] C:\Program Files\<DIR> CONEXANT
[09/11/2006|07:58] C:\Program Files\<DIR> CyberLink
[09/11/2006|08:01] C:\Program Files\<DIR> Digital Media Reader
[07/02/2007|06:25] C:\Program Files\<DIR> Disney
[01/31/2009|04:30] C:\Program Files\<DIR> dumb help bind
[04/16/2007|10:42] C:\Program Files\<DIR> DVD Shrink
[04/13/2008|06:27] C:\Program Files\<DIR> EA GAMES
[12/23/2006|12:04] C:\Program Files\<DIR> ESTsoft
[08/08/2007|09:24] C:\Program Files\<DIR> Full Tilt Poker
[09/13/2006|07:20] C:\Program Files\<DIR> Google
[08/03/2008|02:20] C:\Program Files\<DIR> InstallShield Installation Information
[12/13/2006|03:02] C:\Program Files\<DIR> Internet Explorer
[12/03/2008|05:41] C:\Program Files\<DIR> iPod
[12/03/2008|05:41] C:\Program Files\<DIR> iTunes
[01/09/2009|05:48] C:\Program Files\<DIR> Java
[09/19/2007|12:17] C:\Program Files\<DIR> K-Lite Codec Pack
[02/28/2009|01:12] C:\Program Files\<DIR> Lavasoft
[03/15/2009|08:38] C:\Program Files\<DIR> LimeWire
[07/24/2007|05:26] C:\Program Files\<DIR> Logitech
[02/28/2009|01:29] C:\Program Files\<DIR> MagicDVDRipper
[09/18/2007|04:04] C:\Program Files\<DIR> McAfee
[09/13/2006|04:51] C:\Program Files\<DIR> Messenger
[11/11/2006|06:50] C:\Program Files\<DIR> Michael K. Weise
[11/08/2006|08:40] C:\Program Files\<DIR> Microsoft ActiveSync
[09/11/2006|08:07] C:\Program Files\<DIR> Microsoft Digital Image 2006
[09/11/2006|02:02] C:\Program Files\<DIR> microsoft frontpage
[09/11/2006|08:11] C:\Program Files\<DIR> Microsoft Money 2006
[11/08/2006|08:39] C:\Program Files\<DIR> Microsoft Office
[09/11/2006|08:09] C:\Program Files\<DIR> Microsoft Works
[02/28/2009|08:12] C:\Program Files\<DIR> mIRC
[09/11/2006|02:05] C:\Program Files\<DIR> Movie Maker
[03/23/2009|07:00] C:\Program Files\<DIR> Mozilla Firefox
[09/11/2006|02:02] C:\Program Files\<DIR> MSN
[09/11/2006|08:08] C:\Program Files\<DIR> MSN Encarta Plus
[09/11/2006|02:02] C:\Program Files\<DIR> MSN Gaming Zone
[11/15/2006|03:01] C:\Program Files\<DIR> MSXML 4.0
[08/03/2008|02:21] C:\Program Files\<DIR> MumboJumbo
[09/13/2006|07:17] C:\Program Files\<DIR> Napster
[09/24/2007|03:06] C:\Program Files\<DIR> Netflix
[09/11/2006|02:05] C:\Program Files\<DIR> NetMeeting
[01/30/2007|04:52] C:\Program Files\<DIR> Nstorm
[09/11/2006|02:02] C:\Program Files\<DIR> Online Services
[12/13/2006|03:01] C:\Program Files\<DIR> Outlook Express
[09/04/2007|06:52] C:\Program Files\<DIR> PokerRoom.com
[09/11/2006|08:10] C:\Program Files\<DIR> Pure Networks
[12/03/2008|05:37] C:\Program Files\<DIR> QuickTime
[09/19/2007|12:46] C:\Program Files\<DIR> Real
[09/11/2006|08:11] C:\Program Files\<DIR> Realtek
[07/16/2008|08:30] C:\Program Files\<DIR> Safari
[03/15/2007|09:29] C:\Program Files\<DIR> Samsung
[03/07/2009|10:30] C:\Program Files\<DIR> STARTUP COP!LOT
[09/03/2007|05:39] C:\Program Files\<DIR> TubeTwist Quantum Flux Edition
[03/27/2008|11:15] C:\Program Files\<DIR> TurboTax
[07/28/2005|12:38] C:\Program Files\<DIR> Uninstall Information
[10/18/2006|06:57] C:\Program Files\<DIR> VideoLAN
[10/17/2007|11:05] C:\Program Files\<DIR> Winamp
[01/12/2007|09:25] C:\Program Files\<DIR> Windows Media Connect 2
[01/12/2007|09:25] C:\Program Files\<DIR> Windows Media Player
[09/11/2006|02:05] C:\Program Files\<DIR> Windows NT
[07/28/2005|12:38] C:\Program Files\<DIR> WindowsUpdate
[09/17/2006|10:03] C:\Program Files\<DIR> WinRAR
[09/11/2006|02:02] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/11/2006|08:07] C:\Program Files\Common Files\<DIR> Adobe
[10/27/2006|11:03] C:\Program Files\Common Files\<DIR> Ahead
[03/27/2008|09:50] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[09/13/2006|07:14] C:\Program Files\Common Files\<DIR> AOL
[09/11/2006|08:10] C:\Program Files\Common Files\<DIR> aolshare
[12/03/2008|05:41] C:\Program Files\Common Files\<DIR> Apple
[09/11/2006|07:59] C:\Program Files\Common Files\<DIR> DESIGNER
[09/11/2006|08:04] C:\Program Files\Common Files\<DIR> InstallShield
[03/27/2008|09:48] C:\Program Files\Common Files\<DIR> Intuit
[07/24/2007|05:26] C:\Program Files\Common Files\<DIR> logishrd
[07/24/2007|05:30] C:\Program Files\Common Files\<DIR> Logitech
[01/28/2009|10:01] C:\Program Files\Common Files\<DIR> Microsoft Shared
[09/11/2006|02:02] C:\Program Files\Common Files\<DIR> MSSoap
[09/11/2006|07:54] C:\Program Files\Common Files\<DIR> New Boundary
[09/11/2006|08:10] C:\Program Files\Common Files\<DIR> Nullsoft
[09/11/2006|02:02] C:\Program Files\Common Files\<DIR> ODBC
[09/19/2007|12:46] C:\Program Files\Common Files\<DIR> Real
[09/11/2006|02:05] C:\Program Files\Common Files\<DIR> Services
[09/11/2006|02:02] C:\Program Files\Common Files\<DIR> SpeechEngines
[12/13/2006|03:09] C:\Program Files\Common Files\<DIR> System
[09/19/2007|12:46] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 38 Processes )

iexplore.exe ~ [PID:3044]
iexplore.exe ~ [PID:3872]

