Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Worm.Win32.netsky


  • Please log in to reply

#1
Electraa

Electraa

    New Member

  • Member
  • Pip
  • 5 posts
Hello,
My computer was infected a while ago (about a year ago) with a Worm.win32.netsky. I just started looking into it yesterday and I found out that there is a way to get rid of it. I do not want to buy any antivirus programs because that computer is pretty old, but if I can fix it for free I'm up for the challenge.

I know there are posts about this virus on this forum, but they all seem to differ. Here is my situation:

I cant start in safe mode.
I cant open task manager.
I tried running SmitfraudFix but it wont open because my computer rejects it saying it's infected.
The computer has slowed down a lot.

I'm trying to think of other useful information but I don't know what else I need to let you know.

I know you're using some sort of program to post logs. If you need me to do that please let me know how I can get it.

Thank you in advance!

Electra
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,148 posts
  • MVP
Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.

If you lose internet access after running MBAM or if you are not able to get to the downloads:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Ron
  • 0

#3
Electraa

Electraa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi,
Thank you for replying to my post!
I tried all the steps and downloaded all setups but none of them would open, because the virus keeps telling me that these programs are infected.
Also, I just got a bluescreen that said I was infected with spcmdcom... or something similar to that.
Is there a way to go about it so I can download these programs?
I can't open safe mode still.

Right now when my computer restarted I was able to delete temp files with TFC. I tried opening other things I downloaded but the only other one I was able to open was SmitFraudFix, which is running right now. However, it said that Scan DNS could not start. Right now its cleaning the registry.

I will post more once the scan is done.

Electra
  • 0

#4
Electraa

Electraa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Well the SmitFraudFix didnt work since it froze. When I restarted my computer it was in the same condition. I don't know what I should do next.


UPDATE: Ok so I hope editing doesnt bump a thread.

Somehow I was able to delete some files that I guess were infected and my computer seems to be running without any popups of warnings. I did all the scans except for Malwarebytes, because it said it could not be found.

Here are the logs:

GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-13 16:19:27
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Sandra\LOCALS~1\Temp\kxdorfow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEE96E79E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEE96E738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEE96E74C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEE96E7B2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEE96E7DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEE96E84C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEE96E836]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEE96E878]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEE96E78A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEE96E710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEE96E724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEE96E8B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEE96E820]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEE96E80A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEE96E7C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEE96E8A0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEE96E88C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEE96E776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEE96E762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEE96E7F4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEE96E6FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEE96E862]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwOpenKey 805686CB 5 Bytes JMP EE96E78E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056C0FA 5 Bytes JMP EE96E766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056CC96 7 Bytes JMP EE96E80E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80570637 5 Bytes JMP EE96E7A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A47 7 Bytes JMP EE96E8B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D3E 7 Bytes JMP EE96E850 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 80578B7B 5 Bytes JMP EE96E714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80579D4F 7 Bytes JMP EE96E7F8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 8057E286 7 Bytes JMP EE96E83A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058253E 7 Bytes JMP EE96E750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 80584CA9 5 Bytes JMP EE96E700 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058DD0F 5 Bytes JMP EE96E728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 80590E6A 5 Bytes JMP EE96E87C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 805940A0 7 Bytes JMP EE96E7E2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805956CA 7 Bytes JMP EE96E7B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805AABC8 5 Bytes JMP EE96E73C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062D62B 5 Bytes JMP EE96E77A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064D272 5 Bytes JMP EE96E890 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064D547 7 Bytes JMP EE96E866 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064DE14 7 Bytes JMP EE96E824 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E259 7 Bytes JMP EE96E7CC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064E74E 5 Bytes JMP EE96E8A4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3004] kernel32.dll!ExitProcess 7C81CDEA 5 Bytes JMP 015F2717 c:\windows\system32\wodewena.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3004] WS2_32.dll!connect 71AB406A 5 Bytes JMP 015F2E15 c:\windows\system32\wodewena.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] Rundll32.exe "c:\windows\system32\rogajitu.dll",a
Reg HKLM\SOFTWARE\Classes\CLSID\{38cef610-e331-4ee8-abea-825057663292}\[email protected] c:\windows\system32\yuhonowu.dll

---- EOF - GMER 1.0.15 ----


OTL
OTL logfile created on: 5/13/2010 4:21:54 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Sandra\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.00 Mb Total Physical Memory | 141.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): c:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 0.26 Gb Free Space | 0.35% Space Free | Partition Type: NTFS
Drive D: | 372.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDRA-6EC01333
Current User Name: Sandra
Logged in as Administrator.

Cannot determine boot mode.
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/13 16:20:30 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTL.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/04/17 19:20:30 | 000,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/03/25 12:05:48 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/03/24 01:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/03/19 12:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/01/09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/05/27 23:17:49 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\SmitfraudFix\Policies.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/13 16:20:30 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTL.exe
MOD - [2010/02/13 14:19:52 | 000,057,344 | -HS- | M] () -- C:\WINDOWS\system32\lasozodi.dll
MOD - [2009/12/18 02:21:11 | 000,092,672 | ---- | M] () -- C:\WINDOWS\system32\livusipi.dll
MOD - [2009/12/16 02:21:13 | 000,092,672 | ---- | M] () -- C:\WINDOWS\system32\kowetalo.dll
MOD - [2009/12/14 14:21:13 | 000,093,184 | ---- | M] () -- C:\WINDOWS\system32\sarinavo.dll
MOD - [2009/12/12 02:11:33 | 000,092,672 | ---- | M] () -- C:\WINDOWS\system32\jutesogu.dll
MOD - [2009/12/11 02:11:34 | 000,092,672 | ---- | M] () -- C:\WINDOWS\system32\sasizalu.dll
MOD - [2009/09/19 14:23:07 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\wodewena.dll
MOD - [2009/09/18 14:22:39 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\hipiveho.dll
MOD - [2009/09/14 02:18:55 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\gunesoyo.dll
MOD - [2009/09/13 14:18:26 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\rogajitu.dll
MOD - [2009/09/12 14:17:53 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\memazana.dll
MOD - [2009/09/10 14:16:39 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\wahewefa.dll
MOD - [2009/09/09 14:15:51 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\yuhonowu.dll
MOD - [2004/08/04 04:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 04:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 12:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/03 11:51:46 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/06/03 16:51:48 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/04/17 19:20:30 | 000,797,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/03/25 12:05:48 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/03/24 01:03:18 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/03/19 12:42:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/01/23 11:46:14 | 000,203,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/01/14 15:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/01/09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2008/12/08 23:05:41 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/02/21 09:28:36 | 000,643,072 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/02/21 09:19:40 | 000,294,912 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/02/21 09:16:48 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/02/21 09:10:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 13:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/07/23 19:38:26 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/02/21 09:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/02/09 13:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 21:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 21:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/08 11:51:16 | 002,209,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/10/26 17:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 17:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 17:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 17:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 17:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 17:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 17:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 17:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/07/21 12:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/03/08 11:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/15 16:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/08/04 04:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 04:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 04:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/05/26 14:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = ft hamilton

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/05/07 21:46:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/05/13 15:38:43 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\lib.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [85568133] C:\Documents and Settings\All Users\Application Data\85568133\85568133.exe ()
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [My Web Search Bar] C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [pefoyumey] C:\WINDOWS\System32\wodewena.DLL ()
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\AVR.exe File not found
O4 - HKCU..\Run: [calc] C:\WINDOWS\System32\config\SYSTEM~1\ntuser.DLL File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe ()
O4 - HKCU..\Run: [Reg Tool] C:\Program Files\Reg Tool\Reg Tool.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Sandra\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe File not found
O4 - Startup: C:\Documents and Settings\Sandra\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Sandra\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Sandra\Start Menu\Programs\Startup\scandisk.lnk = C:\Documents and Settings\Sandra\Desktop\rundll32.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...83/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.co...?BundleId=29223 (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (c:\windows\system32\nagefipi.dll c:\windows\system32\yuhonowu.dll c:\windows\system32\wahewefa.dll c:\windows\system32\sasizalu.dll c:\windows\system32\jutesogu.dll c:\windows\system32\memazana.dll c:\windows\system32\rogajitu.dll c:\windows\system32\gunesoyo.dll c:\windows\system32\sarinavo.dll c:\windows\system32\kowetalo.dll c:\windows\system32\livusipi.dll c:\windows\system32\hipiveho.dll c:\windows\system32\wodewena.dll) - C:\WINDOWS\System32\nagefipi.dll File not found
O20 - AppInit_DLLs: (lasozodi.dll) - C:\WINDOWS\System32\lasozodi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\System32\winlogon86.exe File not found
O20 - Winlogon\Notify\__c00610C: DllName - C:\WINDOWS\system32\__c00610C.dat - C:\WINDOWS\System32\__c00610C.dat File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: fuguzuwad - {11fc0e17-d4e6-4966-a07a-d4c472585a90} - C:\WINDOWS\system32\wodewena.dll ()
O21 - SSODL: jitonutov - {38cef610-e331-4ee8-abea-825057663292} - C:\WINDOWS\system32\wodewena.dll ()
O21 - SSODL: lahozopiw - {2ae551e2-7127-454b-a85b-a20f9a9b2a22} - C:\WINDOWS\system32\sasizalu.dll ()
O21 - SSODL: newusafep - {cda53b86-61c0-4bb2-b809-86f7d48798c8} - C:\WINDOWS\system32\wahewefa.dll ()
O21 - SSODL: pehiyiket - {b8cb487f-5960-4ee4-8ee5-ac34410687eb} - C:\WINDOWS\system32\hipiveho.dll ()
O21 - SSODL: reragajor - {361f6b12-a1d7-4839-a9d7-1239d48a0c0f} - C:\WINDOWS\system32\wodewena.dll ()
O21 - SSODL: resiyefur - {0e063052-092d-44ee-8f96-03ff582a1e57} - C:\WINDOWS\system32\jutesogu.dll ()
O21 - SSODL: rirojewew - {2a695681-0a94-48ef-8260-d5b142c753b5} - C:\WINDOWS\System32\nagefipi.dll File not found
O21 - SSODL: sabujopak - {bfa6689f-1e50-4bdd-b24e-7ed90cc86cfe} - C:\WINDOWS\system32\jutesogu.dll ()
O21 - SSODL: vuhosugak - {f041fa32-ad2f-437b-935a-8206296a4c2b} - C:\WINDOWS\system32\wahewefa.dll ()
O21 - SSODL: weboyagiw - {51a60129-f329-4801-81fd-d2263524067c} - C:\WINDOWS\system32\gunesoyo.dll ()
O21 - SSODL: wetotarif - {4860bf8e-9c60-4502-abc4-6cffb805a368} - C:\WINDOWS\system32\memazana.dll ()
O21 - SSODL: zaganebov - {dac02dbf-dd6a-4e1d-b58a-af9c5e79edd8} - C:\WINDOWS\system32\wodewena.dll ()
O22 - SharedTaskScheduler: {0e063052-092d-44ee-8f96-03ff582a1e57} - mujuzedij - C:\WINDOWS\system32\jutesogu.dll ()
O22 - SharedTaskScheduler: {11fc0e17-d4e6-4966-a07a-d4c472585a90} - kupuhivus - C:\WINDOWS\system32\wodewena.dll ()
O22 - SharedTaskScheduler: {2a695681-0a94-48ef-8260-d5b142c753b5} - gahurihor - C:\WINDOWS\System32\nagefipi.dll File not found
O22 - SharedTaskScheduler: {2ae551e2-7127-454b-a85b-a20f9a9b2a22} - tokatiluy - C:\WINDOWS\system32\sasizalu.dll ()
O22 - SharedTaskScheduler: {361f6b12-a1d7-4839-a9d7-1239d48a0c0f} - mujuzedij - C:\WINDOWS\system32\wodewena.dll ()
O22 - SharedTaskScheduler: {38cef610-e331-4ee8-abea-825057663292} - gahurihor - C:\WINDOWS\system32\memazana.dll ()
O22 - SharedTaskScheduler: {4860bf8e-9c60-4502-abc4-6cffb805a368} - mujuzedij - C:\WINDOWS\system32\memazana.dll ()
O22 - SharedTaskScheduler: {51a60129-f329-4801-81fd-d2263524067c} - mujuzedij - C:\WINDOWS\system32\gunesoyo.dll ()
O22 - SharedTaskScheduler: {b8cb487f-5960-4ee4-8ee5-ac34410687eb} - mujuzedij - C:\WINDOWS\system32\hipiveho.dll ()
O22 - SharedTaskScheduler: {bfa6689f-1e50-4bdd-b24e-7ed90cc86cfe} - tokatiluy - C:\WINDOWS\system32\jutesogu.dll ()
O22 - SharedTaskScheduler: {cda53b86-61c0-4bb2-b809-86f7d48798c8} - mujuzedij - C:\WINDOWS\system32\wahewefa.dll ()
O22 - SharedTaskScheduler: {dac02dbf-dd6a-4e1d-b58a-af9c5e79edd8} - tokatiluy - C:\WINDOWS\system32\wodewena.dll ()
O22 - SharedTaskScheduler: {f041fa32-ad2f-437b-935a-8206296a4c2b} - kupuhivus - C:\WINDOWS\system32\wahewefa.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/23 01:43:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/29 12:44:56 | 000,000,130 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\CDSTART.EXE -- [2009/02/27 01:50:05 | 002,159,472 | R--- | M] (Symantec Corporation)
O33 - MountPoints2\D\Shell\Install\Command - "" = D:\SETUP.EXE -- [2009/02/27 02:36:25 | 075,014,472 | R--- | M] (Symantec Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/10/26 18:23:20 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/05/13 16:20:25 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTL.exe
[2010/05/13 16:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Malwarebytes
[2010/05/13 16:09:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/13 16:09:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/13 16:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/13 16:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/13 16:08:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/13 16:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/13 14:24:46 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\TFC.exe
[2010/05/07 21:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Desktop\SmitfraudFix
[2010/05/07 20:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sandra\Application Data\Control Commander
[2010/02/28 12:19:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\F0127494E9F

========== Files - Modified Within 90 Days ==========

[2010/05/13 16:38:02 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\ (SANDRA-6EC01333-Sandra).job
[2010/05/13 16:36:46 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\nikatuso
[2010/05/13 16:20:30 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\OTL.exe
[2010/05/13 16:20:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/13 16:13:38 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\gmer.zip
[2010/05/13 16:12:14 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/13 16:07:27 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Sandra\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/13 16:07:24 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\NTREGOPT.lnk
[2010/05/13 16:07:24 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\ERUNT.lnk
[2010/05/13 16:00:33 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\fowtenkn.job
[2010/05/13 16:00:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\gpschdgu.job
[2010/05/13 15:38:53 | 000,001,536 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/05/13 15:34:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010/05/13 15:32:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/13 15:32:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/13 15:32:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/13 15:30:51 | 000,015,631 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/13 15:30:37 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Sandra\ntuser.dat
[2010/05/13 15:30:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Sandra\ntuser.ini
[2010/05/13 15:19:03 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\Security Tool.lnk
[2010/05/13 14:36:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19173.exe
[2010/05/13 14:35:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9556.exe
[2010/05/13 14:25:00 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sandra\Desktop\TFC.exe
[2010/05/13 14:11:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/13 10:11:56 | 000,057,344 | ---- | M] () -- C:\WINDOWS\System32\kimuremo.dll
[2010/05/13 10:11:01 | 000,065,024 | ---- | M] () -- C:\WINDOWS\System32\lodayija.dll
[2010/05/13 10:11:01 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\foburune.dll
[2010/05/09 02:21:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26577.exe
[2010/05/09 02:01:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32150.exe
[2010/05/09 01:41:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6000.exe
[2010/05/09 01:21:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31207.exe
[2010/05/09 01:01:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10263.exe
[2010/05/09 00:41:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29235.exe
[2010/05/09 00:33:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2010/05/09 00:21:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5995.exe
[2010/05/09 00:01:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15798.exe
[2010/05/08 23:41:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31850.exe
[2010/05/08 23:21:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4289.exe
[2010/05/08 22:41:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13488.exe
[2010/05/08 22:20:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\16840.exe
[2010/05/08 22:00:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9681.exe
[2010/05/08 21:40:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\7022.exe
[2010/05/08 21:20:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\30754.exe
[2010/05/08 21:00:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26984.exe
[2010/05/08 20:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/08 20:40:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27190.exe
[2010/05/08 20:20:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23114.exe
[2010/05/08 20:00:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\29081.exe
[2010/05/08 19:40:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5654.exe
[2010/05/08 19:20:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\24209.exe
[2010/05/08 19:00:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15062.exe
[2010/05/08 18:40:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\1294.exe
[2010/05/08 18:20:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2254.exe
[2010/05/08 18:00:01 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/05/08 17:40:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17614.exe
[2010/05/08 17:19:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22866.exe
[2010/05/08 16:59:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22682.exe
[2010/05/08 16:39:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\961.exe
[2010/05/08 16:19:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\97.exe
[2010/05/08 15:59:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2747.exe
[2010/05/08 15:39:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\12719.exe
[2010/05/08 15:19:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\75.exe
[2010/05/08 14:59:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11117.exe
[2010/05/08 14:39:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21518.exe
[2010/05/08 14:19:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6084.exe
[2010/05/08 13:59:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14608.exe
[2010/05/08 13:39:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10237.exe
[2010/05/08 13:19:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31150.exe
[2010/05/08 12:59:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26549.exe
[2010/05/08 12:39:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28588.exe
[2010/05/08 12:03:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28266.exe
[2010/05/08 12:01:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10178.exe
[2010/05/08 11:55:17 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\SmitfraudFix.exe
[2010/05/08 04:41:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31531.exe
[2010/05/08 04:21:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15136.exe
[2010/05/08 04:01:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2543.exe
[2010/05/08 03:41:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\15272.exe
[2010/05/08 03:21:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27373.exe
[2010/05/08 03:01:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\32734.exe
[2010/05/08 02:41:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10125.exe
[2010/05/08 02:21:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6833.exe
[2010/05/08 02:01:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\21711.exe
[2010/05/08 01:41:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\17870.exe
[2010/05/08 01:21:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\4130.exe
[2010/05/08 01:01:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10711.exe
[2010/05/08 00:41:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\13100.exe
[2010/05/08 00:21:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31478.exe
[2010/05/08 00:01:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\22376.exe
[2010/05/07 23:41:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11307.exe
[2010/05/07 23:21:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\2277.exe
[2010/05/07 23:01:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3804.exe
[2010/05/07 22:40:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11158.exe
[2010/05/07 22:00:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\10471.exe
[2010/05/07 21:32:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\14854.exe
[2010/05/07 21:32:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\31043.exe
[2010/05/07 21:01:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\9701.exe
[2010/05/07 20:59:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\27976.exe
[2010/05/07 20:35:13 | 000,001,004 | ---- | M] () -- C:\Documents and Settings\Sandra\Desktop\Control Commander.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/21 05:06:21 | 001,969,900 | ---- | M] () -- C:\WINDOWS\System32\ninegozu.exe
[2010/04/20 09:20:04 | 000,087,040 | ---- | M] () -- C:\WINDOWS\System32\tevupiru.exe
[2010/02/13 14:19:52 | 000,057,344 | -HS- | M] () -- C:\WINDOWS\System32\lasozodi.dll
[2010/02/13 14:19:51 | 000,057,344 | -HS- | M] () -- C:\WINDOWS\System32\movoyari.dll
[2010/02/13 14:19:51 | 000,057,344 | -HS- | M] () -- C:\WINDOWS\System32\manaviha.dll
[2010/02/13 14:13:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dupejume.exe
[2010/02/13 14:12:59 | 000,000,512 | -HS- | M] () -- C:\WINDOWS\System32\sehajiwi.dll
[2010/02/13 14:12:59 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\sapahore.exe
[2010/02/13 14:12:59 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\fujegifu.dll
[2010/02/13 14:12:58 | 000,000,008 | -HS- | M] () -- C:\WINDOWS\System32\fujegifu.exe
[2010/02/13 14:12:58 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dujujewo.dll

========== Files Created - No Company Name ==========

[2010/05/13 16:13:34 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\gmer.zip
[2010/05/13 16:12:14 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/13 16:07:27 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Sandra\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/13 16:07:24 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\NTREGOPT.lnk
[2010/05/13 16:07:24 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\ERUNT.lnk
[2010/05/13 15:00:52 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/05/13 14:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19173.exe
[2010/05/13 14:35:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9556.exe
[2010/05/13 14:17:30 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\fowtenkn.job
[2010/05/13 10:11:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\kimuremo.dll
[2010/05/13 10:11:01 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\lodayija.dll
[2010/05/13 10:11:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\foburune.dll
[2010/05/09 02:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26577.exe
[2010/05/09 01:41:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6000.exe
[2010/05/09 01:21:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31207.exe
[2010/05/09 01:01:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10263.exe
[2010/05/09 00:41:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29235.exe
[2010/05/09 00:21:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5995.exe
[2010/05/09 00:01:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15798.exe
[2010/05/08 23:41:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31850.exe
[2010/05/08 23:21:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4289.exe
[2010/05/08 22:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13488.exe
[2010/05/08 22:20:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16840.exe
[2010/05/08 22:00:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9681.exe
[2010/05/08 21:40:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7022.exe
[2010/05/08 21:20:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30754.exe
[2010/05/08 21:00:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26984.exe
[2010/05/08 20:40:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27190.exe
[2010/05/08 20:20:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23114.exe
[2010/05/08 20:00:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29081.exe
[2010/05/08 19:40:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5654.exe
[2010/05/08 19:20:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24209.exe
[2010/05/08 19:00:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15062.exe
[2010/05/08 18:40:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1294.exe
[2010/05/08 18:20:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2254.exe
[2010/05/08 17:40:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17614.exe
[2010/05/08 17:19:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22866.exe
[2010/05/08 16:59:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22682.exe
[2010/05/08 16:19:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\97.exe
[2010/05/08 15:39:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12719.exe
[2010/05/08 15:19:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\75.exe
[2010/05/08 14:59:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11117.exe
[2010/05/08 14:39:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21518.exe
[2010/05/08 14:19:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6084.exe
[2010/05/08 13:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14608.exe
[2010/05/08 13:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10237.exe
[2010/05/08 12:39:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28588.exe
[2010/05/08 12:01:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10178.exe
[2010/05/08 04:01:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2543.exe
[2010/05/08 03:41:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15272.exe
[2010/05/08 03:21:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27373.exe
[2010/05/08 03:01:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32734.exe
[2010/05/08 02:41:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10125.exe
[2010/05/08 02:21:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6833.exe
[2010/05/08 01:41:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17870.exe
[2010/05/08 01:21:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4130.exe
[2010/05/08 01:01:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10711.exe
[2010/05/08 00:41:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13100.exe
[2010/05/08 00:21:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31478.exe
[2010/05/08 00:01:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22376.exe
[2010/05/07 23:41:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11307.exe
[2010/05/07 23:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2277.exe
[2010/05/07 23:01:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3804.exe
[2010/05/07 22:40:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11158.exe
[2010/05/07 22:20:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32150.exe
[2010/05/07 22:00:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10471.exe
[2010/05/07 21:32:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14854.exe
[2010/05/07 21:32:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31043.exe
[2010/05/07 21:02:57 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\SmitfraudFix.exe
[2010/05/07 21:01:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9701.exe
[2010/05/07 20:59:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27976.exe
[2010/05/07 20:35:10 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\Control Commander.lnk
[2010/04/26 06:27:43 | 000,048,136 | ---- | C] () -- C:\WINDOWS\System32\kivihude.exe
[2010/04/21 05:06:21 | 001,969,900 | ---- | C] () -- C:\WINDOWS\System32\ninegozu.exe
[2010/04/20 09:20:04 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\tevupiru.exe
[2010/02/28 12:02:52 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\Security Tool.lnk
[2010/02/13 14:19:52 | 000,057,344 | -HS- | C] () -- C:\WINDOWS\System32\lasozodi.dll
[2010/02/13 14:19:51 | 000,057,344 | -HS- | C] () -- C:\WINDOWS\System32\movoyari.dll
[2010/02/13 14:19:51 | 000,057,344 | -HS- | C] () -- C:\WINDOWS\System32\manaviha.dll
[2010/02/13 14:13:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dupejume.exe
[2010/02/13 14:12:59 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\sehajiwi.dll
[2010/02/13 14:12:59 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\sapahore.exe
[2010/02/13 14:12:59 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\fujegifu.dll
[2010/02/13 14:12:58 | 000,000,008 | -HS- | C] () -- C:\WINDOWS\System32\fujegifu.exe
[2010/02/13 14:12:58 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dujujewo.dll
[2010/02/07 20:30:26 | 000,049,152 | -HS- | C] () -- C:\WINDOWS\System32\sojerire.dll
[2009/12/18 02:21:11 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\livusipi.dll
[2009/12/18 02:20:49 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokuduni.dll
[2009/12/16 02:21:13 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\kowetalo.dll
[2009/12/14 14:21:13 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\sarinavo.dll
[2009/12/14 14:20:49 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\nerikofu.dll
[2009/12/14 14:20:22 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\nomebera.dll
[2009/12/14 14:20:15 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\woridusa.dll
[2009/12/12 02:19:12 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kimonadi.dll
[2009/12/12 02:11:33 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\jutesogu.dll
[2009/12/11 02:11:34 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\sasizalu.dll
[2009/12/10 02:18:54 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\fimotiso.dll
[2009/12/07 02:16:51 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\tizuwifa.dll
[2009/12/07 02:11:28 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ruvisape.dll
[2009/12/06 02:17:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kopeboya.dll
[2009/12/06 02:11:30 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\volehoda.dll
[2009/12/02 14:14:41 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yehiwofa.dll
[2009/12/02 14:11:13 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\suwalape.dll
[2009/12/02 02:14:01 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\tisugute.dll
[2009/12/01 14:14:16 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\papuwiyi.dll
[2009/12/01 14:12:49 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\zofudaga.dll
[2009/11/28 02:12:03 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fohuvefa.dll
[2009/11/28 02:11:25 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\derokewo.dll
[2009/11/26 16:26:17 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\hinikafo.dll
[2009/11/26 15:58:46 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\nejoweyi.dll
[2009/09/19 14:23:09 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\rawasupa.dll
[2009/09/19 14:23:09 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lupogofa.dll
[2009/09/19 14:23:07 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\wodewena.dll
[2009/09/18 14:22:43 | 000,000,003 | -HS- | C] () -- C:\WINDOWS\System32\zidekemo.dll
[2009/09/18 14:22:41 | 000,061,952 | -HS- | C] () -- C:\WINDOWS\System32\wamihuyi.dll
[2009/09/18 14:22:39 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\hipiveho.dll
[2009/09/18 14:22:39 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\hayutofe.dll
[2009/09/18 02:22:35 | 000,021,504 | -HS- | C] () -- C:\WINDOWS\System32\dipuzode.dll
[2009/09/18 02:22:35 | 000,018,432 | -HS- | C] () -- C:\WINDOWS\System32\kunobeza.dll
[2009/09/18 02:22:34 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\talabuni.dll
[2009/09/17 02:22:11 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\fuvobuno.dll
[2009/09/17 02:22:09 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\kuwewawi.dll
[2009/09/17 02:22:09 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\jiwiniba.dll
[2009/09/16 14:21:59 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\hohujoza.dll
[2009/09/16 14:21:58 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\fuwefuto.dll
[2009/09/16 14:21:58 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\dovoboka.dll
[2009/09/16 02:21:41 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\mosikuze.dll
[2009/09/16 02:21:39 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\kowavugi.dll
[2009/09/16 02:21:39 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\fimofoto.dll
[2009/09/15 14:21:29 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\numewiko.dll
[2009/09/15 14:21:28 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\wenefimo.dll
[2009/09/15 14:21:28 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\dovitoli.dll
[2009/09/15 02:20:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\zatajeza.dll
[2009/09/15 02:19:59 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\zizubayu.dll
[2009/09/15 02:19:58 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\tomidole.dll
[2009/09/15 02:19:58 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\keyadaka.dll
[2009/09/14 14:19:42 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\homowuje.dll
[2009/09/14 14:19:41 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\hehitome.dll
[2009/09/14 14:19:40 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\vivagife.dll
[2009/09/14 14:19:40 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\tikitusi.dll
[2009/09/14 02:18:56 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pojalipa.dll
[2009/09/14 02:18:55 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\gunesoyo.dll
[2009/09/14 02:18:55 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\waponusi.dll
[2009/09/13 14:18:27 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\luzejule.dll
[2009/09/13 14:18:26 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\rogajitu.dll
[2009/09/13 14:18:24 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\sanabapu.dll
[2009/09/12 14:17:53 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\memazana.dll
[2009/09/12 14:17:53 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\foyunana.dll
[2009/09/12 14:17:52 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\yiwikepe.dll
[2009/09/12 02:17:28 | 000,013,312 | -HS- | C] () -- C:\WINDOWS\System32\zasezede.dll
[2009/09/12 02:17:28 | 000,001,024 | -HS- | C] () -- C:\WINDOWS\System32\jomezipu.dll
[2009/09/12 02:17:26 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\rekifomu.dll
[2009/09/11 02:17:02 | 000,006,144 | -HS- | C] () -- C:\WINDOWS\System32\yihomawo.dll
[2009/09/11 02:17:02 | 000,001,024 | -HS- | C] () -- C:\WINDOWS\System32\zadosuhi.dll
[2009/09/11 02:17:01 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\fozozize.dll
[2009/09/11 02:17:01 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\mukogeje.dll
[2009/09/10 14:16:39 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\wahewefa.dll
[2009/09/10 14:16:39 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\jisanewo.dll
[2009/09/10 14:16:38 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bonobuli.dll
[2009/09/09 14:15:53 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\rukubimu.dll
[2009/09/09 14:15:51 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\yuhonowu.dll
[2009/09/09 14:15:51 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\feporobe.dll
[2009/09/09 02:15:34 | 000,092,160 | -HS- | C] () -- C:\WINDOWS\System32\kubanefu.dll
[2009/09/09 02:15:33 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\vohanibu.dll
[2009/09/09 02:15:33 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pudeyuhe.dll
[2009/09/08 14:15:31 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\jagezuvo.dll
[2009/09/08 14:15:31 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\rohahewi.dll
[2009/09/08 14:15:29 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\walimuza.dll
[2009/09/08 02:15:25 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\subigagi.dll
[2009/09/08 02:15:24 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\pugojomi.dll
[2009/09/08 02:15:24 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\soyipudo.dll
[2009/09/07 14:15:08 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\miyusaga.dll
[2009/09/07 14:15:06 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\hosegoka.dll
[2009/09/07 14:15:06 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\zosidape.dll
[2009/09/07 02:14:46 | 000,006,144 | -HS- | C] () -- C:\WINDOWS\System32\fabosono.dll
[2009/09/07 02:14:45 | 000,047,104 | -HS- | C] () -- C:\WINDOWS\System32\bayamifi.dll
[2009/09/07 02:14:45 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\vadaribe.dll
[2009/09/06 14:14:44 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\rofohiro.dll
[2009/09/06 14:14:43 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\detiwovu.dll
[2009/09/06 14:14:43 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\gahoyebo.dll
[2009/09/06 02:14:39 | 000,015,360 | -HS- | C] () -- C:\WINDOWS\System32\fupofalo.dll
[2009/09/06 02:14:38 | 000,060,416 | -HS- | C] () -- C:\WINDOWS\System32\hizenina.dll
[2009/09/06 02:14:38 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\pemuwili.dll
[2009/09/05 14:14:32 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yikotoja.dll
[2009/09/05 14:14:31 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\nanaviha.dll
[2009/09/05 14:14:31 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\ramademu.dll
[2009/09/05 02:14:10 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\dakazano.dll
[2009/09/05 02:14:09 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\nawukubu.dll
[2009/09/05 02:14:09 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\romegiha.dll
[2009/09/04 14:14:06 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\latibuzi.dll
[2009/09/04 14:14:05 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\banuroyi.dll
[2009/09/04 14:14:05 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wazuyimu.dll
[2009/09/04 02:13:47 | 000,009,216 | -HS- | C] () -- C:\WINDOWS\System32\vuhehemo.dll
[2009/09/04 02:13:46 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\wawoyapo.dll
[2009/09/04 02:13:45 | 000,092,160 | -HS- | C] () -- C:\WINDOWS\System32\rasirowu.dll
[2009/09/04 02:13:45 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\konupiga.dll
[2009/09/03 14:13:23 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\lazinuyi.dll
[2009/09/03 14:13:22 | 000,092,160 | -HS- | C] () -- C:\WINDOWS\System32\hodogeju.dll
[2009/09/03 14:13:22 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bomiyenu.dll
[2009/09/03 02:13:13 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\ponemeno.dll
[2009/09/03 02:13:11 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\zatiyatu.dll
[2009/09/03 02:13:11 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fowatuyo.dll
[2009/09/02 14:13:00 | 000,001,024 | -HS- | C] () -- C:\WINDOWS\System32\dahuvuze.dll
[2009/09/02 14:12:59 | 000,006,144 | -HS- | C] () -- C:\WINDOWS\System32\guyibubi.dll
[2009/09/02 14:12:58 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\nadadomo.dll
[2009/09/02 02:12:48 | 000,015,360 | -HS- | C] () -- C:\WINDOWS\System32\lafigete.dll
[2009/09/02 02:12:47 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\jubigoso.dll
[2009/09/02 02:12:47 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\beluwepo.dll
[2009/09/01 14:12:34 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\System32\jefuduza.dll
[2009/09/01 14:12:32 | 000,080,896 | -HS- | C] () -- C:\WINDOWS\System32\kebopiju.dll
[2009/09/01 14:12:32 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\zoyehohi.dll
[2009/09/01 02:12:18 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\sayamiza.dll
[2009/09/01 02:12:17 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\nanifunu.dll
[2009/09/01 02:12:17 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\juteweze.dll
[2009/08/30 14:11:55 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\tiyetohu.dll
[2009/08/30 14:11:54 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\yodupode.dll
[2009/08/30 14:11:54 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zulavuye.dll
[2009/08/30 02:11:34 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\muvogodo.dll
[2009/08/30 02:11:33 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yavefevu.dll
[2009/08/30 02:11:32 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\tezujeva.dll
[2009/08/29 14:11:20 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\poruwunu.dll
[2009/08/29 14:11:19 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\ruhobazi.dll
[2009/08/29 14:11:19 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\nufotodi.dll
[2009/08/29 02:10:50 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lipekepo.dll
[2009/08/29 02:10:49 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\ropopive.dll
[2009/08/29 02:10:49 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\zulemuju.dll
[2009/08/28 14:10:32 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\tuhuhodi.dll
[2009/08/28 14:10:30 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\ropadugi.dll
[2009/08/28 14:10:30 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\rohesulu.dll
[2009/08/28 02:10:18 | 000,053,248 | -HS- | C] () -- C:\WINDOWS\System32\mokahodi.dll
[2009/08/28 02:10:18 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\fiveteve.dll
[2009/08/27 14:10:17 | 000,092,160 | -HS- | C] () -- C:\WINDOWS\System32\wonihatu.dll
[2009/08/27 14:10:16 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\nemabuta.dll
[2009/08/27 14:10:16 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\gibefige.dll
[2009/08/27 02:10:01 | 000,074,752 | -HS- | C] () -- C:\WINDOWS\System32\bebohoge.dll
[2009/08/27 02:10:01 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\milufuro.dll
[2009/08/26 14:09:48 | 000,011,264 | -HS- | C] () -- C:\WINDOWS\System32\dawusere.dll
[2009/08/26 14:09:48 | 000,006,144 | -HS- | C] () -- C:\WINDOWS\System32\latawude.dll
[2009/08/26 14:09:46 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\piwuporo.dll
[2009/08/26 14:09:46 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\wokohebu.dll
[2009/02/14 11:43:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/07/27 21:29:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/07/23 08:19:30 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/07/23 08:19:29 | 000,000,340 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/04/18 13:23:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/04 04:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(5).dll
[2004/08/04 04:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2004/08/04 04:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/04 04:00:00 | 001,290,752 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/04 04:00:00 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(6).dll
[2004/08/04 04:00:00 | 000,498,205 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(3).dll
[2004/08/04 04:00:00 | 000,498,205 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(2).dll
[2004/08/04 04:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 04:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll

========== LOP Check ==========

[2009/11/27 06:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\16284324
[2009/11/27 06:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\38273528
[2009/11/27 06:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55045827
[2009/12/01 02:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\85568133
[2008/07/27 20:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/09/14 12:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/09/13 12:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/11/05 22:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2009/01/16 10:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2008/07/23 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/01/04 10:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/11/05 22:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\Canon
[2009/11/27 08:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\CC
[2010/05/07 20:34:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\Control Commander
[2009/09/13 12:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\DriverCure
[2009/06/03 16:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\FunWebProducts
[2009/10/25 10:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\Leadertech
[2009/09/14 13:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\LimeWire
[2009/11/28 12:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\PC
[2009/01/16 10:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\PureEdge
[2009/10/21 09:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\Reg Tool
[2008/12/09 07:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sandra\Application Data\Viewpoint
[2010/05/13 16:38:02 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\ (SANDRA-6EC01333-Sandra).job
[2009/12/16 04:25:01 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\DriverCure.job
[2010/05/13 16:00:33 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\fowtenkn.job
[2010/05/13 16:00:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\gpschdgu.job
[2009/12/15 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/12/01 02:00:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/05/08 18:00:01 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2010/05/09 00:33:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/07/23 01:43:03 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/17 20:15:45 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/07/23 01:43:03 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/13 12:51:35 | 000,030,128 | ---- | M] () -- C:\drwtsn32.log
[2009/01/26 21:56:07 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2008/07/23 01:43:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/23 19:39:14 | 000,000,889 | -H-- | M] () -- C:\IPH.PH
[2008/07/23 01:43:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/09/13 13:29:28 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/13 15:32:06 | 780,140,544 | -HS- | M] () -- C:\pagefile.sys
[2010/05/13 15:54:16 | 000,012,414 | ---- | M] () -- C:\rapport.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/06/26 10:18:52 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/06/26 10:18:52 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/07/23 12:53:58 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/23 19:46:25 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008/07/23 12:53:58 | 015,990,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/23 12:53:58 | 003,407,872 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\My eBooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\LimeWire:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\lietuva:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\get_it_on.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\9.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\8.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\7.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\6.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\5.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\4.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\3.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\2.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\My Documents\1.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\Desktop\Work:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\Desktop\SmitfraudFix:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\Desktop\Pure Edge:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\Desktop\pikes peak:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\Desktop\Pictures:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sandra\Desktop\New music:Roxio EMC Stream
< End of report >

EXTRAS
OTL Extras logfile created on: 5/13/2010 4:21:54 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Sandra\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.00 Mb Total Physical Memory | 141.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): c:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 0.26 Gb Free Space | 0.35% Space Free | Partition Type: NTFS
Drive D: | 372.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDRA-6EC01333
Current User Name: Sandra
Logged in as Administrator.

Cannot determine boot mode.
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\__c0070176.exe" = C:\WINDOWS\system32\__c0070176.exe:*:enabled:@xpsp2res.dll,-22019 -- (Mozilla Foundation)
"C:\WINDOWS\TEMP\xxxwrp010yyzz\bin\javaw.exe" = C:\WINDOWS\TEMP\xxxwrp010yyzz\bin\javaw.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"Control center" = Control center
"Control Commander" = Control Commander
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InterActual Player" = InterActual Player
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSC" = McAfee SecurityCenter
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MyWebSearch bar Uninstall" = My Web Search (Zwinky)
"PCenter" = PCenter
"P-Center" = P-Center
"PComponents" = PComponents
"PhotoStitch" = Canon Utilities PhotoStitch
"Privacy Components" = Privacy Components
"Privacy-Center" = Privacy-Center
"Privacy-Components" = Privacy-Components
"ProInst" = Intel® PROSet/Wireless Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >




UPDATE 2:

I think I deleted a file that was crucial for start up because now I cant even log on my computer. When I click on the Welcome screen the user icon it says "Loading personal settings" and then it says "Logging off" right after that.
These are the files I deleted:
c:\WINDOWS\system32\winhelper86.dll
c:\WINDOWS\system32\winlogon86.exe
c:\WINDOWS\system32\winupdate86.exe
c:\WINDOWS\system32\AVR10.exe

I hope I didnt just kill my computer....

Edited by Electraa, 13 May 2010 - 05:13 PM.

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,148 posts
  • MVP
Impressive collection of malware you have there.