--------------------\\ Searching with S_Lop

C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\amok team flap.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\anfehnwx.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\frgamrnb.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\hrafombt.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\hrziuxbv.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\jtvzgoif.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\jukiqnrd.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\khyeaiud.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\lfbwlcls.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\mimutvzh.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\mjuzqbew.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\nlqhrtii.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\pclmpuxf.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\pqruksbd.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\rcelmfqj.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\rcfezgre.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\rfoygsnc.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\rkgiocby.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\vyjphkym.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\wehtenkd.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\whgxljhl.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\Windowbuildjunk.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\xnahupeo.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\xtcxuqui.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\xwavklpc.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\yachhtts.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\yomegurs.exe
C:\DOCUME~1\Owner\APPLIC~1\DUMBHE~1\yrijcbuf.exe

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\2 Build.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\AXIS SOAP.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\axis stop.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\Mpeg style.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\Shim Browse.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\Shim Browse.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch\UP DOES.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\16 new ping long
C:\DOCUME~1\Owner\Cookies\owner@inside.3wplayer[1].txt
C:\DOCUME~1\Owner\Cookies\owner@adultfriendfinder[1].txt
C:\DOCUME~1\Owner\Cookies\owner@advertising.healthguru[2].txt
C:\DOCUME~1\Owner\Cookies\owner@advertising[1].txt
C:\DOCUME~1\Owner\Cookies\owner@adin.bigpoint[2].txt
C:\DOCUME~1\Owner\Cookies\owner@bigpoint[1].txt
C:\DOCUME~1\Owner\Cookies\owner@us.hockeymanager.bigpoint[2].txt
C:\DOCUME~1\Owner\Cookies\owner@adopt.euroclick[2].txt
C:\DOCUME~1\Owner\Cookies\owner@seafight[1].txt
C:\DOCUME~1\Owner\Cookies\owner@us1.seafight[1].txt
C:\DOCUME~1\Owner\Cookies\owner@vegas-millions[2].txt
C:\DOCUME~1\Owner\Cookies\owner@www.lop[1].txt

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\multiloggrey]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Owner\\APPLIC~1\\DUMBHE~1\\Windowbuildjunk.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ROAD ITCH AMOK PING"="\"C:\\Documents and Settings\\All Users\\Application Data\\Long slow road itch\\Shim Browse.exe\""