Copy the text between the lines of stars by highlighting (Click once just in front of the :OTL then scroll down to the bottom, hold the Shift key down and click at the end of the last line before the stars) and Ctrl + c
***************************************************************************************************
:OTL
MOD - [2010/02/13 14:19:52 | 000,057,344 | -HS- | M] () -- C:\WINDOWS\system32\lasozodi.dll
MOD - [2009/12/18 02:21:11 | 000,092,672 | ---- | M] () -- C:\WINDOWS\system32\livusipi.dll
MOD - [2009/12/16 02:21:13 | 000,092,672 | ---- | M] () -- C:\WINDOWS\system32\kowetalo.dll
MOD - [2009/12/14 14:21:13 | 000,093,184 | ---- | M] () -- C:\WINDOWS\system32\sarinavo.dll
MOD - [2009/12/12 02:11:33 | 000,092,672 | ---- | M] () -- C:\WINDOWS\system32\jutesogu.dll
MOD - [2009/12/11 02:11:34 | 000,092,672 | ---- | M] () -- C:\WINDOWS\system32\sasizalu.dll
MOD - [2009/09/19 14:23:07 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\wodewena.dll
MOD - [2009/09/18 14:22:39 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\hipiveho.dll
MOD - [2009/09/14 02:18:55 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\gunesoyo.dll
MOD - [2009/09/13 14:18:26 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\rogajitu.dll
MOD - [2009/09/12 14:17:53 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\memazana.dll
MOD - [2009/09/10 14:16:39 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\wahewefa.dll
MOD - [2009/09/09 14:15:51 | 000,092,672 | -HS- | M] () -- C:\WINDOWS\system32\yuhonowu.dll
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [85568133] C:\Documents and Settings\All Users\Application Data\85568133\85568133.exe ()
O4 - HKLM..\Run: [calc] C:\WINDOWS\System32\calc.DLL File not found
O4 - HKLM..\Run: [My Web Search Bar] C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Plugin] C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [pefoyumey] C:\WINDOWS\System32\wodewena.DLL ()
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\AVR.exe File not found
O4 - HKCU..\Run: [calc] C:\WINDOWS\System32\config\SYSTEM~1\ntuser.DLL File not found
O4 - HKCU..\Run: [Reg Tool] C:\Program Files\Reg Tool\Reg Tool.exe File not found
O4 - Startup: C:\Documents and Settings\Sandra\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe File not found
O4 - Startup: C:\Documents and Settings\Sandra\Start Menu\Programs\Startup\scandisk.lnk = C:\Documents and Settings\Sandra\Desktop\rundll32.exe File not found
O20 - AppInit_DLLs: (c:\windows\system32\nagefipi.dll c:\windows\system32\yuhonowu.dll c:\windows\system32\wahewefa.dll c:\windows\system32\sasizalu.dll c:\windows\system32\jutesogu.dll c:\windows\system32\memazana.dll c:\windows\system32\rogajitu.dll c:\windows\system32\gunesoyo.dll c:\windows\system32\sarinavo.dll c:\windows\system32\kowetalo.dll c:\windows\system32\livusipi.dll c:\windows\system32\hipiveho.dll c:\windows\system32\wodewena.dll) - C:\WINDOWS\System32\nagefipi.dll File not found
O20 - AppInit_DLLs: (lasozodi.dll) - C:\WINDOWS\System32\lasozodi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\System32\winlogon86.exe File not found
O20 - Winlogon\Notify\__c00610C: DllName - C:\WINDOWS\system32\__c00610C.dat - C:\WINDOWS\System32\__c00610C.dat File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: fuguzuwad - {11fc0e17-d4e6-4966-a07a-d4c472585a90} - C:\WINDOWS\system32\wodewena.dll ()
O21 - SSODL: jitonutov - {38cef610-e331-4ee8-abea-825057663292} - C:\WINDOWS\system32\wodewena.dll ()
O21 - SSODL: lahozopiw - {2ae551e2-7127-454b-a85b-a20f9a9b2a22} - C:\WINDOWS\system32\sasizalu.dll ()
O21 - SSODL: newusafep - {cda53b86-61c0-4bb2-b809-86f7d48798c8} - C:\WINDOWS\system32\wahewefa.dll ()
O21 - SSODL: pehiyiket - {b8cb487f-5960-4ee4-8ee5-ac34410687eb} - C:\WINDOWS\system32\hipiveho.dll ()
O21 - SSODL: reragajor - {361f6b12-a1d7-4839-a9d7-1239d48a0c0f} - C:\WINDOWS\system32\wodewena.dll ()
O21 - SSODL: resiyefur - {0e063052-092d-44ee-8f96-03ff582a1e57} - C:\WINDOWS\system32\jutesogu.dll ()
O21 - SSODL: rirojewew - {2a695681-0a94-48ef-8260-d5b142c753b5} - C:\WINDOWS\System32\nagefipi.dll File not found
O21 - SSODL: sabujopak - {bfa6689f-1e50-4bdd-b24e-7ed90cc86cfe} - C:\WINDOWS\system32\jutesogu.dll ()
O21 - SSODL: vuhosugak - {f041fa32-ad2f-437b-935a-8206296a4c2b} - C:\WINDOWS\system32\wahewefa.dll ()
O21 - SSODL: weboyagiw - {51a60129-f329-4801-81fd-d2263524067c} - C:\WINDOWS\system32\gunesoyo.dll ()
O21 - SSODL: wetotarif - {4860bf8e-9c60-4502-abc4-6cffb805a368} - C:\WINDOWS\system32\memazana.dll ()
O21 - SSODL: zaganebov - {dac02dbf-dd6a-4e1d-b58a-af9c5e79edd8} - C:\WINDOWS\system32\wodewena.dll ()
O22 - SharedTaskScheduler: {0e063052-092d-44ee-8f96-03ff582a1e57} - mujuzedij - C:\WINDOWS\system32\jutesogu.dll ()
O22 - SharedTaskScheduler: {11fc0e17-d4e6-4966-a07a-d4c472585a90} - kupuhivus - C:\WINDOWS\system32\wodewena.dll ()
O22 - SharedTaskScheduler: {2a695681-0a94-48ef-8260-d5b142c753b5} - gahurihor - C:\WINDOWS\System32\nagefipi.dll File not found
O22 - SharedTaskScheduler: {2ae551e2-7127-454b-a85b-a20f9a9b2a22} - tokatiluy - C:\WINDOWS\system32\sasizalu.dll ()
O22 - SharedTaskScheduler: {361f6b12-a1d7-4839-a9d7-1239d48a0c0f} - mujuzedij - C:\WINDOWS\system32\wodewena.dll ()
O22 - SharedTaskScheduler: {38cef610-e331-4ee8-abea-825057663292} - gahurihor - C:\WINDOWS\system32\memazana.dll ()
O22 - SharedTaskScheduler: {4860bf8e-9c60-4502-abc4-6cffb805a368} - mujuzedij - C:\WINDOWS\system32\memazana.dll ()
O22 - SharedTaskScheduler: {51a60129-f329-4801-81fd-d2263524067c} - mujuzedij - C:\WINDOWS\system32\gunesoyo.dll ()
O22 - SharedTaskScheduler: {b8cb487f-5960-4ee4-8ee5-ac34410687eb} - mujuzedij - C:\WINDOWS\system32\hipiveho.dll ()
O22 - SharedTaskScheduler: {bfa6689f-1e50-4bdd-b24e-7ed90cc86cfe} - tokatiluy - C:\WINDOWS\system32\jutesogu.dll ()
O22 - SharedTaskScheduler: {cda53b86-61c0-4bb2-b809-86f7d48798c8} - mujuzedij - C:\WINDOWS\system32\wahewefa.dll ()
O22 - SharedTaskScheduler: {dac02dbf-dd6a-4e1d-b58a-af9c5e79edd8} - tokatiluy - C:\WINDOWS\system32\wodewena.dll ()
O22 - SharedTaskScheduler: {f041fa32-ad2f-437b-935a-8206296a4c2b} - kupuhivus - C:\WINDOWS\system32\wahewefa.dll ()
[2010/05/13 15:00:52 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/05/13 14:36:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19173.exe
[2010/05/13 14:35:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9556.exe
[2010/05/13 14:17:30 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\fowtenkn.job
[2010/05/13 10:11:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\kimuremo.dll
[2010/05/13 10:11:01 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\lodayija.dll
[2010/05/13 10:11:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\foburune.dll
[2010/05/09 02:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26577.exe
[2010/05/09 01:41:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6000.exe
[2010/05/09 01:21:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31207.exe
[2010/05/09 01:01:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10263.exe
[2010/05/09 00:41:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29235.exe
[2010/05/09 00:21:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5995.exe
[2010/05/09 00:01:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15798.exe
[2010/05/08 23:41:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31850.exe
[2010/05/08 23:21:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4289.exe
[2010/05/08 22:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13488.exe
[2010/05/08 22:20:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\16840.exe
[2010/05/08 22:00:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9681.exe
[2010/05/08 21:40:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\7022.exe
[2010/05/08 21:20:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\30754.exe
[2010/05/08 21:00:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26984.exe
[2010/05/08 20:40:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27190.exe
[2010/05/08 20:20:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23114.exe
[2010/05/08 20:00:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29081.exe
[2010/05/08 19:40:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5654.exe
[2010/05/08 19:20:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24209.exe
[2010/05/08 19:00:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15062.exe
[2010/05/08 18:40:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\1294.exe
[2010/05/08 18:20:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2254.exe
[2010/05/08 17:40:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17614.exe
[2010/05/08 17:19:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22866.exe
[2010/05/08 16:59:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22682.exe
[2010/05/08 16:19:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\97.exe
[2010/05/08 15:39:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\12719.exe
[2010/05/08 15:19:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\75.exe
[2010/05/08 14:59:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11117.exe
[2010/05/08 14:39:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\21518.exe
[2010/05/08 14:19:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6084.exe
[2010/05/08 13:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14608.exe
[2010/05/08 13:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10237.exe
[2010/05/08 12:39:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28588.exe
[2010/05/08 12:01:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10178.exe
[2010/05/08 04:01:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2543.exe
[2010/05/08 03:41:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15272.exe
[2010/05/08 03:21:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27373.exe
[2010/05/08 03:01:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32734.exe
[2010/05/08 02:41:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10125.exe
[2010/05/08 02:21:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6833.exe
[2010/05/08 01:41:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\17870.exe
[2010/05/08 01:21:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\4130.exe
[2010/05/08 01:01:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10711.exe
[2010/05/08 00:41:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\13100.exe
[2010/05/08 00:21:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31478.exe
[2010/05/08 00:01:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\22376.exe
[2010/05/07 23:41:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11307.exe
[2010/05/07 23:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\2277.exe
[2010/05/07 23:01:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3804.exe
[2010/05/07 22:40:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11158.exe
[2010/05/07 22:20:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\32150.exe
[2010/05/07 22:00:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\10471.exe
[2010/05/07 21:32:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\14854.exe
[2010/05/07 21:32:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\31043.exe
[2010/05/07 21:01:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\9701.exe
[2010/05/07 20:59:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\27976.exe
[2010/05/07 20:35:10 | 000,001,004 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\Control Commander.lnk
[2010/04/26 06:27:43 | 000,048,136 | ---- | C] () -- C:\WINDOWS\System32\kivihude.exe
[2010/04/21 05:06:21 | 001,969,900 | ---- | C] () -- C:\WINDOWS\System32\ninegozu.exe
[2010/04/20 09:20:04 | 000,087,040 | ---- | C] () -- C:\WINDOWS\System32\tevupiru.exe
[2010/02/28 12:02:52 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Sandra\Desktop\Security Tool.lnk
[2010/02/13 14:19:52 | 000,057,344 | -HS- | C] () -- C:\WINDOWS\System32\lasozodi.dll
[2010/02/13 14:19:51 | 000,057,344 | -HS- | C] () -- C:\WINDOWS\System32\movoyari.dll
[2010/02/13 14:19:51 | 000,057,344 | -HS- | C] () -- C:\WINDOWS\System32\manaviha.dll
[2010/02/13 14:13:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dupejume.exe
[2010/02/13 14:12:59 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\sehajiwi.dll
[2010/02/13 14:12:59 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\sapahore.exe
[2010/02/13 14:12:59 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\fujegifu.dll
[2010/02/13 14:12:58 | 000,000,008 | -HS- | C] () -- C:\WINDOWS\System32\fujegifu.exe
[2010/02/13 14:12:58 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dujujewo.dll
[2010/02/07 20:30:26 | 000,049,152 | -HS- | C] () -- C:\WINDOWS\System32\sojerire.dll
[2009/12/18 02:21:11 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\livusipi.dll
[2009/12/18 02:20:49 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\dokuduni.dll
[2009/12/16 02:21:13 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\kowetalo.dll
[2009/12/14 14:21:13 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\sarinavo.dll
[2009/12/14 14:20:49 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\nerikofu.dll
[2009/12/14 14:20:22 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\nomebera.dll
[2009/12/14 14:20:15 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\woridusa.dll
[2009/12/12 02:19:12 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kimonadi.dll
[2009/12/12 02:11:33 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\jutesogu.dll
[2009/12/11 02:11:34 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\sasizalu.dll
[2009/12/10 02:18:54 | 000,002,098 | -HS- | C] () -- C:\WINDOWS\System32\fimotiso.dll
[2009/12/07 02:16:51 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\tizuwifa.dll
[2009/12/07 02:11:28 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ruvisape.dll
[2009/12/06 02:17:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kopeboya.dll
[2009/12/06 02:11:30 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\volehoda.dll
[2009/12/02 14:14:41 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yehiwofa.dll
[2009/12/02 14:11:13 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\suwalape.dll
[2009/12/02 02:14:01 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\tisugute.dll
[2009/12/01 14:14:16 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\papuwiyi.dll
[2009/12/01 14:12:49 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\zofudaga.dll
[2009/11/28 02:12:03 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fohuvefa.dll
[2009/11/28 02:11:25 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\derokewo.dll
[2009/11/26 16:26:17 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\hinikafo.dll
[2009/11/26 15:58:46 | 000,039,424 | ---- | C] () -- C:\WINDOWS\System32\nejoweyi.dll
[2009/09/19 14:23:09 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\rawasupa.dll
[2009/09/19 14:23:09 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lupogofa.dll
[2009/09/19 14:23:07 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\wodewena.dll
[2009/09/18 14:22:43 | 000,000,003 | -HS- | C] () -- C:\WINDOWS\System32\zidekemo.dll
[2009/09/18 14:22:41 | 000,061,952 | -HS- | C] () -- C:\WINDOWS\System32\wamihuyi.dll
[2009/09/18 14:22:39 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\hipiveho.dll
[2009/09/18 14:22:39 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\hayutofe.dll
[2009/09/18 02:22:35 | 000,021,504 | -HS- | C] () -- C:\WINDOWS\System32\dipuzode.dll
[2009/09/18 02:22:35 | 000,018,432 | -HS- | C] () -- C:\WINDOWS\System32\kunobeza.dll
[2009/09/18 02:22:34 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\talabuni.dll
[2009/09/17 02:22:11 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\fuvobuno.dll
[2009/09/17 02:22:09 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\kuwewawi.dll
[2009/09/17 02:22:09 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\jiwiniba.dll
[2009/09/16 14:21:59 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\hohujoza.dll
[2009/09/16 14:21:58 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\fuwefuto.dll
[2009/09/16 14:21:58 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\dovoboka.dll
[2009/09/16 02:21:41 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\mosikuze.dll
[2009/09/16 02:21:39 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\kowavugi.dll
[2009/09/16 02:21:39 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\fimofoto.dll
[2009/09/15 14:21:29 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\numewiko.dll
[2009/09/15 14:21:28 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\wenefimo.dll
[2009/09/15 14:21:28 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\dovitoli.dll
[2009/09/15 02:20:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\zatajeza.dll
[2009/09/15 02:19:59 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\zizubayu.dll
[2009/09/15 02:19:58 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\tomidole.dll
[2009/09/15 02:19:58 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\keyadaka.dll
[2009/09/14 14:19:42 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\homowuje.dll
[2009/09/14 14:19:41 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\hehitome.dll
[2009/09/14 14:19:40 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\vivagife.dll
[2009/09/14 14:19:40 | 000,000,512 | -HS- | C] () -- C:\WINDOWS\System32\tikitusi.dll
[2009/09/14 02:18:56 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pojalipa.dll
[2009/09/14 02:18:55 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\gunesoyo.dll
[2009/09/14 02:18:55 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\waponusi.dll
[2009/09/13 14:18:27 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\luzejule.dll
[2009/09/13 14:18:26 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\rogajitu.dll
[2009/09/13 14:18:24 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\sanabapu.dll
[2009/09/12 14:17:53 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\memazana.dll
[2009/09/12 14:17:53 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\foyunana.dll
[2009/09/12 14:17:52 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\yiwikepe.dll
[2009/09/12 02:17:28 | 000,013,312 | -HS- | C] () -- C:\WINDOWS\System32\zasezede.dll
[2009/09/12 02:17:28 | 000,001,024 | -HS- | C] () -- C:\WINDOWS\System32\jomezipu.dll
[2009/09/12 02:17:26 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\rekifomu.dll
[2009/09/11 02:17:02 | 000,006,144 | -HS- | C] () -- C:\WINDOWS\System32\yihomawo.dll
[2009/09/11 02:17:02 | 000,001,024 | -HS- | C] () -- C:\WINDOWS\System32\zadosuhi.dll
[2009/09/11 02:17:01 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\fozozize.dll
[2009/09/11 02:17:01 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\mukogeje.dll
[2009/09/10 14:16:39 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\wahewefa.dll
[2009/09/10 14:16:39 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\jisanewo.dll
[2009/09/10 14:16:38 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bonobuli.dll
[2009/09/09 14:15:53 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\rukubimu.dll
[2009/09/09 14:15:51 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\yuhonowu.dll
[2009/09/09 14:15:51 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\feporobe.dll
[2009/09/09 02:15:34 | 000,092,160 | -HS- | C] () -- C:\WINDOWS\System32\kubanefu.dll
[2009/09/09 02:15:33 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\vohanibu.dll
[2009/09/09 02:15:33 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pudeyuhe.dll
[2009/09/08 14:15:31 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\jagezuvo.dll
[2009/09/08 14:15:31 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\rohahewi.dll
[2009/09/08 14:15:29 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\walimuza.dll
[2009/09/08 02:15:25 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\subigagi.dll
[2009/09/08 02:15:24 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\pugojomi.dll
[2009/09/08 02:15:24 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\soyipudo.dll
[2009/09/07 14:15:08 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\miyusaga.dll
[2009/09/07 14:15:06 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\hosegoka.dll
[2009/09/07 14:15:06 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\zosidape.dll
[2009/09/07 02:14:46 | 000,006,144 | -HS- | C] () -- C:\WINDOWS\System32\fabosono.dll
[2009/09/07 02:14:45 | 000,047,104 | -HS- | C] () -- C:\WINDOWS\System32\bayamifi.dll
[2009/09/07 02:14:45 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\vadaribe.dll
[2009/09/06 14:14:44 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\rofohiro.dll
[2009/09/06 14:14:43 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\detiwovu.dll
[2009/09/06 14:14:43 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\gahoyebo.dll
[2009/09/06 02:14:39 | 000,015,360 | -HS- | C] () -- C:\WINDOWS\System32\fupofalo.dll
[2009/09/06 02:14:38 | 000,060,416 | -HS- | C] () -- C:\WINDOWS\System32\hizenina.dll
[2009/09/06 02:14:38 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\pemuwili.dll
[2009/09/05 14:14:32 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yikotoja.dll
[2009/09/05 14:14:31 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\nanaviha.dll
[2009/09/05 14:14:31 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\ramademu.dll
[2009/09/05 02:14:10 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\dakazano.dll
[2009/09/05 02:14:09 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\nawukubu.dll
[2009/09/05 02:14:09 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\romegiha.dll
[2009/09/04 14:14:06 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\latibuzi.dll
[2009/09/04 14:14:05 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\banuroyi.dll
[2009/09/04 14:14:05 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\wazuyimu.dll
[2009/09/04 02:13:47 | 000,009,216 | -HS- | C] () -- C:\WINDOWS\System32\vuhehemo.dll
[2009/09/04 02:13:46 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\wawoyapo.dll
[2009/09/04 02:13:45 | 000,092,160 | -HS- | C] () -- C:\WINDOWS\System32\rasirowu.dll
[2009/09/04 02:13:45 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\konupiga.dll
[2009/09/03 14:13:23 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\lazinuyi.dll
[2009/09/03 14:13:22 | 000,092,160 | -HS- | C] () -- C:\WINDOWS\System32\hodogeju.dll
[2009/09/03 14:13:22 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bomiyenu.dll
[2009/09/03 02:13:13 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\ponemeno.dll
[2009/09/03 02:13:11 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\zatiyatu.dll
[2009/09/03 02:13:11 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\fowatuyo.dll
[2009/09/02 14:13:00 | 000,001,024 | -HS- | C] () -- C:\WINDOWS\System32\dahuvuze.dll
[2009/09/02 14:12:59 | 000,006,144 | -HS- | C] () -- C:\WINDOWS\System32\guyibubi.dll
[2009/09/02 14:12:58 | 000,045,568 | -HS- | C] () -- C:\WINDOWS\System32\nadadomo.dll
[2009/09/02 02:12:48 | 000,015,360 | -HS- | C] () -- C:\WINDOWS\System32\lafigete.dll
[2009/09/02 02:12:47 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\jubigoso.dll
[2009/09/02 02:12:47 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\beluwepo.dll
[2009/09/01 14:12:34 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\System32\jefuduza.dll
[2009/09/01 14:12:32 | 000,080,896 | -HS- | C] () -- C:\WINDOWS\System32\kebopiju.dll
[2009/09/01 14:12:32 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\zoyehohi.dll
[2009/09/01 02:12:18 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\sayamiza.dll
[2009/09/01 02:12:17 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\nanifunu.dll
[2009/09/01 02:12:17 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\juteweze.dll
[2009/08/30 14:11:55 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\tiyetohu.dll
[2009/08/30 14:11:54 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\yodupode.dll
[2009/08/30 14:11:54 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\zulavuye.dll
[2009/08/30 02:11:34 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\muvogodo.dll
[2009/08/30 02:11:33 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\yavefevu.dll
[2009/08/30 02:11:32 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\tezujeva.dll
[2009/08/29 14:11:20 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\poruwunu.dll
[2009/08/29 14:11:19 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\ruhobazi.dll
[2009/08/29 14:11:19 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\nufotodi.dll
[2009/08/29 02:10:50 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\lipekepo.dll
[2009/08/29 02:10:49 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\ropopive.dll
[2009/08/29 02:10:49 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\zulemuju.dll
[2009/08/28 14:10:32 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\tuhuhodi.dll
[2009/08/28 14:10:30 | 000,092,672 | -HS- | C] () -- C:\WINDOWS\System32\ropadugi.dll
[2009/08/28 14:10:30 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\rohesulu.dll
[2009/08/28 02:10:18 | 000,053,248 | -HS- | C] () -- C:\WINDOWS\System32\mokahodi.dll
[2009/08/28 02:10:18 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\fiveteve.dll
[2009/08/27 14:10:17 | 000,092,160 | -HS- | C] () -- C:\WINDOWS\System32\wonihatu.dll
[2009/08/27 14:10:16 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\nemabuta.dll
[2009/08/27 14:10:16 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\gibefige.dll
[2009/08/27 02:10:01 | 000,074,752 | -HS- | C] () -- C:\WINDOWS\System32\bebohoge.dll
[2009/08/27 02:10:01 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\milufuro.dll
[2009/08/26 14:09:48 | 000,011,264 | -HS- | C] () -- C:\WINDOWS\System32\dawusere.dll
[2009/08/26 14:09:48 | 000,006,144 | -HS- | C] () -- C:\WINDOWS\System32\latawude.dll
[2009/08/26 14:09:46 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\piwuporo.dll
[2009/08/26 14:09:46 | 000,045,056 | -HS- | C] () -- C:\WINDOWS\System32\wokohebu.dll

:Files
C:\Documents and Settings\All Users\Application Data\16284324
C:\Documents and Settings\All Users\Application Data\38273528
C:\Documents and Settings\All Users\Application Data\55045827
C:\Documents and Settings\All Users\Application Data\85568133
C:\WINDOWS\Tasks\ (SANDRA-6EC01333-Sandra).job
C:\WINDOWS\Tasks\DriverCure.job
C:\WINDOWS\Tasks\fowtenkn.job
C:\WINDOWS\Tasks\gpschdgu.job
C:\WINDOWS\Tasks\McDefragTask.job
C:\WINDOWS\Tasks\McQcTask.job
C:\WINDOWS\Tasks\ParetoLogic Registration.job
C:\WINDOWS\Tasks\ParetoLogic Update Version2.job

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus programs at this time :!:

Reboot now, please :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log

Ron

Edited by RKinner, 13 May 2010 - 10:30 PM.

  • 0

#6
Electraa

Electraa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Ron,
I this you missed the last part of my last post because I'm unable to log in anymore.

Last post:
UPDATE 2:

I think I deleted a file that was crucial for start up because now I cant even log on my computer. When I click on the Welcome screen the user icon it says "Loading personal settings" and then it says "Logging off" right after that.
These are the files I deleted:
c:\WINDOWS\system32\winhelper86.dll
c:\WINDOWS\system32\winlogon86.exe
c:\WINDOWS\system32\winupdate86.exe
c:\WINDOWS\system32\AVR10.exe

I hope I didnt just kill my computer....
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,148 posts
  • MVP
Unless you have the XP CD you will have to have a friend burn a bootable CD. Haye your friend download the Avira Rescue Disk

http://www.free-av.c...cue_system.html

Instructions here:
http://www.techmixer...us-and-malware/

Once you get on, if you can copy

c:\windows\system32\userinit.exe to C:\WINDOWS\System32\winlogon86.exe

(If working from the CD then go to the Restore Console and when you get a prompt, type the text in the code box and then hit Enter:

copy  c:\windows\system32\userinit.exe  C:\WINDOWS\System32\winlogon86.exe
(I used two spaces so you can see where one space goes.))


You should be able to boot again.
  • 0

#8
Electraa

Electraa

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
With your help I ws able to reboot! Thank you!
Here are the logs:

OLT:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\85568133 deleted successfully.
C:\Documents and Settings\All Users\Application Data\85568133\85568133.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\calc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pefoyumey deleted successfully.
C:\WINDOWS\system32\wodewena.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winupdate86.exe deleted successfully.
C:\WINDOWS\system32\winupdate86.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced Virus Remover deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\calc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Reg Tool deleted successfully.
C:\Documents and Settings\Sandra\Start Menu\Programs\Startup\Adobe Media Player.lnk moved successfully.
C:\Documents and Settings\Sandra\Start Menu\Programs\Startup\scandisk.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\nagefipi.dll c:\windows\system32\yuhonowu.dll c:\windows\system32\wahewefa.dll c:\windows\system32\sasizalu.dll c:\windows\system32\jutesogu.dll c:\windows\system32\memazana.dll c:\windows\system32\rogajitu.dll c:\windows\system32\gunesoyo.dll c:\windows\system32\sarinavo.dll c:\windows\system32\kowetalo.dll c:\windows\system32\livusipi.dll c:\windows\system32\hipiveho.dll c:\windows\system32\wodewena.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:lasozodi.dll deleted successfully.
C:\WINDOWS\system32\lasozodi.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:Explorer.exe deleted successfully.
Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\winlogon86.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00610C\ deleted successfully.
Invalid CLSID key: __c00610C
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
C:\WINDOWS\system32\igfxdev.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\fuguzuwad deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11fc0e17-d4e6-4966-a07a-d4c472585a90}\ deleted successfully.
File C:\WINDOWS\system32\wodewena.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\jitonutov deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38cef610-e331-4ee8-abea-825057663292}\ deleted successfully.
File C:\WINDOWS\system32\wodewena.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\lahozopiw deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ae551e2-7127-454b-a85b-a20f9a9b2a22}\ deleted successfully.
C:\WINDOWS\system32\sasizalu.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\newusafep deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cda53b86-61c0-4bb2-b809-86f7d48798c8}\ deleted successfully.
C:\WINDOWS\system32\wahewefa.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\pehiyiket deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8cb487f-5960-4ee4-8ee5-ac34410687eb}\ deleted successfully.
C:\WINDOWS\system32\hipiveho.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\reragajor deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361f6b12-a1d7-4839-a9d7-1239d48a0c0f}\ deleted successfully.
File C:\WINDOWS\system32\wodewena.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\resiyefur deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e063052-092d-44ee-8f96-03ff582a1e57}\ deleted successfully.
C:\WINDOWS\system32\jutesogu.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\rirojewew deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a695681-0a94-48ef-8260-d5b142c753b5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\sabujopak deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bfa6689f-1e50-4bdd-b24e-7ed90cc86cfe}\ deleted successfully.
File C:\WINDOWS\system32\jutesogu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vuhosugak deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f041fa32-ad2f-437b-935a-8206296a4c2b}\ deleted successfully.
File C:\WINDOWS\system32\wahewefa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\weboyagiw deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a60129-f329-4801-81fd-d2263524067c}\ deleted successfully.
C:\WINDOWS\system32\gunesoyo.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\wetotarif deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4860bf8e-9c60-4502-abc4-6cffb805a368}\ deleted successfully.
C:\WINDOWS\system32\memazana.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\zaganebov deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dac02dbf-dd6a-4e1d-b58a-af9c5e79edd8}\ deleted successfully.
File C:\WINDOWS\system32\wodewena.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{0e063052-092d-44ee-8f96-03ff582a1e57} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e063052-092d-44ee-8f96-03ff582a1e57}\ not found.
File C:\WINDOWS\system32\jutesogu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{11fc0e17-d4e6-4966-a07a-d4c472585a90} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11fc0e17-d4e6-4966-a07a-d4c472585a90}\ not found.
File C:\WINDOWS\system32\wodewena.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{2a695681-0a94-48ef-8260-d5b142c753b5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a695681-0a94-48ef-8260-d5b142c753b5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{2ae551e2-7127-454b-a85b-a20f9a9b2a22} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ae551e2-7127-454b-a85b-a20f9a9b2a22}\ not found.
File C:\WINDOWS\system32\sasizalu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{361f6b12-a1d7-4839-a9d7-1239d48a0c0f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{361f6b12-a1d7-4839-a9d7-1239d48a0c0f}\ not found.
File C:\WINDOWS\system32\wodewena.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{38cef610-e331-4ee8-abea-825057663292} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38cef610-e331-4ee8-abea-825057663292}\ not found.
File C:\WINDOWS\system32\memazana.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{4860bf8e-9c60-4502-abc4-6cffb805a368} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4860bf8e-9c60-4502-abc4-6cffb805a368}\ not found.
File C:\WINDOWS\system32\memazana.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{51a60129-f329-4801-81fd-d2263524067c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a60129-f329-4801-81fd-d2263524067c}\ not found.
File C:\WINDOWS\system32\gunesoyo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{b8cb487f-5960-4ee4-8ee5-ac34410687eb} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8cb487f-5960-4ee4-8ee5-ac34410687eb}\ not found.
File C:\WINDOWS\system32\hipiveho.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{bfa6689f-1e50-4bdd-b24e-7ed90cc86cfe} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bfa6689f-1e50-4bdd-b24e-7ed90cc86cfe}\ not found.
File C:\WINDOWS\system32\jutesogu.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{cda53b86-61c0-4bb2-b809-86f7d48798c8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cda53b86-61c0-4bb2-b809-86f7d48798c8}\ not found.
File C:\WINDOWS\system32\wahewefa.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{dac02dbf-dd6a-4e1d-b58a-af9c5e79edd8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dac02dbf-dd6a-4e1d-b58a-af9c5e79edd8}\ not found.
File C:\WINDOWS\system32\wodewena.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{f041fa32-ad2f-437b-935a-8206296a4c2b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f041fa32-ad2f-437b-935a-8206296a4c2b}\ not found.
File C:\WINDOWS\system32\wahewefa.dll not found.
C:\WINDOWS\system32\tmp.reg moved successfully.
C:\WINDOWS\system32\19173.exe moved successfully.
C:\WINDOWS\system32\9556.exe moved successfully.
File C:\WINDOWS\tasks\fowtenkn.job not found.
C:\WINDOWS\system32\kimuremo.dll moved successfully.
File C:\WINDOWS\System32\lodayija.dll not found.
C:\WINDOWS\system32\foburune.dll moved successfully.
C:\WINDOWS\system32\26577.exe moved successfully.
C:\WINDOWS\system32\6000.exe moved successfully.
C:\WINDOWS\system32\31207.exe moved successfully.
C:\WINDOWS\system32\10263.exe moved successfully.
C:\WINDOWS\system32\29235.exe moved successfully.
C:\WINDOWS\system32\5995.exe moved successfully.
C:\WINDOWS\system32\15798.exe moved successfully.
C:\WINDOWS\system32\31850.exe moved successfully.
C:\WINDOWS\system32\4289.exe moved successfully.
C:\WINDOWS\system32\13488.exe moved successfully.
C:\WINDOWS\system32\16840.exe moved successfully.
C:\WINDOWS\system32\9681.exe moved successfully.
C:\WINDOWS\system32\7022.exe moved successfully.
C:\WINDOWS\system32\30754.exe moved successfully.
C:\WINDOWS\system32\26984.exe moved successfully.
C:\WINDOWS\system32\27190.exe moved successfully.
C:\WINDOWS\system32\23114.exe moved successfully.
C:\WINDOWS\system32\29081.exe moved successfully.
C:\WINDOWS\system32\5654.exe moved successfully.
C:\WINDOWS\system32\24209.exe moved successfully.
C:\WINDOWS\system32\15062.exe moved successfully.
C:\WINDOWS\system32\1294.exe moved successfully.
C:\WINDOWS\system32\2254.exe moved successfully.
C:\WINDOWS\system32\17614.exe moved successfully.
C:\WINDOWS\system32\22866.exe moved successfully.
C:\WINDOWS\system32\22682.exe moved successfully.
C:\WINDOWS\system32\97.exe moved successfully.
C:\WINDOWS\system32\12719.exe moved successfully.
C:\WINDOWS\system32\75.exe moved successfully.
C:\WINDOWS\system32\11117.exe moved successfully.
C:\WINDOWS\system32\21518.exe moved successfully.
C:\WINDOWS\system32\6084.exe moved successfully.
C:\WINDOWS\system32\14608.exe moved successfully.
C:\WINDOWS\system32\10237.exe moved successfully.
C:\WINDOWS\system32\28588.exe moved successfully.
C:\WINDOWS\system32\10178.exe moved successfully.
C:\WINDOWS\system32\2543.exe moved successfully.
C:\WINDOWS\system32\15272.exe moved successfully.
C:\WINDOWS\system32\27373.exe moved successfully.
C:\WINDOWS\system32\32734.exe moved successfully.
C:\WINDOWS\system32\10125.exe moved successfully.
C:\WINDOWS\system32\6833.exe moved successfully.
C:\WINDOWS\system32\17870.exe moved successfully.
C:\WINDOWS\system32\4130.exe moved successfully.
C:\WINDOWS\system32\10711.exe moved successfully.
C:\WINDOWS\system32\13100.exe moved successfully.
C:\WINDOWS\system32\31478.exe moved successfully.
C:\WINDOWS\system32\22376.exe moved successfully.
C:\WINDOWS\system32\11307.exe moved successfully.
C:\WINDOWS\system32\2277.exe moved successfully.
C:\WINDOWS\system32\3804.exe moved successfully.
C:\WINDOWS\system32\11158.exe moved successfully.
C:\WINDOWS\system32\32150.exe moved successfully.
C:\WINDOWS\system32\10471.exe moved successfully.
C:\WINDOWS\system32\14854.exe moved successfully.
C:\WINDOWS\system32\31043.exe moved successfully.
C:\WINDOWS\system32\9701.exe moved successfully.
C:\WINDOWS\system32\27976.exe moved successfully.
C:\Documents and Settings\Sandra\Desktop\Control Commander.lnk moved successfully.
File C:\WINDOWS\System32\kivihude.exe not found.
C:\WINDOWS\system32\ninegozu.exe moved successfully.
C:\WINDOWS\system32\tevupiru.exe moved successfully.
C:\Documents and Settings\Sandra\Desktop\Security Tool.lnk moved successfully.
File C:\WINDOWS\System32\lasozodi.dll not found.
C:\WINDOWS\system32\movoyari.dll moved successfully.
C:\WINDOWS\system32\manaviha.dll moved successfully.
C:\WINDOWS\system32\dupejume.exe moved successfully.
C:\WINDOWS\system32\sehajiwi.dll moved successfully.
C:\WINDOWS\system32\sapahore.exe moved successfully.
C:\WINDOWS\system32\fujegifu.dll moved successfully.
C:\WINDOWS\system32\fujegifu.exe moved successfully.
C:\WINDOWS\system32\dujujewo.dll moved successfully.
C:\WINDOWS\system32\sojerire.dll moved successfully.
C:\WINDOWS\system32\livusipi.dll moved successfully.
C:\WINDOWS\system32\dokuduni.dll moved successfully.
C:\WINDOWS\system32\kowetalo.dll moved successfully.
C:\WINDOWS\system32\sarinavo.dll moved successfully.
C:\WINDOWS\system32\nerikofu.dll moved successfully.
C:\WINDOWS\system32\nomebera.dll moved successfully.
C:\WINDOWS\system32\woridusa.dll moved successfully.
C:\WINDOWS\system32\kimonadi.dll moved successfully.
File C:\WINDOWS\System32\jutesogu.dll not found.
File C:\WINDOWS\System32\sasizalu.dll not found.
C:\WINDOWS\system32\fimotiso.dll moved successfully.
C:\WINDOWS\system32\tizuwifa.dll moved successfully.
C:\WINDOWS\system32\ruvisape.dll moved successfully.
C:\WINDOWS\system32\kopeboya.dll moved successfully.
C:\WINDOWS\system32\volehoda.dll moved successfully.
C:\WINDOWS\system32\yehiwofa.dll moved successfully.
C:\WINDOWS\system32\suwalape.dll moved successfully.
C:\WINDOWS\system32\tisugute.dll moved successfully.
C:\WINDOWS\system32\papuwiyi.dll moved successfully.
C:\WINDOWS\system32\zofudaga.dll moved successfully.
C:\WINDOWS\system32\fohuvefa.dll moved successfully.
C:\WINDOWS\system32\derokewo.dll moved successfully.
C:\WINDOWS\system32\hinikafo.dll moved successfully.
C:\WINDOWS\system32\nejoweyi.dll moved successfully.
C:\WINDOWS\system32\rawasupa.dll moved successfully.
C:\WINDOWS\system32\lupogofa.dll moved successfully.
File C:\WINDOWS\System32\wodewena.dll not found.
C:\WINDOWS\system32\zidekemo.dll moved successfully.
C:\WINDOWS\system32\wamihuyi.dll moved successfully.
File C:\WINDOWS\System32\hipiveho.dll not found.
C:\WINDOWS\system32\hayutofe.dll moved successfully.
C:\WINDOWS\system32\dipuzode.dll moved successfully.
C:\WINDOWS\system32\kunobeza.dll moved successfully.
C:\WINDOWS\system32\talabuni.dll moved successfully.
C:\WINDOWS\system32\fuvobuno.dll moved successfully.
C:\WINDOWS\system32\kuwewawi.dll moved successfully.
C:\WINDOWS\system32\jiwiniba.dll moved successfully.
C:\WINDOWS\system32\hohujoza.dll moved successfully.
C:\WINDOWS\system32\fuwefuto.dll moved successfully.
C:\WINDOWS\system32\dovoboka.dll moved successfully.
C:\WINDOWS\system32\mosikuze.dll moved successfully.
C:\WINDOWS\system32\kowavugi.dll moved successfully.
C:\WINDOWS\system32\fimofoto.dll moved successfully.
C:\WINDOWS\system32\numewiko.dll moved successfully.
C:\WINDOWS\system32\wenefimo.dll moved successfully.
C:\WINDOWS\system32\dovitoli.dll moved successfully.
C:\WINDOWS\system32\zatajeza.dll moved successfully.
C:\WINDOWS\system32\zizubayu.dll moved successfully.
C:\WINDOWS\system32\tomidole.dll moved successfully.
C:\WINDOWS\system32\keyadaka.dll moved successfully.
C:\WINDOWS\system32\homowuje.dll moved successfully.
C:\WINDOWS\system32\hehitome.dll moved successfully.
C:\WINDOWS\system32\vivagife.dll moved successfully.
C:\WINDOWS\system32\tikitusi.dll moved successfully.
C:\WINDOWS\system32\pojalipa.dll moved successfully.
File C:\WINDOWS\System32\gunesoyo.dll not found.
C:\WINDOWS\system32\waponusi.dll moved successfully.
C:\WINDOWS\system32\luzejule.dll moved successfully.
C:\WINDOWS\system32\rogajitu.dll moved successfully.
C:\WINDOWS\system32\sanabapu.dll moved successfully.
File C:\WINDOWS\System32\memazana.dll not found.
C:\WINDOWS\system32\foyunana.dll moved successfully.
C:\WINDOWS\system32\yiwikepe.dll moved successfully.
C:\WINDOWS\system32\zasezede.dll moved successfully.
C:\WINDOWS\system32\jomezipu.dll moved successfully.
C:\WINDOWS\system32\rekifomu.dll moved successfully.
C:\WINDOWS\system32\yihomawo.dll moved successfully.
C:\WINDOWS\system32\zadosuhi.dll moved successfully.
C:\WINDOWS\system32\fozozize.dll moved successfully.
C:\WINDOWS\system32\mukogeje.dll moved successfully.
File C:\WINDOWS\System32\wahewefa.dll not found.
C:\WINDOWS\system32\jisanewo.dll moved successfully.
C:\WINDOWS\system32\bonobuli.dll moved successfully.
C:\WINDOWS\system32\rukubimu.dll moved successfully.
C:\WINDOWS\system32\yuhonowu.dll moved successfully.
C:\WINDOWS\system32\feporobe.dll moved successfully.
C:\WINDOWS\system32\kubanefu.dll moved successfully.
C:\WINDOWS\system32\vohanibu.dll moved successfully.
C:\WINDOWS\system32\pudeyuhe.dll moved successfully.
C:\WINDOWS\system32\jagezuvo.dll moved successfully.
C:\WINDOWS\system32\rohahewi.dll moved successfully.
C:\WINDOWS\system32\walimuza.dll moved successfully.
C:\WINDOWS\system32\subigagi.dll moved successfully.
C:\WINDOWS\system32\pugojomi.dll moved successfully.
C:\WINDOWS\system32\soyipudo.dll moved successfully.
C:\WINDOWS\system32\miyusaga.dll moved successfully.
C:\WINDOWS\system32\hosegoka.dll moved successfully.
C:\WINDOWS\system32\zosidape.dll moved successfully.
C:\WINDOWS\system32\fabosono.dll moved successfully.
C:\WINDOWS\system32\bayamifi.dll moved successfully.
C:\WINDOWS\system32\vadaribe.dll moved successfully.
C:\WINDOWS\system32\rofohiro.dll moved successfully.
C:\WINDOWS\system32\detiwovu.dll moved successfully.
C:\WINDOWS\system32\gahoyebo.dll moved successfully.
C:\WINDOWS\system32\fupofalo.dll moved successfully.
C:\WINDOWS\system32\hizenina.dll moved successfully.
C:\WINDOWS\system32\pemuwili.dll moved successfully.
C:\WINDOWS\system32\yikotoja.dll moved successfully.
C:\WINDOWS\system32\nanaviha.dll moved successfully.
C:\WINDOWS\system32\ramademu.dll moved successfully.
C:\WINDOWS\system32\dakazano.dll moved successfully.
C:\WINDOWS\system32\nawukubu.dll moved successfully.
C:\WINDOWS\system32\romegiha.dll moved successfully.
C:\WINDOWS\system32\latibuzi.dll moved successfully.
C:\WINDOWS\system32\banuroyi.dll moved successfully.
C:\WINDOWS\system32\wazuyimu.dll moved successfully.
C:\WINDOWS\system32\vuhehemo.dll moved successfully.
C:\WINDOWS\system32\wawoyapo.dll moved successfully.
C:\WINDOWS\system32\rasirowu.dll moved successfully.
C:\WINDOWS\system32\konupiga.dll moved successfully.
C:\WINDOWS\system32\lazinuyi.dll moved successfully.
C:\WINDOWS\system32\hodogeju.dll moved successfully.
C:\WINDOWS\system32\bomiyenu.dll moved successfully.
C:\WINDOWS\system32\ponemeno.dll moved successfully.
C:\WINDOWS\system32\zatiyatu.dll moved successfully.
C:\WINDOWS\system32\fowatuyo.dll moved successfully.
C:\WINDOWS\system32\dahuvuze.dll moved successfully.
C:\WINDOWS\system32\guyibubi.dll moved successfully.
C:\WINDOWS\system32\nadadomo.dll moved successfully.
C:\WINDOWS\system32\lafigete.dll moved successfully.
C:\WINDOWS\system32\jubigoso.dll moved successfully.
C:\WINDOWS\system32\beluwepo.dll moved successfully.
C:\WINDOWS\system32\jefuduza.dll moved successfully.
C:\WINDOWS\system32\kebopiju.dll moved successfully.
C:\WINDOWS\system32\zoyehohi.dll moved successfully.
C:\WINDOWS\system32\sayamiza.dll moved successfully.
C:\WINDOWS\system32\nanifunu.dll moved successfully.
C:\WINDOWS\system32\juteweze.dll moved successfully.
C:\WINDOWS\system32\tiyetohu.dll moved successfully.
C:\WINDOWS\system32\yodupode.dll moved successfully.
C:\WINDOWS\system32\zulavuye.dll moved successfully.
C:\WINDOWS\system32\muvogodo.dll moved successfully.
C:\WINDOWS\system32\yavefevu.dll moved successfully.
C:\WINDOWS\system32\tezujeva.dll moved successfully.
C:\WINDOWS\system32\poruwunu.dll moved successfully.
C:\WINDOWS\system32\ruhobazi.dll moved successfully.
C:\WINDOWS\system32\nufotodi.dll moved successfully.
C:\WINDOWS\system32\lipekepo.dll moved successfully.
C:\WINDOWS\system32\ropopive.dll moved successfully.
C:\WINDOWS\system32\zulemuju.dll moved successfully.
C:\WINDOWS\system32\tuhuhodi.dll moved successfully.
C:\WINDOWS\system32\ropadugi.dll moved successfully.
C:\WINDOWS\system32\rohesulu.dll moved successfully.
C:\WINDOWS\system32\mokahodi.dll moved successfully.
C:\WINDOWS\system32\fiveteve.dll moved successfully.
C:\WINDOWS\system32\wonihatu.dll moved successfully.
C:\WINDOWS\system32\nemabuta.dll moved successfully.
C:\WINDOWS\system32\gibefige.dll moved successfully.
C:\WINDOWS\system32\bebohoge.dll moved successfully.
C:\WINDOWS\system32\milufuro.dll moved successfully.
C:\WINDOWS\system32\dawusere.dll moved successfully.
C:\WINDOWS\system32\latawude.dll moved successfully.
C:\WINDOWS\system32\piwuporo.dll moved successfully.
C:\WINDOWS\system32\wokohebu.dll moved successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\16284324 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\38273528 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\55045827 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\85568133 folder moved successfully.
C:\WINDOWS\Tasks\ (SANDRA-6EC01333-Sandra).job moved successfully.
C:\WINDOWS\Tasks\DriverCure.job moved successfully.
File\Folder C:\WINDOWS\Tasks\fowtenkn.job not found.
C:\WINDOWS\Tasks\gpschdgu.job moved successfully.
C:\WINDOWS\Tasks\McDefragTask.job moved successfully.
C:\WINDOWS\Tasks\McQcTask.job moved successfully.
C:\WINDOWS\Tasks\ParetoLogic Registration.job moved successfully.
C:\WINDOWS\Tasks\ParetoLogic Update Version2.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Sandra
->Temp folder emptied: 196608 bytes
->Temporary Internet Files folder emptied: 5467413 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 88 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 696 bytes