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 21:59:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Owner\My Documents\My Music\Phish\Live Phish 20 - 12.29.94\204 - Cracklin' Rosie.mp3
C:\DOCUME~1\Owner\My Documents\My Music\Phish\Phish - At The Roxy\Disc 8\8-08 Hold Your Head Up -_ Cracklin'.mp3
C:\DOCUME~1\Owner\My Documents\_\18 Wheels of Steel - American Long Haul Crack Includ.exe
C:\DOCUME~1\Owner\My Documents\_\3DMark Vantage Professional 1.0 Full + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Able2Extract v3.0 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Acala DVD Ripper v2.4.8 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Access Password Recovery v1.62 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\ACDSEE 9.0 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\ACDSee Photo Manager v9.0 Build 108 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Acoustica.CD.DVD.Label.Maker.v3.03 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Acronis Disk Director Suite 10.0 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Acronis Disk Director Suite 10.0+keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Acronis True Image v9.0 Build 2337 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Ad aware Pro v1.06 - No crack or Keygen required.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Acrobat 7.0 Professional Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Acrobat 8 Professional Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Acrobat Reader v8 Pro with Keygen..faster links.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Acrobat Reader v8 with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Acrobat v8 with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Audition v2.0 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe CS3 Crackfix.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe CS3 Series Keygen AIO.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Indesign CS2 4.0 Full version + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe InDesign CS3 - Incl Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Photoshop CS2 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Photoshop CS2 9.0 - Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Photoshop CS2 9.0 Final + Keygen Acitvater.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Photoshop CS2 v9.0 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Photoshop CS2 with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Photoshop CS3 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Photoshop CS3 Beta + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Photoshop Cs3 Extended Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Photoshop CS3 V10 Extended Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Photoshop CS3 v10.0 Extended Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Premiere Pro 2 with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Premiere Pro CS3 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Adobe Premiere Pro CS3 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Age of Empires 2 - Age of Kings with crack.exe
C:\DOCUME~1\Owner\My Documents\_\Age Of Empires III Full DVD + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Aggression - Reign over Europe Crack Included.exe
C:\DOCUME~1\Owner\My Documents\_\Ahead DVD Ripper v3.2.1 WinAll Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Ahead Nero v7.0.1.4 Premium Edition Incl KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\AIO SN+ Crack Search. Shar. Hacking.exe
C:\DOCUME~1\Owner\My Documents\_\Aircrack-2.3 802.11.exe
C:\DOCUME~1\Owner\My Documents\_\Alcohol 120 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Alcohol 120 1.9.5.4521 Full + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Alcohol 120 1.9.6.4719 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Alcohol 120 1.9.6.4719 Full + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Alcohol 120 1.9.6.4719 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Alcohol 120 v1.9.6.4719 + CRACK.exe
C:\DOCUME~1\Owner\My Documents\_\Alcohol 120 v1.9.6.4719 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\All My Movies v4.0 + Working KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Allsubmitter 3.4 crack.exe
C:\DOCUME~1\Owner\My Documents\_\Any Background v2.10 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\AnyDVD 6.0.0.4 Full + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\AnyDVD 6.0.8.2 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\AnyDVD 6.1.0.4 Working Crack.exe
C:\DOCUME~1\Owner\My Documents\_\AnyDVD 6.1.2.4+100 KeyGenPatch.exe
C:\DOCUME~1\Owner\My Documents\_\AnyDVD 6.1.2.5 All cracks 2 20 07.exe
C:\DOCUME~1\Owner\My Documents\_\AnyDVD 6.1.2.5 Final + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\AnyDVD 6.1.3.0 Final Incl Crack.exe
C:\DOCUME~1\Owner\My Documents\_\AnyDVD 6.1.3.2 Full Incl Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Apple QuickTime Pro v7.4.5 Multilanguage Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Arc DVD Copy v1.5.3 WinALL Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Ardamax Keylogger 2.7 With Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Ardamax Keylogger v2.4 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Arturia Moog Modular V VSTi RTAS v2.2 Incl Keygen-AiR.exe
C:\DOCUME~1\Owner\My Documents\_\Ashampoo Burning Studio 6.50 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Ashampoo Burning Studio 7.21 + 2 keygens.exe
C:\DOCUME~1\Owner\My Documents\_\Ashampoo Burning Studio 7.21 Including working Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Ashampoo Burning Studio v6.10 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Ashampoo Burning Studio v6.30 WinALL.Incl.Keygen-BRD.exe
C:\DOCUME~1\Owner\My Documents\_\Ashampoo ClipFisher v1.0.9 Incl KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Ashampoo Win Optimizer Platinum v330 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\ASPrunnerPro 4.1.225 +crack.exe
C:\DOCUME~1\Owner\My Documents\_\Astral Masters v1.4 PC with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\AT Screen Thief v3.8.5 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Atomix Virtual Dj 4.1Inc. Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Atomix VirtualDJ.v3.2 Full Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Aurora Media Workshop v3.3.1 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Aurora Media Workshop v3.4.7 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Aurora Media Workshop v3.4.7.Incl Keygen-Lz0.exe
C:\DOCUME~1\Owner\My Documents\_\AutoCAD 2007 Final ISO With Crack Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\AutoCAD 2007 Retail 2CD + SP1 keygen eBook.exe
C:\DOCUME~1\Owner\My Documents\_\AutoCAD Mechanical v2007 NEW KeYGeN.exe
C:\DOCUME~1\Owner\My Documents\_\Autodesk 2004 keygens only.exe
C:\DOCUME~1\Owner\My Documents\_\Autodesk 3D Studio Max 9.0 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Autodesk 3ds Max9 Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Autodesk Autocad 2007 + SP1 + ebook + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Autodesk Autocad 2007 ISO TBE + SP1 + Ebook + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Autodesk Maya 8.5 32 64 Bit Editions + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\AV Voice Changer Software Diamond v4.0.54 KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Av Voice Changer Software V.5.5.24 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Avast Anit Virus 4.7 Professional Edition with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Avast Antivirus Pro v4.7.981 with KeyGen Skins.exe
C:\DOCUME~1\Owner\My Documents\_\Avast Pro 4.8-1169 + Crack best antivirus.exe
C:\DOCUME~1\Owner\My Documents\_\Avast Professional 4.7.936+KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\AVCataloger v3.7.1 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\AVG 7.5.433 Build 904 with Crack.exe
C:\DOCUME~1\Owner\My Documents\_\AVG Anti Spyware 7.5.0.50 + crack.exe
C:\DOCUME~1\Owner\My Documents\_\AVG Anti Spyware 7.5.0.50 Plus Crack.exe
C:\DOCUME~1\Owner\My Documents\_\AVG Anti-Virus v7.1.406.799 Incl.Keygen - Virility.exe
C:\DOCUME~1\Owner\My Documents\_\Avg Pro V7.1.371 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\AXCAD 2007 v.6.3 Build 125. KeyGen..exe
C:\DOCUME~1\Owner\My Documents\_\Backup Made Simple V5.1.198 With Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\BadCopy Pro 3.80 Build 1108+Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Bandwidth Controller Enterprise 1.07 + Crack 125Mb.exe
C:\DOCUME~1\Owner\My Documents\_\Bear Share 5.25 Pro Version mit Crack.exe
C:\DOCUME~1\Owner\My Documents\_\BearShare Pro 5.2.5.3 plus crack.exe
C:\DOCUME~1\Owner\My Documents\_\Bit Defender Antivirus Plus v10 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\BitDefender 10 with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Bitdefender Internet Security 10 +Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Bitdefender Internet Security V10.0 2007 With Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\BitDefender Plus v10 Keygen+Patch.exe
C:\DOCUME~1\Owner\My Documents\_\BitDefender v10.0 Keygen Pack.exe
C:\DOCUME~1\Owner\My Documents\_\BlackMedia Desktop 5.5.0.0 Incl Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Blaze DVD Pro 5 + KeygenMedia Player and Recorder.exe
C:\DOCUME~1\Owner\My Documents\_\BlindWrite v6.0.1.19 Incl. Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\BluffTitler DX9 v7.23 Incl. Keygen and Patch.exe
C:\DOCUME~1\Owner\My Documents\_\Bs player pro keygen.exe
C:\DOCUME~1\Owner\My Documents\_\BS Player Pro v2.11.940 + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\BS Player Pro v2.16.945 Multilingual.Incl.Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\BSPlayer 2 Pro +keygen.exe
C:\DOCUME~1\Owner\My Documents\_\BSPlayer Pro 2.12.941 +keygen.exe
C:\DOCUME~1\Owner\My Documents\_\BSPlayer Pro 2.16.945 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\BSPlayer Pro 2.20.949 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\BSPlayer Pro v2.15.9 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\CachemanXP v1.1.2.2 + crack.exe
C:\DOCUME~1\Owner\My Documents\_\Camtasia Studio 4.0.2 Incl.Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Clone CD v5.2.9.1 with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\CloneDVD 2 9 0 8 Final Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Clonedvd 3.9.3 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\CloneDVD Mobile 1.1.3 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\CopyPod v7.63 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Coreldraw Graphics Suite X3 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Craagle 1.91 Best Crack Search Over100.000 Cracks Seri.exe
C:\DOCUME~1\Owner\My Documents\_\Craagle 1.91 Crack+Serial Searcher.exe
C:\DOCUME~1\Owner\My Documents\_\Crack Down v2.2.exe
C:\DOCUME~1\Owner\My Documents\_\Crack Downloader Plus 2.2.exe
C:\DOCUME~1\Owner\My Documents\_\Crack Finder.exe
C:\DOCUME~1\Owner\My Documents\_\Crack Searching and Shareware Hacking AIO.exe
C:\DOCUME~1\Owner\My Documents\_\CrackDown 2.2.exe
C:\DOCUME~1\Owner\My Documents\_\CrackDownloader 2.2.exe
C:\DOCUME~1\Owner\My Documents\_\Crackheads Gone Wild 2006 DVDRip XViD-BELiEVERS.exe
C:\DOCUME~1\Owner\My Documents\_\Crackheads Gone Wild DVDRip Xvid.exe
C:\DOCUME~1\Owner\My Documents\_\Cracking Software AIO tools.exe
C:\DOCUME~1\Owner\My Documents\_\Cracking the Code WAP Bluetooth 3G Programmin ebook.exe
C:\DOCUME~1\Owner\My Documents\_\CrashDay ISO for PC - Crack Included.exe
C:\DOCUME~1\Owner\My Documents\_\Crysis - Special Edition 3 Disc Set w Crack.exe
C:\DOCUME~1\Owner\My Documents\_\CuteFTP Pro 8.0 Build 08.09.2006.1 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\CuteFTP Professional 8 FuLL Appz+Crack+Serial 100 Worki.exe
C:\DOCUME~1\Owner\My Documents\_\Cyberlink PowerCinema 4.0 with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Cyberlink PowerDVD Ultra Deluxe 8.0.1531 KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Dameware NT Utilities v5.5.0.1 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\DAP Download Accelerator Plus v8 Premium + crack.exe
C:\DOCUME~1\Owner\My Documents\_\Desktop Icon Toy v3.2 x64 Edition Incl.Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\DFX 8.35 Audio EnhancerFor All Player-With Crack.exe
C:\DOCUME~1\Owner\My Documents\_\DFX Audio Enhancer 8.360 for Winamp + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\DFX Audio Enhancer v8.360 for all players with Crack.exe
C:\DOCUME~1\Owner\My Documents\_\DFX v8.0 For WMP and WinAMP + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Digital Audio Editor v7.6 + crack.exe
C:\DOCUME~1\Owner\My Documents\_\Diskeeper Pro Premier 2008 12.0.781 New KeyGen Fix.exe
C:\DOCUME~1\Owner\My Documents\_\DivX 6.2.5 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Divx 6.4 with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\DivX 6.5.1 Pro + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Divx Create Bundle v6.4 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Divx Create Bundle v6.8.2.9 Incl. Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\DivX for Windows Pro6.8 with Dvt keygen.exe
C:\DOCUME~1\Owner\My Documents\_\DiVx player 6.3 with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\DivX Pro v6.3.1 Multilangages Incl-Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\DivX to DVD Converter v2.0.03.1212 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\DivX v6.4.1.0.0.249 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Download accelerator 8.1.0+Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Download Accelerator Plus 8.1.5.6 Premium + crack.exe
C:\DOCUME~1\Owner\My Documents\_\Download Accelerator Plus Premium v 8.1.2 with crack.exe
C:\DOCUME~1\Owner\My Documents\_\Download Accelerator Plus v8 Premium crack.exe
C:\DOCUME~1\Owner\My Documents\_\Download Accelerator Plus with crack.exe
C:\DOCUME~1\Owner\My Documents\_\Dr.Changs Vista Crack Permanently Activated.exe
C:\DOCUME~1\Owner\My Documents\_\Dreamweaver 8 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Driver Magician v3.28 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\DVD Cloner 3 V 3.06 includes crack.exe
C:\DOCUME~1\Owner\My Documents\_\DVD Fab Platinum v 5.0.0.0 with crack.exe
C:\DOCUME~1\Owner\My Documents\_\DVD Mate Pro v2.7.4.20 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\DVD-Cloner III v3.20.894 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\DVD-Cloner III v3.20.896 Incl Crack.exe
C:\DOCUME~1\Owner\My Documents\_\DVDFab Platinum 3.0.7.2 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\DVDFab Platinum v5.0.0.0 Beta Multi with Crack.exe
C:\DOCUME~1\Owner\My Documents\_\EA Games Multi Keygen 2.1.0.103.exe
C:\DOCUME~1\Owner\My Documents\_\EA Games multi keygen for 77 games.exe
C:\DOCUME~1\Owner\My Documents\_\EarthDesk 3.5 + crack.exe
C:\DOCUME~1\Owner\My Documents\_\Easy DVD Creator v1 7 6 WinALL Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Easy Photo Editor 1.9 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Evidence Eliminator 5.0.58 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Extensis Portfolio v8.1.0.0 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\EzGenerator v3.0.0.36 Incl. Keygen - HAZE.exe
C:\DOCUME~1\Owner\My Documents\_\FaceOnBody Pro 2.4 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\FastStone Capture v5.7.incl.KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\FIFA Manager 08 Crack Included.exe
C:\DOCUME~1\Owner\My Documents\_\File Recover v5.0.1.15 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Flash Decompiler 2.9 + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Flash Player Pro v2.6 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\FlashFXP v3.4.0.1145 + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\FlashGet 1.73 Build 128 with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Flashget 1.73 Full Crack Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Flashget 1.73 Full Crack + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\FlashGet 1.81 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\FlashGet Version 1.82.1003 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Fleximage Dvd To Avi V3.00 Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Folder Lock v5.5.7 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Folderlock 5.6.1 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Football Manager 2008 With Cracks.exe
C:\DOCUME~1\Owner\My Documents\_\Forms To Go v2.6.12 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\FrameFixer v1.01 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Fraps 2.8.1 No Crack Needed.exe
C:\DOCUME~1\Owner\My Documents\_\Friend Blaster Pro - Friendster Edition v1.1 incl Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Fruity Loops Studio 6.0.8 incl. Crack.exe
C:\DOCUME~1\Owner\My Documents\_\FruityLoops Studio 7 plus working crack.exe
C:\DOCUME~1\Owner\My Documents\_\FTP Serv-U 6.3.0.1 setup serial patch crack RUS.exe
C:\DOCUME~1\Owner\My Documents\_\FullShot 9.10 latest with KeyGen working.exe
C:\DOCUME~1\Owner\My Documents\_\GameHouse Mahjong World v1.0 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Gamejack 6 incl. Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Get Smile 1.9010 incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Get Smile 1.9010 with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\GetRight Professional 6.1 2 Crack.exe
C:\DOCUME~1\Owner\My Documents\_\GetRight Professional 6.2 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\GoldWave 5.24 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\GoldWave v5.19 Incl.Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Google Earth 4.2 Sky Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Google Earth 4.2 Sky Flight + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Google Earth Pro 4.254 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Google Earth Pro v3.0.0395 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Google Earth Pro v3.1.1595 + Crack New Link.exe
C:\DOCUME~1\Owner\My Documents\_\Google Earth Professional 4.0.2737 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Google Sketchup Pro 6.0.1099 with KEYGEN.exe
C:\DOCUME~1\Owner\My Documents\_\Guitar Power v1.2.9 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Guitar Pro 5 Crack 35000 guitar pro tablatures.exe
C:\DOCUME~1\Owner\My Documents\_\Guitar Pro 5.2 With Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Halo 2 Shadowrun Full Crack XP Online Play.exe
C:\DOCUME~1\Owner\My Documents\_\Hard Drive Inspector v1.6 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\HDD Regenerator 1.51+ KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Hexcrack AIO.exe
C:\DOCUME~1\Owner\My Documents\_\Hide IP Platinum 2.32 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Hide IP Platinum 2.5 With Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Hide IP Platinum 3.21 Include Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Hide IP Platinum 3.50 + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Hide IP Platinum v2.31 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Hide IP Platinum v2.9 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Hide IP Platinum v3.31 with KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\hide ip v2.8 2.8.1 with crack.exe
C:\DOCUME~1\Owner\My Documents\_\HideIP Platinum v3.4 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\HiDownload Pro v7.19 incl. Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Hindi Pad With Crack_Upped By Evil Inside So u can trus.exe