Total Files Cleaned = 5.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05152010_010430

Files\Folders moved on Reboot...
C:\Documents and Settings\Sandra\Local Settings\Temporary Internet Files\Content.IE5\ZU3TCOKI\iframe[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\mcmsc_6whWeqoMaBztTlD not found!
File\Folder C:\WINDOWS\temp\mcmsc_k7JudSF4gQjYZqc not found!
File\Folder C:\WINDOWS\temp\mcmsc_Xp6qHqJQ4DHaVNW not found!
C:\WINDOWS\temp\sqlite_1cmD8dTJ8bvMTdK moved successfully.
C:\WINDOWS\temp\sqlite_BRhkyzlBFmH8rpZ moved successfully.

Registry entries deleted on Reboot...


MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4103

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/15/2010 2:28:51 AM
mbam-log-2010-05-15 (02-28-51).txt

Scan type: Full scan (C:\|)
Objects scanned: 173127
Time elapsed: 1 hour(s), 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 160
Registry Values Infected: 10
Registry Data Items Infected: 10
Folders Infected: 28
Files Infected: 281

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\robejaku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b04ad2b6-e4c0-46fb-8bca-b3379deda080} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\control commander (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\p-center (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pcenter (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pcomponents (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\privacy components (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\privacy-center (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\privacy-components (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Control center (Rogue.ControlCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pefoyumey (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b04ad2b6-e4c0-46fb-8bca-b3379deda080} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\reyemoves (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agent.exe (Rogue.PClean) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccagent.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\robejaku.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\robejaku.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{adf63d82-c23f-494c-8958-d027b5b6e50d}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b9d45191-40ea-446b-a0c9-85a59c8200a1}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1,10.0.0.2 -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Sandra\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\FunWebProducts\Data\Sandra (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\CC\faq (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\CC\faq\images (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq\images (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander (Rogue.ControlCommander) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\faq (Rogue.ControlCommander) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\faq\images (Rogue.ControlCommander) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\deporare.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\robejaku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yifiroso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\Sandra\Application Data\PC\agent.exe (Rogue.PClean) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\ccagent.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Shared\lib.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\ccmain.exe (Rogue.ControlCommander) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\pc.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\mwsoemon .exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mejetiwa.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winuvalu.exe (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\babupata.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\danuniji.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zabinose.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\luyufegu.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogon86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002817A.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0058FDE.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00647F1.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0070176.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0071710.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c007CF22.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00ADD84.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00B534E.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00C64B5.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00CDA8C.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00DEBE6.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00E61CA.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00F7317.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00FA49.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00FE909.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\29019.exe (Rogue.AdvancedAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4389.exe (Rogue.AdvancedAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\19910.exe (Trojan.Ascesso) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\17792.exe (Trojan.Ascesso) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_Documents and Settings\All Users\Application Data\85568133\85568133.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\banuroyi.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\bayamifi.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\bebohoge.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\beluwepo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\bomiyenu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\bonobuli.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\dahuvuze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\dakazano.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\dawusere.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\derokewo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\detiwovu.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\dipuzode.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\dokuduni.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\fabosono.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\feporobe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\fiveteve.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\foburune.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\konupiga.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\kopeboya.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\kowetalo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\kubanefu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\kunobeza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\lafigete.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\lasozodi.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\latawude.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\latibuzi.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\lazinuyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\lipekepo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\livusipi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\lupogofa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\luzejule.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\manaviha.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\memazana.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\milufuro.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\miyusaga.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\mokahodi.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\movoyari.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\mukogeje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\muvogodo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\nadadomo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\nanaviha.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\nanifunu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\nawukubu.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\nejoweyi.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\nemabuta.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\sasizalu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\sayamiza.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\sojerire.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\soyipudo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\subigagi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\suwalape.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\talabuni.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\tevupiru.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\tezujeva.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\tisugute.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\tiyetohu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\tizuwifa.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\tuhuhodi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\vadaribe.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\vohanibu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\volehoda.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\wahewefa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\fowatuyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\foyunana.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\fozozize.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\fupofalo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\gahoyebo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\gibefige.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\gunesoyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\guyibubi.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\hayutofe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\hinikafo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\hipiveho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\hodogeju.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\hosegoka.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\jagezuvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\jefuduza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\jisanewo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\jomezipu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\jubigoso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\jutesogu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\juteweze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\kebopiju.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\kimonadi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\fohuvefa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\kimuremo.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\nerikofu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\sarinavo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\walimuza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\waponusi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\wawoyapo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\wazuyimu.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\wodewena.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\wokohebu.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\wonihatu.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\yavefevu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\yehiwofa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\yihomawo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\yikotoja.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\yiwikepe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\yodupode.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\yuhonowu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\zasezede.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\zatiyatu.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\zofudaga.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\zosidape.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\zoyehohi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\zulavuye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\zulemuju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\ninegozu.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\nomebera.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\nufotodi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\papuwiyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\pemuwili.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\piwuporo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\pojalipa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\ponemeno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\poruwunu.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\pudeyuhe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\pugojomi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\ramademu.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\rasirowu.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\rawasupa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\rekifomu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\rofohiro.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\rogajitu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\rohahewi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\rohesulu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\romegiha.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\ropadugi.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\ropopive.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\ruhobazi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\rukubimu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\ruvisape.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05152010_010430\C_WINDOWS\system32\sanabapu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\FunWebProducts\Data\Sandra\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\FunWebProducts\Data\Sandra\outfit.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\FunWebProducts\Data\Sandra\register.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\FunWebProducts\Data\Sandra\zbucks.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00056480 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000568A5 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000AB62F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000AB810.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000AB982.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000ABB27.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\000ABD11.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0308F17B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0308F58D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0308F6F5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0308F8AE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\08319A17 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\28672D1D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\CC\faq\guide.html (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\CC\faq\images\05.png (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\CC\faq\images\06.png (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\CC\faq\images\07.png (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\CC\faq\images\08.png (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\CC\faq\images\09.png (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\CC\faq\images\10.png (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq\guide.html (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq\images\gimg1.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq\images\gimg10.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq\images\gimg2.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq\images\gimg3.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq\images\gimg4.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq\images\gimg5.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq\images\gimg6.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq\images\gimg7.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq\images\gimg8.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\faq\images\gimg9.jpg (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\PC\settings.ini (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\settings.ini (Rogue.ControlCommander) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\faq\guide.html (Rogue.ControlCommander) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\faq\images\05.png (Rogue.ControlCommander) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\faq\images\06.png (Rogue.ControlCommander) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\faq\images\07.png (Rogue.ControlCommander) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\faq\images\08.png (Rogue.ControlCommander) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\faq\images\09.png (Rogue.ControlCommander) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\Control Commander\faq\images\10.png (Rogue.ControlCommander) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Application Data\CC\settings.ini (Rogue.ControlCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Desktop\PCenter.lnk (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sandra\Desktop\Privacy components.lnk (Rogue.SystemGuard) -> Quarantined and deleted successfully.
C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00332AA.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3493.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AVR10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winhelper86.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