C:\DOCUME~1\Owner\My Documents\_\History Cleaner v3.13 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\HJSplit PROwith crack.exe
C:\DOCUME~1\Owner\My Documents\_\HyperSnap-DX 6.20.01 crack.exe
C:\DOCUME~1\Owner\My Documents\_\IconPackager + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\IE WebDeveloper v2.1.1.85 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\IGI Im Going In Crack Included.exe
C:\DOCUME~1\Owner\My Documents\_\ImTOO 3GP Video Converter incl.crack.exe
C:\DOCUME~1\Owner\My Documents\_\Intermorphic noatikl VSTi DXi v1.5.0.4 Incl Keygen - Ai.exe
C:\DOCUME~1\Owner\My Documents\_\Internet Caffe 4.9.5 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Internet Download Accelerator v5.05 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Internet Download Manager 5.05 Build 2+ Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Internet Download Manager 5.06 + keygens.exe
C:\DOCUME~1\Owner\My Documents\_\Internet Download Manager 5.08 Build 3 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Internet Download Manager 5.09 build 4 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Internet download manager 5.09 build 4 + working keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Internet Download Manager 5.11 Build 3 + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Internet download manager 5.11.6 + crack.exe
C:\DOCUME~1\Owner\My Documents\_\Internet Download Manager v5.08 build 4 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Internet Download Manager v5.08 Build 7 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Internet Download Manager v5.12.9 WinAll Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Internet Download Manager.5.09.Build.4 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Internet Explorer 7 Final Geniune Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Intervideo - WinDVD 8.0 Platinum + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Intervideo WinDVD Platinum 8 with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Invisible Browsing 5.0.1.1. Including Crack.exe
C:\DOCUME~1\Owner\My Documents\_\IP Hider Pro + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Iron Man 2008 CloneDVD - Procyon + crack.exe
C:\DOCUME~1\Owner\My Documents\_\Iron Man The Video Game - Crack Included.exe
C:\DOCUME~1\Owner\My Documents\_\IsoBuster 2.1.0.2 Pro Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Iss Blackice Server Protection V3.6 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\iVideoToGo PSP v4.5 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Jethro Back Of Beyond 2007 DVDRip XviD-Crackpots.exe
C:\DOCUME~1\Owner\My Documents\_\Just click VistaActivationCrackSetup.exe and wait it to.exe
C:\DOCUME~1\Owner\My Documents\_\Keygen and Patch 2007.exe
C:\DOCUME~1\Owner\My Documents\_\Keygen Pack 2007.exe
C:\DOCUME~1\Owner\My Documents\_\KLS Backup 2006 Professional v2.1.0.1 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\L0phtCrack 5.02.exe
C:\DOCUME~1\Owner\My Documents\_\Light Alloy 3.5.5987 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Macromedia Dreamweaver 8 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Macromedia dreamweaver 8.0 working keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Macromedia Dreamweaver 8.1 Update Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Macromedia Flash Professional 8 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Magic ASCII Studio + crack.exe
C:\DOCUME~1\Owner\My Documents\_\Magic DVD Ripper v.4.2.1 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Magic DVD Ripper.v5.3 WinAll Incl KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Magic Iso 5.3 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Magic ISO Maker 5.3 Build 229 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Magic Utilities 2006 4.40 + Crack working.exe
C:\DOCUME~1\Owner\My Documents\_\MagicISO Maker v5.3 Build 221 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Magix Movie Edit Pro 14 Full Activation Crack.exe
C:\DOCUME~1\Owner\My Documents\_\MahJong Suite 2006 3.3 With KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Markzware Flightcheck Professional V5.8 Incl Keygen Win.exe
C:\DOCUME~1\Owner\My Documents\_\Maxon Cinema 4D Studio Bundle v10.111 + Keygen Multilan.exe
C:\DOCUME~1\Owner\My Documents\_\McAfee VirusScan 2007 Enterprise+CRACK.exe
C:\DOCUME~1\Owner\My Documents\_\Mediachance Dvdlab Pro V1.6 Incl Keygen And Patch.exe
C:\DOCUME~1\Owner\My Documents\_\Memory Zipper Plus 7.11.4 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Microsoft office 2007 ent. incl. keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Microsoft Office 2007 Enterprise + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Microsoft Office 2007 KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Microsoft Office 2007 Ultimate with Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Microsoft Windows Vista RC2 Build 5744 +Crack + RUS + T.exe
C:\DOCUME~1\Owner\My Documents\_\Microsoft Windows Vista RTM PROPER Activation Crack.exe
C:\DOCUME~1\Owner\My Documents\_\mIRC 6.21 + Keygen Works.exe
C:\DOCUME~1\Owner\My Documents\_\Mirc 6.21 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\mirc 6.21 with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\mIRC 6.3 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\mIRC v6.21 With Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\mIRC v6.3 Full with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Moleskinsoft.Clone.Remover.v1.6.2.Incl.Keygen.FALL EN.S.exe
C:\DOCUME~1\Owner\My Documents\_\Morpheus Photo Morpher v3.0 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\MOV Converter v2.1.55.1205b + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\MP3Doctor ver. 5.11.055 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\MP3TagEditor v2.05 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Multilizer 2007 Enterprise v7.0.16.473 Incl. Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Multilizer 2007 Enterprise v7.1.0.484 Incl. Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\My Ip Suite V6.0 Incl Crack.exe
C:\DOCUME~1\Owner\My Documents\_\My Secret Folder 4.3 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\MySpace Friend Blaster Pro v4.7 incl Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Native Instruments Traktor DJ Studio 3.2 INCL CRACK.exe
C:\DOCUME~1\Owner\My Documents\_\Nearly All Mdickie Games Incl Cracks.exe
C:\DOCUME~1\Owner\My Documents\_\Need For Speed ProStreet crack.exe
C:\DOCUME~1\Owner\My Documents\_\Neighbours From Hell 2 On Vacation Crack Included.exe
C:\DOCUME~1\Owner\My Documents\_\Neo Crack Gia Vista 2007.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 6.6 with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 7 Premium Reloaded 7.5.9.0 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 7 Premium Reloaded 7.9.6.0 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 7 Ultra Edition ENHANCED + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 7 Ultra Edition ENHANCED v7.7.5.1 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 7 Ultra Edition Enhanced v7.7.5.1+Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 7 Ultra Premium Edition ENHANCED 7.7.5.1 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 7.5.7.0 + crack.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 7.5.7.0 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 7.5.9.0 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 7.8.5.0 Premium Reloaded VISTA READY keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 7.8.5.0 Ultra Latest Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 8 ultra edition keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 8 Ultra Edition 8.1.1 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 8 Ultra Edition 8.3.2.1 + Working Serial Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 8 Ultra Edition 8.3.2.1 KeyGen Activation Seri.exe
C:\DOCUME~1\Owner\My Documents\_\nero 8 ultra edition v1.1.0 with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero 8 Ultra Edition v8.3.2.1 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero Burning Rom 7.5.9 Premium Releaded With Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero Burning Rom v7.7.5.1 + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero KeyGen For All Nero Products.exe
C:\DOCUME~1\Owner\My Documents\_\Nero Premium 7.5.9.0 Plus Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero Premium 7.5.9.0 With Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero Ultimate 7.8.5 Including Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Nero-Lightscribe 1.6.43.1 keygen includ.exe
C:\DOCUME~1\Owner\My Documents\_\Nero.v7.10 Plus Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Net Transport 2.24.335 Crack Included.exe
C:\DOCUME~1\Owner\My Documents\_\New GameHouse Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\New Working Vista KeyGen Brute Force method.exe
C:\DOCUME~1\Owner\My Documents\_\NOD32 Antivirus System 2.70.37 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\NOD32 Antivirus System v2.51.8 + Manuals and Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Norton 360+Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Norton Antivirus No Crack Needed.exe
C:\DOCUME~1\Owner\My Documents\_\Norton Antivirus 2007 kEyGeN.exe
C:\DOCUME~1\Owner\My Documents\_\Norton Antivirus 2007 + kEyGeN.exe
C:\DOCUME~1\Owner\My Documents\_\Norton Antivirus 2007 Final ISO With Activation Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Norton Antivirus 2007 Incl. Working Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Norton Antivirus 2007 Retail incl.Keygen 19-10-06 worki.exe