COMBOFIX:
ComboFix 10-05-15.01 - Sandra 05/15/2010 18:56:55.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.494.132 [GMT -6:00]
Running from: c:\documents and settings\Sandra\Desktop\george.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Sandra\Application Data\CC
c:\documents and settings\Sandra\GoToAssistDownloadHelper.exe
c:\program files\Shared
c:\windows\explorer(2).exe
c:\windows\system32\10.exe
c:\windows\system32\1000.exe
c:\windows\system32\10001.exe
c:\windows\system32\10002.exe
c:\windows\system32\10005.exe
c:\windows\system32\10020.exe
c:\windows\system32\10029.exe
c:\windows\system32\10038.exe
c:\windows\system32\10042.exe
c:\windows\system32\10046.exe
c:\windows\system32\10052.exe
c:\windows\system32\10063.exe
c:\windows\system32\10069.exe
c:\windows\system32\10070.exe
c:\windows\system32\10077.exe
c:\windows\system32\10079.exe
c:\windows\system32\10080.exe
c:\windows\system32\10083.exe
c:\windows\system32\10098.exe
c:\windows\system32\101.exe
c:\windows\system32\10107.exe
c:\windows\system32\1011.exe
c:\windows\system32\10110.exe
c:\windows\system32\10117.exe
c:\windows\system32\10141.exe
c:\windows\system32\10150.exe
c:\windows\system32\10153.exe
c:\windows\system32\10155.exe
c:\windows\system32\1016.exe
c:\windows\system32\10162.exe
c:\windows\system32\1017.exe
c:\windows\system32\10180.exe
c:\windows\system32\10219.exe
c:\windows\system32\10230.exe
c:\windows\system32\10233.exe
c:\windows\system32\10235.exe
c:\windows\system32\10255.exe
c:\windows\system32\10260.exe
c:\windows\system32\10261.exe
c:\windows\system32\10265.exe
c:\windows\system32\10271.exe
c:\windows\system32\10292.exe
c:\windows\system32\10298.exe
c:\windows\system32\1030.exe
c:\windows\system32\10306.exe
c:\windows\system32\10318.exe
c:\windows\system32\10331.exe
c:\windows\system32\10333.exe
c:\windows\system32\10352.exe
c:\windows\system32\10353.exe
c:\windows\system32\10364.exe
c:\windows\system32\10374.exe
c:\windows\system32\10403.exe
c:\windows\system32\10406.exe
c:\windows\system32\10412.exe
c:\windows\system32\10418.exe
c:\windows\system32\10419.exe
c:\windows\system32\10430.exe
c:\windows\system32\10439.exe
c:\windows\system32\1046.exe
c:\windows\system32\10470.exe
c:\windows\system32\10474.exe
c:\windows\system32\10482.exe
c:\windows\system32\10485.exe
c:\windows\system32\10500.exe
c:\windows\system32\10509.exe
c:\windows\system32\1052.exe
c:\windows\system32\10523.exe
c:\windows\system32\1053.exe
c:\windows\system32\10567.exe
c:\windows\system32\1057.exe
c:\windows\system32\10575.exe
c:\windows\system32\10581.exe
c:\windows\system32\10586.exe
c:\windows\system32\10617.exe
c:\windows\system32\10627.exe
c:\windows\system32\10629.exe
c:\windows\system32\10649.exe
c:\windows\system32\10652.exe
c:\windows\system32\10655.exe
c:\windows\system32\10667.exe
c:\windows\system32\10672.exe
c:\windows\system32\10673.exe
c:\windows\system32\10680.exe
c:\windows\system32\10685.exe
c:\windows\system32\1070.exe
c:\windows\system32\10701.exe
c:\windows\system32\10707.exe
c:\windows\system32\10708.exe
c:\windows\system32\10716.exe
c:\windows\system32\10718.exe
c:\windows\system32\10731.exe
c:\windows\system32\10736.exe
c:\windows\system32\10737.exe
c:\windows\system32\10754.exe
c:\windows\system32\10756.exe
c:\windows\system32\10759.exe
c:\windows\system32\10770.exe
c:\windows\system32\10779.exe
c:\windows\system32\10783.exe
c:\windows\system32\1079.exe
c:\windows\system32\10791.exe
c:\windows\system32\10796.exe
c:\windows\system32\10800.exe
c:\windows\system32\10807.exe
c:\windows\system32\10824.exe
c:\windows\system32\10826.exe
c:\windows\system32\10828.exe
c:\windows\system32\10829.exe
c:\windows\system32\10833.exe
c:\windows\system32\10843.exe
c:\windows\system32\10844.exe
c:\windows\system32\1085.exe
c:\windows\system32\10862.exe
c:\windows\system32\1087.exe
c:\windows\system32\10871.exe
c:\windows\system32\10882.exe
c:\windows\system32\10891.exe
c:\windows\system32\10894.exe
c:\windows\system32\10906.exe
c:\windows\system32\10915.exe
c:\windows\system32\10916.exe
c:\windows\system32\10924.exe
c:\windows\system32\10942.exe
c:\windows\system32\10943.exe
c:\windows\system32\10944.exe
c:\windows\system32\10946.exe
c:\windows\system32\10954.exe
c:\windows\system32\10960.exe
c:\windows\system32\10967.exe
c:\windows\system32\10986.exe
c:\windows\system32\10987.exe
c:\windows\system32\10994.exe
c:\windows\system32\11.exe
c:\windows\system32\11002.exe
c:\windows\system32\1101.exe
c:\windows\system32\11010.exe
c:\windows\system32\11012.exe
c:\windows\system32\11016.exe
c:\windows\system32\11026.exe
c:\windows\system32\11028.exe
c:\windows\system32\11045.exe
c:\windows\system32\11046.exe
c:\windows\system32\11056.exe
c:\windows\system32\11061.exe
c:\windows\system32\11085.exe
c:\windows\system32\11087.exe
c:\windows\system32\11091.exe
c:\windows\system32\11099.exe
c:\windows\system32\11108.exe
c:\windows\system32\11116.exe
c:\windows\system32\11119.exe
c:\windows\system32\11121.exe
c:\windows\system32\11127.exe
c:\windows\system32\11128.exe
c:\windows\system32\1113.exe
c:\windows\system32\11135.exe
c:\windows\system32\11136.exe
c:\windows\system32\11138.exe
c:\windows\system32\11144.exe
c:\windows\system32\11146.exe
c:\windows\system32\11151.exe
c:\windows\system32\11155.exe
c:\windows\system32\11163.exe
c:\windows\system32\11169.exe
c:\windows\system32\1117.exe
c:\windows\system32\11179.exe
c:\windows\system32\11188.exe
c:\windows\system32\11192.exe
c:\windows\system32\11196.exe
c:\windows\system32\11208.exe
c:\windows\system32\11213.exe
c:\windows\system32\11214.exe
c:\windows\system32\11219.exe
c:\windows\system32\11225.exe
c:\windows\system32\11229.exe
c:\windows\system32\1123.exe
c:\windows\system32\11235.exe
c:\windows\system32\11245.exe
c:\windows\system32\11246.exe
c:\windows\system32\11258.exe
c:\windows\system32\11267.exe
c:\windows\system32\11279.exe
c:\windows\system32\11281.exe
c:\windows\system32\11297.exe
c:\windows\system32\11302.exe
c:\windows\system32\11318.exe
c:\windows\system32\1132.exe
c:\windows\system32\11326.exe
c:\windows\system32\11329.exe
c:\windows\system32\11330.exe
c:\windows\system32\11333.exe
c:\windows\system32\11337.exe
c:\windows\system32\11338.exe
c:\windows\system32\11339.exe
c:\windows\system32\11352.exe
c:\windows\system32\11359.exe
c:\windows\system32\1136.exe
c:\windows\system32\11367.exe
c:\windows\system32\1137.exe
c:\windows\system32\11394.exe
c:\windows\system32\11401.exe
c:\windows\system32\11407.exe
c:\windows\system32\11410.exe
c:\windows\system32\11415.exe
c:\windows\system32\11422.exe
c:\windows\system32\11425.exe
c:\windows\system32\11426.exe
c:\windows\system32\11436.exe
c:\windows\system32\11442.exe
c:\windows\system32\11444.exe
c:\windows\system32\11454.exe
c:\windows\system32\1146.exe
c:\windows\system32\11464.exe
c:\windows\system32\11467.exe
c:\windows\system32\11485.exe
c:\windows\system32\11489.exe
c:\windows\system32\11501.exe
c:\windows\system32\11515.exe
c:\windows\system32\11522.exe
c:\windows\system32\11523.exe
c:\windows\system32\11531.exe
c:\windows\system32\11532.exe
c:\windows\system32\11537.exe
c:\windows\system32\11541.exe
c:\windows\system32\11546.exe
c:\windows\system32\1156.exe
c:\windows\system32\11573.exe
c:\windows\system32\11585.exe
c:\windows\system32\11589.exe
c:\windows\system32\1159.exe
c:\windows\system32\11590.exe
c:\windows\system32\11591.exe
c:\windows\system32\11609.exe
c:\windows\system32\11610.exe
c:\windows\system32\1163.exe
c:\windows\system32\11638.exe
c:\windows\system32\1164.exe
c:\windows\system32\11643.exe
c:\windows\system32\11653.exe
c:\windows\system32\11660.exe
c:\windows\system32\11665.exe
c:\windows\system32\1167.exe
c:\windows\system32\11672.exe
c:\windows\system32\11678.exe
c:\windows\system32\11686.exe
c:\windows\system32\1170.exe
c:\windows\system32\11706.exe
c:\windows\system32\11709.exe
c:\windows\system32\11726.exe
c:\windows\system32\11727.exe
c:\windows\system32\11745.exe
c:\windows\system32\11749.exe
c:\windows\system32\11752.exe
c:\windows\system32\11755.exe
c:\windows\system32\11763.exe
c:\windows\system32\11766.exe
c:\windows\system32\11768.exe
c:\windows\system32\11772.exe
c:\windows\system32\11775.exe
c:\windows\system32\1181.exe
c:\windows\system32\11817.exe
c:\windows\system32\11822.exe
c:\windows\system32\11823.exe
c:\windows\system32\11830.exe
c:\windows\system32\11853.exe
c:\windows\system32\11854.exe
c:\windows\system32\11866.exe
c:\windows\system32\1187.exe
c:\windows\system32\11870.exe
c:\windows\system32\11878.exe
c:\windows\system32\11879.exe
c:\windows\system32\11880.exe
c:\windows\system32\11883.exe
c:\windows\system32\11890.exe
c:\windows\system32\11909.exe
c:\windows\system32\1191.exe
c:\windows\system32\11911.exe
c:\windows\system32\1194.exe
c:\windows\system32\11943.exe
c:\windows\system32\11950.exe
c:\windows\system32\11951.exe
c:\windows\system32\11952.exe
c:\windows\system32\11979.exe
c:\windows\system32\11980.exe
c:\windows\system32\12002.exe
c:\windows\system32\12009.exe
c:\windows\system32\12017.exe
c:\windows\system32\12018.exe
c:\windows\system32\12020.exe
c:\windows\system32\1204.exe
c:\windows\system32\12046.exe
c:\windows\system32\12053.exe
c:\windows\system32\12057.exe
c:\windows\system32\12071.exe
c:\windows\system32\12075.exe
c:\windows\system32\12079.exe
c:\windows\system32\12082.exe
c:\windows\system32\12083.exe
c:\windows\system32\12084.exe
c:\windows\system32\12087.exe
c:\windows\system32\12089.exe
c:\windows\system32\12104.exe
c:\windows\system32\12110.exe
c:\windows\system32\12111.exe
c:\windows\system32\12114.exe
c:\windows\system32\12117.exe
c:\windows\system32\1213.exe
c:\windows\system32\12130.exe
c:\windows\system32\12134.exe
c:\windows\system32\12138.exe
c:\windows\system32\12143.exe
c:\windows\system32\12150.exe
c:\windows\system32\12166.exe
c:\windows\system32\12174.exe
c:\windows\system32\12177.exe
c:\windows\system32\12192.exe
c:\windows\system32\12193.exe
c:\windows\system32\12196.exe
c:\windows\system32\12203.exe
c:\windows\system32\12213.exe
c:\windows\system32\12221.exe
c:\windows\system32\12223.exe
c:\windows\system32\12224.exe
c:\windows\system32\12231.exe
c:\windows\system32\12243.exe
c:\windows\system32\1227.exe
c:\windows\system32\12271.exe
c:\windows\system32\12280.exe
c:\windows\system32\12284.exe
c:\windows\system32\12285.exe
c:\windows\system32\12293.exe
c:\windows\system32\12299.exe
c:\windows\system32\12303.exe
c:\windows\system32\12305.exe
c:\windows\system32\12320.exe
c:\windows\system32\12332.exe
c:\windows\system32\12337.exe
c:\windows\system32\12341.exe
c:\windows\system32\12345.exe
c:\windows\system32\12348.exe
c:\windows\system32\12374.exe
c:\windows\system32\12376.exe
c:\windows\system32\12377.exe
c:\windows\system32\12390.exe
c:\windows\system32\12401.exe
c:\windows\system32\12405.exe
c:\windows\system32\12412.exe
c:\windows\system32\12418.exe
c:\windows\system32\1242.exe
c:\windows\system32\12420.exe
c:\windows\system32\1244.exe
c:\windows\system32\12443.exe
c:\windows\system32\12445.exe
c:\windows\system32\12450.exe
c:\windows\system32\12458.exe
c:\windows\system32\12463.exe
c:\windows\system32\12470.exe
c:\windows\system32\12482.exe
c:\windows\system32\12488.exe
c:\windows\system32\12507.exe
c:\windows\system32\12509.exe
c:\windows\system32\12512.exe
c:\windows\system32\12519.exe
c:\windows\system32\12528.exe
c:\windows\system32\12529.exe
c:\windows\system32\12530.exe
c:\windows\system32\12531.exe
c:\windows\system32\12533.exe
c:\windows\system32\12534.exe
c:\windows\system32\12540.exe
c:\windows\system32\12542.exe
c:\windows\system32\12547.exe
c:\windows\system32\1257.exe
c:\windows\system32\12572.exe
c:\windows\system32\12579.exe
c:\windows\system32\12596.exe
c:\windows\system32\12599.exe
c:\windows\system32\12608.exe
c:\windows\system32\12614.exe
c:\windows\system32\12618.exe
c:\windows\system32\12623.exe
c:\windows\system32\12644.exe
c:\windows\system32\12646.exe
c:\windows\system32\12648.exe
c:\windows\system32\12653.exe
c:\windows\system32\1267.exe
c:\windows\system32\12674.exe
c:\windows\system32\12676.exe
c:\windows\system32\12678.exe
c:\windows\system32\12697.exe
c:\windows\system32\12705.exe
c:\windows\system32\12708.exe
c:\windows\system32\12710.exe
c:\windows\system32\12712.exe
c:\windows\system32\12724.exe
c:\windows\system32\12725.exe
c:\windows\system32\12726.exe
c:\windows\system32\12727.exe
c:\windows\system32\12737.exe
c:\windows\system32\12741.exe
c:\windows\system32\12750.exe
c:\windows\system32\12762.exe
c:\windows\system32\12764.exe
c:\windows\system32\12772.exe
c:\windows\system32\1278.exe
c:\windows\system32\12781.exe
c:\windows\system32\12782.exe
c:\windows\system32\12786.exe
c:\windows\system32\12794.exe
c:\windows\system32\12802.exe
c:\windows\system32\12805.exe
c:\windows\system32\12806.exe
c:\windows\system32\12812.exe
c:\windows\system32\12820.exe
c:\windows\system32\12823.exe
c:\windows\system32\12837.exe
c:\windows\system32\1284.exe
c:\windows\system32\12848.exe
c:\windows\system32\12852.exe
c:\windows\system32\12856.exe
c:\windows\system32\12860.exe
c:\windows\system32\12865.exe
c:\windows\system32\12870.exe
c:\windows\system32\12873.exe
c:\windows\system32\12874.exe
c:\windows\system32\12877.exe
c:\windows\system32\1289.exe
c:\windows\system32\12902.exe
c:\windows\system32\12925.exe
c:\windows\system32\12936.exe
c:\windows\system32\12953.exe
c:\windows\system32\12962.exe
c:\windows\system32\12969.exe
c:\windows\system32\12977.exe
c:\windows\system32\12991.exe
c:\windows\system32\12998.exe
c:\windows\system32\13001.exe
c:\windows\system32\13014.exe
c:\windows\system32\13015.exe
c:\windows\system32\13019.exe
c:\windows\system32\13046.exe
c:\windows\system32\13057.exe
c:\windows\system32\13075.exe
c:\windows\system32\13076.exe
c:\windows\system32\13095.exe
c:\windows\system32\13099.exe
c:\windows\system32\13101.exe