C:\DOCUME~1\Owner\My Documents\_\Norton AntiVirus 2007 With Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Norton Antivirus 2007 with Phone Activation Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Norton Antivirus 2007 With Working Activation Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Norton Antivirus v2007 VISTA Ready 100 Working Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Norton ghost 10 with crack.exe
C:\DOCUME~1\Owner\My Documents\_\Norton Ghost 12 With Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Norton Internet Security 2007 Final crack.exe
C:\DOCUME~1\Owner\My Documents\_\Norton Save And Restore V11 2007 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\NovaBACKUP Server v7.3.1.2 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Odds Wizard v1.95 and Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Okoker Optimize Expert v1.6 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Paint Shop Pro Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Panda Internet Security 2007+crack.exe
C:\DOCUME~1\Owner\My Documents\_\Panda Internet Security 2008 v 12.0 With Crack And Keyg.exe
C:\DOCUME~1\Owner\My Documents\_\Patch-crack maker 12 in 1.exe
C:\DOCUME~1\Owner\My Documents\_\Paypal Shop Builder V1.5 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\PC Agent v4.0.1.12 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\PC Booster ver. 5.0.106 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\PDF Crack Pro V2.0.exe
C:\DOCUME~1\Owner\My Documents\_\PDF Password Remover 2.5 incl.keygen.exe
C:\DOCUME~1\Owner\My Documents\_\PDF Stamp v2.0 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Photo Shaman v1.8T + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Photomatix Pro 3 FULL incl. keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Photoshop CS2 + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\PhotoShop CS3 + Crack - Direct Link.exe
C:\DOCUME~1\Owner\My Documents\_\Pictures To Exe v4.42 incl Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Pinnacle Studio Plus 11 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Plato Apps Universal Keygen v.1.0.exe
C:\DOCUME~1\Owner\My Documents\_\Power DVD 7 + Final Update + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Power DVD Ultra Deluxe v7.3 Multilanguage keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Power ISO 3.4 with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Power Video Converter v1.6.1 WinAll Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\PowerDVD 7 Deluxe Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\PowerDVD Ultra Deluxe v7.3 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\PowerISO v3.5 Multilingual + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\PowerISO v3.7 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Prince of Persia The Two Thrones With Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Protector Plus 2000 v7.2.H01 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Protector Plus v7.5.B01 with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Proxi fier V2.0 + crack.exe
C:\DOCUME~1\Owner\My Documents\_\PSP media Manager w crack.exe
C:\DOCUME~1\Owner\My Documents\_\QuarkXPress Passport v7.02 MULTiLANGUAGE Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Quick Heal Antivirus V8 Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Quick Time 7 with Crack.exe
C:\DOCUME~1\Owner\My Documents\_\QuikQuak GlassViper VSTi v1.06 Incl Keygen - AiR.exe
C:\DOCUME~1\Owner\My Documents\_\Ram Cleaner 3.7 Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Rar Repair Tool Version 3.1 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Real Player 10.5 + Gold Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Real player 10.5 premium plus + crack.exe
C:\DOCUME~1\Owner\My Documents\_\Real player 10.5 premium plus with working Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Real Player v10.5 Gold Premium with crack.exe
C:\DOCUME~1\Owner\My Documents\_\RealPlayer 11 with Crack.exe
C:\DOCUME~1\Owner\My Documents\_\RealPlayer v10.5 Gold + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\RealPlayer v10.6 Premium crack.exe
C:\DOCUME~1\Owner\My Documents\_\RealPlayer v10.6 Premium+crack.exe
C:\DOCUME~1\Owner\My Documents\_\Reaper 1.62 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Reaper 1.72 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Reaper v1.75 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Recover My Files v3.98.5658 Incl. TBE CRacK.exe
C:\DOCUME~1\Owner\My Documents\_\Reflexive Arcade Games Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Reflexive Games all in one 1000 Games With KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\RegDoctor 1.74 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\RegFreeze 5.6 with Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Registry Mechanic 7.0.0.1010 Including keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Registry Washer 3.7.5+Crack.exe
C:\DOCUME~1\Owner\My Documents\_\RegRestore PC TuneUp v5.0 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Rfactor V1150 with Crack.exe
C:\DOCUME~1\Owner\My Documents\_\RM Converter v2.1.55.1205b + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Rob Papen ConcreteFX Predator VSTi.v1.0.1b+KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\RPG Maker XP 1.02a + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\RPG Maker XP 1.2A with keygen activation.exe
C:\DOCUME~1\Owner\My Documents\_\Rugby League 2 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Rutanil myFiles 1.01 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Satellite Tv For Pc - 2007 Elite Edition+crack.exe
C:\DOCUME~1\Owner\My Documents\_\Screenswift v4.1.66 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Shadowrun - Crack and XP patch only.exe
C:\DOCUME~1\Owner\My Documents\_\Shoot Em Up XViD - DVD SCR - cRacKPoTs.exe
C:\DOCUME~1\Owner\My Documents\_\ShortKeys v2.2.0.1 Including KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Silver Key v3.43 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\SkinStudio Professional 4.5 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Slysoft Anydvd 6.0.6.3 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\SlySoft AnyDVD 6.0.8.2 Working WIth Crack.exe
C:\DOCUME~1\Owner\My Documents\_\SlySoft AnyDvD 6.1.2.8 Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Slysoft AnyDVD v 6.0.8.0 incl.crack.exe
C:\DOCUME~1\Owner\My Documents\_\SlySoft CloneCD v5.3.1.3 incl. Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\SlySoft CloneDVD v2.9.1.9 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Slysoft Products Crack 1.24.exe
C:\DOCUME~1\Owner\My Documents\_\Slysoft Products Crack 1.30.exe
C:\DOCUME~1\Owner\My Documents\_\Slysoft Products Crack 1.31.exe
C:\DOCUME~1\Owner\My Documents\_\Slysoft Products Generic Crack 1.37.exe
C:\DOCUME~1\Owner\My Documents\_\Smart Install Maker 5.02.Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Smart Install Maker v5.02 Multilanguage Incl.Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Smart PC Pro 5.1 Working Crack.exe
C:\DOCUME~1\Owner\My Documents\_\SmartCUT Pro v2.5.0.1 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Sony ACID Pro 6.0b + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Sony ACID Pro v6.0c.Incl.Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Sony Sound Forge 8 Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Sony Sound Forge 8 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Sony Sound Forge 8 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Sony Vegas 6.0 Incl keygen.exe
C:\DOCUME~1\Owner\My Documents\_\SONY Vegas 7.0d + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Sony Vegas Pro 8.0 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Sony Vegas v7.0d + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Sothink DHTML Menu v8.3.build.71210.Incl.Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\SpyRemover 2.65 released December 2 2006 +crack.exe
C:\DOCUME~1\Owner\My Documents\_\SpyRemover v2.48 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Spyware Doctor 3.8.0.2575+crack.exe
C:\DOCUME~1\Owner\My Documents\_\Spyware Doctor 4.0.0.2621Crack Included.exe
C:\DOCUME~1\Owner\My Documents\_\Spyware Doctor 5.0.0.177 Final Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Spyware Doctor 5.0.1.200 KEYGEN.exe
C:\DOCUME~1\Owner\My Documents\_\Spyware Doctor V4.0.0.2.6.2.1incl.Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Spyware Doctor v5.5.0.212 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Spyware Doctor v6.0.0.354 Incl. Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Stardock Aquarium Desktop 2006+Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Stardock Icon Packager v3.10 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Style XP 3.19 +longorn theme +keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Style XP 3.19 KeyGen Included.exe
C:\DOCUME~1\Owner\My Documents\_\Style XP Famale 3.19 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Style XP v3.19 Incl Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Super DVD Creator 9.25 plus keygen updated.exe
C:\DOCUME~1\Owner\My Documents\_\Super Utilities Pro 2008 8.0.1980 Inc Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Super Utilities Pro V7.0 Incl.keygen.exe
C:\DOCUME~1\Owner\My Documents\_\SUPERAntiSpyware Professional v3.6.0.1000 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\SuperVideoCap v5.0 Build 1000 crack.exe
C:\DOCUME~1\Owner\My Documents\_\Supreme Commander ISO w Crack.exe
C:\DOCUME~1\Owner\My Documents\_\System Mechanic 7 Professional with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\System Mechanic 7.1.4 professional incl keygen.exe
C:\DOCUME~1\Owner\My Documents\_\System Mechanic 8.0.0.17 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\System Mechanic Std Pro 6.0 t + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\System Mechanic v7.1.6 Pro+keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Teleport Pro v1.45 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\The Bat Professional Edition v3.71.03 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\The Sims 2 + All Expansions Stuff Packs Cracks Serials.exe
C:\DOCUME~1\Owner\My Documents\_\The Witcher Crack Included.exe
C:\DOCUME~1\Owner\My Documents\_\Tomb Raider Anniversary + No CD crack.exe
C:\DOCUME~1\Owner\My Documents\_\Total Commander 6.55a + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Total Commander 7.01 KEYGEN Keys.exe
C:\DOCUME~1\Owner\My Documents\_\Total Commander 7.03 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Traktor dj studio 3.1.3 +crack.exe
C:\DOCUME~1\Owner\My Documents\_\Trillian Astra Build 35+Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Trillian Astra v.4.0a Build 47 + Cracks.exe
C:\DOCUME~1\Owner\My Documents\_\Trillian Pro 3.1 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Trojan Remover 6.5.4+Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Trojan Remover 6.5.6 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Tune up 2008 with Working Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Tune Up Utilites 2007 English + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Tune up Utilities 2007 + serial + crack.exe
C:\DOCUME~1\Owner\My Documents\_\Tune Up Utilities 2007 with Keygenerator.exe
C:\DOCUME~1\Owner\My Documents\_\Tune Up Utilities 2007 With Patch And Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Tune Up Utilities FULL 2009 Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Tune Utilities 2007 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\TuneUp Utilities 2006 v5.3.2343 + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\TuneUp Utilities 2006 v5.3.2343 + working keygen.exe
C:\DOCUME~1\Owner\My Documents\_\TuneUp Utilities 2008 7.0.7991 Inc. Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\TuneUp Utilities 2008 v7.0.8004 + Keygen CORE UPDATED.exe
C:\DOCUME~1\Owner\My Documents\_\Tuneup Utilitis 2007 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Turbo Photo v5.3 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\UEFA EURO 2008 Crack Serial Included.exe
C:\DOCUME~1\Owner\My Documents\_\Ulead DVD MovieFactory 5 Plus Retail + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Ulead DVD MovieFactory v5.0 Plus Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Ultimate Keygen Collection - 1168 Keygens.exe
C:\DOCUME~1\Owner\My Documents\_\Ultra Video Splitter 3.7.6 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Ultra WMV Converter v2.1.0 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\UltraISO Premium Edition 8.6.1 Build 1985 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\UltraISO Premium Edition 8.6.1.1985 inl keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Unreal Tournament 3 Crack Included.exe
C:\DOCUME~1\Owner\My Documents\_\URSoft Startup Faster v3.0.6 Incl. Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\User Control 2005 v4.313.0.0 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\VB AntiCrack 1.3.exe
C:\DOCUME~1\Owner\My Documents\_\vBulletin v3.6.8 Nulled Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Video Edit Magic v4.27 Incl Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Video to Audio Converter v2.6.5 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\VideoGet v1.1.0.12 Incl Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Virtual Dj 3.4 + Crack + Extra Stuff.exe
C:\DOCUME~1\Owner\My Documents\_\Virtual DJ Studio 5.1 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Virtual DJ Studio 5.3 Inc.Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Virtual Girl 2.63 + Crack + Models.exe
C:\DOCUME~1\Owner\My Documents\_\Vista Activitation Crack 1.0.exe
C:\DOCUME~1\Owner\My Documents\_\Vista Automated Activation Crack 3.0.exe
C:\DOCUME~1\Owner\My Documents\_\Vista Crack developer Activation 8500+ Download.exe
C:\DOCUME~1\Owner\My Documents\_\Vista Manager 1.0.7 x64 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\VMware Workstation 6.0.3 Build 80004 keygen included.exe
C:\DOCUME~1\Owner\My Documents\_\Vmware Workstation V5.5.3 Build 34685 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Voice Changer Software AV VCS 4.0.54 with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\VSO ConvertXtoDVD v3.1.3.36 Incl. Keygen-BRD.exe
C:\DOCUME~1\Owner\My Documents\_\WAP Bluetooth and 3G Programming Cracking the Code.exe
C:\DOCUME~1\Owner\My Documents\_\Warcraft III Reign Of Chaos with Crack.exe
C:\DOCUME~1\Owner\My Documents\_\WavePad Masters Edition Audio Editing v 3.05 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Webroot Spy Sweeper 5.2.3.2132 + Keygen Working.exe
C:\DOCUME~1\Owner\My Documents\_\Winamp 5.25 Build 868 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Winamp 5.3 Pro with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinAmp 5.3.1 Pro + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinAmp 5.3.2 Pro Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Winamp 5.31 + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Winamp 5.32 Professional + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Winamp 5.34 PRO + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Winamp 5.5 Pro10th Anniversary Edition With Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Winamp 5.55 Pro + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\WinAMP Pro 5.3.2 Including Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Winamp Pro 5.35 + Keygen + Patch.exe
C:\DOCUME~1\Owner\My Documents\_\WinAmp v5.34 Professional Inc Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinASO EasyTweak v2.1.1 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\WinAVI 7.7 with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinAVI Video Converter 7.7 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinAVI Video Converter included crack german.exe
C:\DOCUME~1\Owner\My Documents\_\Window Blinds v5.10Enhanced_Includind Crack.exe
C:\DOCUME~1\Owner\My Documents\_\WindowBlinds Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Windows Blind 5.0.1 Enhanced + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Windows Genuine Advantage Validation v1.7.17.0 Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Windows Genuine Advantage Validation v1.7.18.1 Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Windows Genuine Validation Crack v1.7.18.1.exe
C:\DOCUME~1\Owner\My Documents\_\Windows Keygen Pack 2008.exe
C:\DOCUME~1\Owner\My Documents\_\Windows media player 11 NO Validation Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Windows Registry Washer v3.21 with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Windows Server 2008 Activation Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Windows Vista 30 Day Activation Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Windows Vista Activation Crack 2007.exe
C:\DOCUME~1\Owner\My Documents\_\Windows Vista Activation Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Windows Vista Activation Time Stopper Crack Patch Newes.exe
C:\DOCUME~1\Owner\My Documents\_\Windows XP Permanent Activation Crack.exe
C:\DOCUME~1\Owner\My Documents\_\WinDVD Platinum 8.0.6.101 R1 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Windvd Platinum V8.0.b06.072 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinHex 14.5 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinRar 3.62 +crack + workin.exe
C:\DOCUME~1\Owner\My Documents\_\WinRAR 3.70 Final -- Keygen By CORE.exe
C:\DOCUME~1\Owner\My Documents\_\Winrar 4.65 Latest With Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Winrar v3.62 and v3.70 Beta 5 Incl. Cracks.exe
C:\DOCUME~1\Owner\My Documents\_\WinRAR v3.62 with Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinRAR v3.70 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Winrar V3.71 Final Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinRAR v3.71 Final + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinRAR.v3.61 - With Crack.exe
C:\DOCUME~1\Owner\My Documents\_\WinXP Manager 4.98.7 with working keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Winzip 11 + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\WinZip 11.0 keygen patch.exe
C:\DOCUME~1\Owner\My Documents\_\WinZip 11.0 Build 7291 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Winzip 11.0 Pro Build 7313 with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinZip 11.1 Pro With Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Winzip 110 Pro with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinZip Pro 11.0 + keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Winzip Pro v12 with keygen.exe
C:\DOCUME~1\Owner\My Documents\_\WinZip v11.0.7313 Portable + KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Wondershare PPT2DVD v4.7.2.13 Incl. Crack.exe
C:\DOCUME~1\Owner\My Documents\_\WordWeb Pro 4.1 inc keygen.exe
C:\DOCUME~1\Owner\My Documents\_\X-NetStat Professional v5.52 Incl Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Xilisoft DVD Ripper Platinum 4.0.54.0929 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\XP Pro 64-bit Crack and Server 2003 Eval crack.exe
C:\DOCUME~1\Owner\My Documents\_\XP Smoker Pro 5.0 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Yamicsoft Vista Manager v1.0.3 + Crack.exe
C:\DOCUME~1\Owner\My Documents\_\Zone Alarm Internet Security Suite 7.302.000 - KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Zone Alarm Pro 7.0.302.000 + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Zone Alarm Pro 7.0.302.000 + Working KeyGen.exe
C:\DOCUME~1\Owner\My Documents\_\Zone Alarms PRO + Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\Zone Labs IMsecure Pro 7.0.334.000 Keygen.exe
C:\DOCUME~1\Owner\My Documents\_\ZoneAlarm Pro 6.5.722.000 + KeyGen.exe
C:\DOCUME~1\Owner\Recent\MagicDVDRipper Crack.lnk


[F:1][D:1]-> C:\DOCUME~1\Owner\LOCALS~1\Temp
[F:1302][D:0]-> C:\DOCUME~1\Owner\Cookies
[F:3][D:1]-> C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 03/23/2009|22:07 - Option : [1]

--------------------\\ Scan completed at 22:07:27

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 24 March 2009 - 12:05 PM

Hello..

No wonder you are soo infected.. You have been using Cracks and Keygenes. That was the main purpose why I ran the tool to see how you were infected by all this junk..

Posted ImageCracks and Key Generators Warning

Your system is full of "cracks and keygens"!!!. This means You have used cracks or key generators.

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a sm?rg?sbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.


Merely visiting such sites without downloading ANYTHING is one of the worst things a user can do online. They are illegal. Cracked software is notorious for carrying malware/infections. How do you think these people make their money... they aren't really giving you this software out of the goodness of their hearts.

You also have crack/keygene related anti-virus/firewall softwares. These are notorious on carrying malware infections and having an crack or keygene anti-virus/firewall installed is basically allowing it to infect your system more.

I would like you to ad here to what I have said above and post back letting me know. Once you have been doing these things, the only way to make sure your computer is clean and secure would be to format the whole drive and start all over. Reply back letting me know.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 Tifffany

Tifffany
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 24 March 2009 - 12:38 PM

Thank you for the response. I am fixing this computer for someone else so I don't know all that has been done on it in the past. There is a lot of (legal) music that I would need to back up before formatting. If I was able to burn this off, could it end up reinfecting my computer? Is there anyway of saving all of this data and can I be sure these files are safe? I think there is around 40gb which I could back up with dvds if I could figure out how to burn them as data files to a dvd

Is there anything else I am supposed to reply with?

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 24 March 2009 - 02:24 PM

Hello.

If you wish to format that is fine. If you want to continue all those cracks and keygenes must be deleted, if not we will delete it.

Burnning off files using a CD is the best option to take.


When backing up files and datas there are mainly 2 general guidelines:

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe's, .scr, .com, .pif etc... as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

Note: Some may want to be safe, wondering if their data files are infected or not so to make sure you should scan those files using an anti-virus scanner and an anti-malware/anti-spyware scanner making sure they are free from malware. From what I have seen the results were always CLEAN, meaning they were not infected at all.

Let me know if you have any questions.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 Tifffany

Tifffany
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 24 March 2009 - 05:43 PM

OK I am in the process of deleting all of that keygen stuff that the program found. Should I run anything after this to verify that it was all removed?

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 24 March 2009 - 06:41 PM

Hello.

OK I am in the process of deleting all of that keygen stuff that the program found. Should I run anything after this to verify that it was all removed?

I didn't say for you to delete them. We were going to delete it if you don't wish to format. So to confirm this you wish to continue, correct?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 Tifffany

Tifffany
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 24 March 2009 - 06:59 PM

Yes I would like to continue - thank you!

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:30 PM

Posted 24 March 2009 - 07:46 PM

Hello.

That was all I wanted to know :thumbup2:

Let's continue then. GMER was updated and now it is slightly different. Run GMER by follow the instructions below. There is also a LOP infection on your computer. I didn't bother using Combofix to remove it since LOP S&D can take care all of that for us and other lop files/folders that was not shown. :)

NOTE: Make sure you follow the instructions in the order I provide them for you please.

Run Lop S&D using Option 3

Download Lop S&D by Eric_71 and save it to your desktop if you have not already.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 3 to choose Option 3 (Fix - Hosts), then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    c:\windows\system32\drivers\Ndisprot.sys 
    c:\windows\system32\drivers\futhwejw.sys 
    Drivers::
    futhwejw
    Ndisprot
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes..
  • When it's done scanning, you may receive another notice. Click OK if prompted.
  • Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.
  • If you receive no notice, click on the Scan button near the bottom.
  • It will start scanning again like before.
  • When it is done, Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.If GMER doesn't work in Normal Mode try running it in Safe Mode
Note: Do Not run any program while GMER is running

Important!:Please do not select the Show all checkbox during the scan.

Post back with:
-Lop S&D log
-Combofix log
-GMER log
-How's your computer running?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users