c:\windows\system32\13106.exe
c:\windows\system32\1311.exe
c:\windows\system32\13112.exe
c:\windows\system32\1312.exe
c:\windows\system32\13122.exe
c:\windows\system32\13127.exe
c:\windows\system32\13129.exe
c:\windows\system32\13138.exe
c:\windows\system32\13163.exe
c:\windows\system32\13165.exe
c:\windows\system32\13168.exe
c:\windows\system32\13191.exe
c:\windows\system32\13194.exe
c:\windows\system32\132.exe
c:\windows\system32\13239.exe
c:\windows\system32\13249.exe
c:\windows\system32\13252.exe
c:\windows\system32\13254.exe
c:\windows\system32\13266.exe
c:\windows\system32\1327.exe
c:\windows\system32\1328.exe
c:\windows\system32\13287.exe
c:\windows\system32\13290.exe
c:\windows\system32\13300.exe
c:\windows\system32\13308.exe
c:\windows\system32\1331.exe
c:\windows\system32\13313.exe
c:\windows\system32\13317.exe
c:\windows\system32\13318.exe
c:\windows\system32\13322.exe
c:\windows\system32\13327.exe
c:\windows\system32\13333.exe
c:\windows\system32\13334.exe
c:\windows\system32\13337.exe
c:\windows\system32\13338.exe
c:\windows\system32\13340.exe
c:\windows\system32\13346.exe
c:\windows\system32\13355.exe
c:\windows\system32\13358.exe
c:\windows\system32\13367.exe
c:\windows\system32\13370.exe
c:\windows\system32\13390.exe
c:\windows\system32\13399.exe
c:\windows\system32\13409.exe
c:\windows\system32\13412.exe
c:\windows\system32\13418.exe
c:\windows\system32\13421.exe
c:\windows\system32\13426.exe
c:\windows\system32\13429.exe
c:\windows\system32\13436.exe
c:\windows\system32\13446.exe
c:\windows\system32\13451.exe
c:\windows\system32\13452.exe
c:\windows\system32\13456.exe
c:\windows\system32\13466.exe
c:\windows\system32\1347.exe
c:\windows\system32\13474.exe
c:\windows\system32\13489.exe
c:\windows\system32\13491.exe
c:\windows\system32\13494.exe
c:\windows\system32\13497.exe
c:\windows\system32\135.exe
c:\windows\system32\1350.exe
c:\windows\system32\13500.exe
c:\windows\system32\13503.exe
c:\windows\system32\13524.exe
c:\windows\system32\1353.exe
c:\windows\system32\13534.exe
c:\windows\system32\1354.exe
c:\windows\system32\13563.exe
c:\windows\system32\13570.exe
c:\windows\system32\13586.exe
c:\windows\system32\13595.exe
c:\windows\system32\13604.exe
c:\windows\system32\13606.exe
c:\windows\system32\1361.exe
c:\windows\system32\13622.exe
c:\windows\system32\13628.exe
c:\windows\system32\1364.exe
c:\windows\system32\13646.exe
c:\windows\system32\13650.exe
c:\windows\system32\13657.exe
c:\windows\system32\13663.exe
c:\windows\system32\13669.exe
c:\windows\system32\1367.exe
c:\windows\system32\13696.exe
c:\windows\system32\1370.exe
c:\windows\system32\13705.exe
c:\windows\system32\13713.exe
c:\windows\system32\13714.exe
c:\windows\system32\13715.exe
c:\windows\system32\13723.exe
c:\windows\system32\1373.exe
c:\windows\system32\13731.exe
c:\windows\system32\13759.exe
c:\windows\system32\1376.exe
c:\windows\system32\13761.exe
c:\windows\system32\13775.exe
c:\windows\system32\13781.exe
c:\windows\system32\13789.exe
c:\windows\system32\13790.exe
c:\windows\system32\13791.exe
c:\windows\system32\13797.exe
c:\windows\system32\13821.exe
c:\windows\system32\13828.exe
c:\windows\system32\1383.exe
c:\windows\system32\13837.exe
c:\windows\system32\13849.exe
c:\windows\system32\13858.exe
c:\windows\system32\13866.exe
c:\windows\system32\1387.exe
c:\windows\system32\13873.exe
c:\windows\system32\13874.exe
c:\windows\system32\13876.exe
c:\windows\system32\1389.exe
c:\windows\system32\13899.exe
c:\windows\system32\1390.exe
c:\windows\system32\13924.exe
c:\windows\system32\13927.exe
c:\windows\system32\13930.exe
c:\windows\system32\13931.exe
c:\windows\system32\13934.exe
c:\windows\system32\13947.exe
c:\windows\system32\13950.exe
c:\windows\system32\13954.exe
c:\windows\system32\13955.exe
c:\windows\system32\13970.exe
c:\windows\system32\13971.exe
c:\windows\system32\13976.exe
c:\windows\system32\13980.exe
c:\windows\system32\13991.exe
c:\windows\system32\13999.exe
c:\windows\system32\14000.exe
c:\windows\system32\14008.exe
c:\windows\system32\14009.exe
c:\windows\system32\1402.exe
c:\windows\system32\14024.exe
c:\windows\system32\14026.exe
c:\windows\system32\1404.exe
c:\windows\system32\14040.exe
c:\windows\system32\14046.exe
c:\windows\system32\14051.exe
c:\windows\system32\14056.exe
c:\windows\system32\1406.exe
c:\windows\system32\14061.exe
c:\windows\system32\14082.exe
c:\windows\system32\1409.exe
c:\windows\system32\1410.exe
c:\windows\system32\1411.exe
c:\windows\system32\14120.exe
c:\windows\system32\14122.exe
c:\windows\system32\14130.exe
c:\windows\system32\14135.exe
c:\windows\system32\14138.exe
c:\windows\system32\14153.exe
c:\windows\system32\1416.exe
c:\windows\system32\14161.exe
c:\windows\system32\14179.exe
c:\windows\system32\1418.exe
c:\windows\system32\14187.exe
c:\windows\system32\1419.exe
c:\windows\system32\14192.exe
c:\windows\system32\14196.exe
c:\windows\system32\14201.exe
c:\windows\system32\14231.exe
c:\windows\system32\14237.exe
c:\windows\system32\14242.exe
c:\windows\system32\14245.exe
c:\windows\system32\14251.exe
c:\windows\system32\14254.exe
c:\windows\system32\14257.exe
c:\windows\system32\14259.exe
c:\windows\system32\1427.exe
c:\windows\system32\14273.exe
c:\windows\system32\14287.exe
c:\windows\system32\14298.exe
c:\windows\system32\14301.exe
c:\windows\system32\14306.exe
c:\windows\system32\14309.exe
c:\windows\system32\14313.exe
c:\windows\system32\14319.exe
c:\windows\system32\14325.exe
c:\windows\system32\14329.exe
c:\windows\system32\14338.exe
c:\windows\system32\14341.exe
c:\windows\system32\14342.exe
c:\windows\system32\1435.exe
c:\windows\system32\14352.exe
c:\windows\system32\14364.exe
c:\windows\system32\14384.exe
c:\windows\system32\14387.exe
c:\windows\system32\14391.exe
c:\windows\system32\14402.exe
c:\windows\system32\14406.exe
c:\windows\system32\14416.exe
c:\windows\system32\14423.exe
c:\windows\system32\14430.exe
c:\windows\system32\14432.exe
c:\windows\system32\14434.exe
c:\windows\system32\14435.exe
c:\windows\system32\14437.exe
c:\windows\system32\14449.exe
c:\windows\system32\14452.exe
c:\windows\system32\14474.exe
c:\windows\system32\14481.exe
c:\windows\system32\14484.exe
c:\windows\system32\14486.exe
c:\windows\system32\14498.exe
c:\windows\system32\14504.exe
c:\windows\system32\14507.exe
c:\windows\system32\14512.exe
c:\windows\system32\14515.exe
c:\windows\system32\14519.exe
c:\windows\system32\14520.exe
c:\windows\system32\14521.exe
c:\windows\system32\14523.exe
c:\windows\system32\14528.exe
c:\windows\system32\14530.exe
c:\windows\system32\14534.exe
c:\windows\system32\14554.exe
c:\windows\system32\14559.exe
c:\windows\system32\14561.exe
c:\windows\system32\14573.exe
c:\windows\system32\14578.exe
c:\windows\system32\14579.exe
c:\windows\system32\14580.exe
c:\windows\system32\1459.exe
c:\windows\system32\14601.exe
c:\windows\system32\14603.exe
c:\windows\system32\14616.exe
c:\windows\system32\1462.exe
c:\windows\system32\14622.exe
c:\windows\system32\1463.exe
c:\windows\system32\14630.exe
c:\windows\system32\1464.exe
c:\windows\system32\1465.exe
c:\windows\system32\14666.exe
c:\windows\system32\14670.exe
c:\windows\system32\14677.exe
c:\windows\system32\14685.exe
c:\windows\system32\14702.exe
c:\windows\system32\14711.exe
c:\windows\system32\14715.exe
c:\windows\system32\14726.exe
c:\windows\system32\14745.exe
c:\windows\system32\14749.exe
c:\windows\system32\1475.exe
c:\windows\system32\14752.exe
c:\windows\system32\14758.exe
c:\windows\system32\14772.exe
c:\windows\system32\14776.exe
c:\windows\system32\14796.exe
c:\windows\system32\148.exe
c:\windows\system32\14819.exe
c:\windows\system32\1482.exe
c:\windows\system32\14838.exe
c:\windows\system32\14840.exe
c:\windows\system32\14844.exe
c:\windows\system32\14856.exe
c:\windows\system32\14871.exe
c:\windows\system32\14875.exe
c:\windows\system32\149.exe
c:\windows\system32\14912.exe
c:\windows\system32\14927.exe
c:\windows\system32\14937.exe
c:\windows\system32\14944.exe
c:\windows\system32\1496.exe
c:\windows\system32\14961.exe
c:\windows\system32\14969.exe
c:\windows\system32\14991.exe
c:\windows\system32\14993.exe
c:\windows\system32\150.exe
c:\windows\system32\15010.exe
c:\windows\system32\15022.exe
c:\windows\system32\15023.exe
c:\windows\system32\15030.exe
c:\windows\system32\1505.exe
c:\windows\system32\15050.exe
c:\windows\system32\15068.exe
c:\windows\system32\1507.exe
c:\windows\system32\15076.exe
c:\windows\system32\15078.exe
c:\windows\system32\15079.exe
c:\windows\system32\15091.exe
c:\windows\system32\15095.exe
c:\windows\system32\15105.exe
c:\windows\system32\15112.exe
c:\windows\system32\15116.exe
c:\windows\system32\15131.exe
c:\windows\system32\15132.exe
c:\windows\system32\15133.exe
c:\windows\system32\15134.exe
c:\windows\system32\15136.exe
c:\windows\system32\15138.exe
c:\windows\system32\15151.exe
c:\windows\system32\15158.exe
c:\windows\system32\15162.exe
c:\windows\system32\15176.exe
c:\windows\system32\15194.exe
c:\windows\system32\15209.exe
c:\windows\system32\15210.exe
c:\windows\system32\15226.exe
c:\windows\system32\15230.exe
c:\windows\system32\15234.exe
c:\windows\system32\15237.exe
c:\windows\system32\15255.exe
c:\windows\system32\15263.exe
c:\windows\system32\15265.exe
c:\windows\system32\15273.exe
c:\windows\system32\15275.exe
c:\windows\system32\1528.exe
c:\windows\system32\15283.exe
c:\windows\system32\15288.exe
c:\windows\system32\15308.exe
c:\windows\system32\1531.exe
c:\windows\system32\15317.exe
c:\windows\system32\15318.exe
c:\windows\system32\15330.exe
c:\windows\system32\15335.exe
c:\windows\system32\15359.exe
c:\windows\system32\15364.exe
c:\windows\system32\1537.exe
c:\windows\system32\15372.exe
c:\windows\system32\15378.exe
c:\windows\system32\15395.exe
c:\windows\system32\154.exe
c:\windows\system32\15407.exe
c:\windows\system32\15410.exe
c:\windows\system32\15412.exe
c:\windows\system32\15418.exe
c:\windows\system32\15420.exe
c:\windows\system32\15423.exe
c:\windows\system32\15430.exe
c:\windows\system32\15434.exe
c:\windows\system32\15470.exe
c:\windows\system32\15474.exe
c:\windows\system32\15480.exe
c:\windows\system32\15491.exe
c:\windows\system32\15499.exe
c:\windows\system32\1551.exe
c:\windows\system32\15519.exe
c:\windows\system32\1553.exe
c:\windows\system32\15533.exe
c:\windows\system32\15539.exe
c:\windows\system32\15545.exe
c:\windows\system32\15566.exe
c:\windows\system32\15574.exe
c:\windows\system32\15576.exe
c:\windows\system32\15579.exe
c:\windows\system32\15602.exe
c:\windows\system32\15617.exe
c:\windows\system32\1562.exe
c:\windows\system32\15631.exe
c:\windows\system32\15639.exe
c:\windows\system32\15644.exe
c:\windows\system32\15649.exe
c:\windows\system32\15654.exe
c:\windows\system32\15663.exe
c:\windows\system32\15667.exe
c:\windows\system32\15669.exe
c:\windows\system32\15679.exe
c:\windows\system32\1568.exe
c:\windows\system32\15680.exe
c:\windows\system32\15683.exe
c:\windows\system32\15694.exe
c:\windows\system32\15710.exe
c:\windows\system32\15712.exe
c:\windows\system32\15726.exe
c:\windows\system32\15747.exe
c:\windows\system32\15757.exe
c:\windows\system32\15767.exe
c:\windows\system32\15775.exe
c:\windows\system32\15784.exe
c:\windows\system32\15793.exe
c:\windows\system32\15796.exe
c:\windows\system32\15799.exe
c:\windows\system32\15800.exe
c:\windows\system32\1581.exe
c:\windows\system32\15812.exe
c:\windows\system32\15814.exe
c:\windows\system32\15818.exe
c:\windows\system32\15823.exe
c:\windows\system32\15827.exe
c:\windows\system32\15833.exe
c:\windows\system32\15852.exe
c:\windows\system32\15860.exe
c:\windows\system32\15863.exe
c:\windows\system32\15866.exe
c:\windows\system32\15873.exe
c:\windows\system32\15876.exe
c:\windows\system32\15901.exe
c:\windows\system32\15907.exe
c:\windows\system32\15909.exe
c:\windows\system32\15915.exe
c:\windows\system32\15925.exe
c:\windows\system32\15937.exe
c:\windows\system32\15956.exe
c:\windows\system32\15977.exe
c:\windows\system32\15980.exe
c:\windows\system32\15984.exe
c:\windows\system32\15986.exe
c:\windows\system32\15999.exe
c:\windows\system32\16000.exe
c:\windows\system32\16002.exe
c:\windows\system32\16011.exe
c:\windows\system32\16014.exe
c:\windows\system32\16021.exe
c:\windows\system32\16038.exe
c:\windows\system32\16039.exe
c:\windows\system32\16060.exe
c:\windows\system32\16066.exe
c:\windows\system32\16084.exe
c:\windows\system32\16089.exe
c:\windows\system32\16097.exe
c:\windows\system32\16098.exe
c:\windows\system32\16110.exe
c:\windows\system32\16116.exe
c:\windows\system32\16118.exe
c:\windows\system32\16119.exe
c:\windows\system32\16130.exe
c:\windows\system32\16131.exe
c:\windows\system32\16153.exe
c:\windows\system32\16169.exe
c:\windows\system32\16174.exe
c:\windows\system32\16180.exe
c:\windows\system32\16181.exe
c:\windows\system32\16197.exe
c:\windows\system32\16200.exe
c:\windows\system32\16203.exe
c:\windows\system32\1622.exe
c:\windows\system32\16220.exe
c:\windows\system32\16234.exe
c:\windows\system32\16241.exe
c:\windows\system32\16247.exe
c:\windows\system32\1625.exe
c:\windows\system32\16252.exe
c:\windows\system32\16256.exe
c:\windows\system32\16257.exe
c:\windows\system32\16263.exe
c:\windows\system32\16265.exe
c:\windows\system32\16266.exe
c:\windows\system32\16268.exe
c:\windows\system32\16272.exe
c:\windows\system32\16282.exe
c:\windows\system32\16290.exe
c:\windows\system32\1630.exe
c:\windows\system32\16300.exe
c:\windows\system32\16301.exe
c:\windows\system32\16304.exe
c:\windows\system32\1632.exe
c:\windows\system32\16320.exe
c:\windows\system32\1633.exe
c:\windows\system32\16333.exe
c:\windows\system32\16336.exe
c:\windows\system32\16346.exe
c:\windows\system32\16347.exe
c:\windows\system32\1636.exe
c:\windows\system32\16360.exe
c:\windows\system32\1637.exe
c:\windows\system32\16372.exe
c:\windows\system32\16382.exe
c:\windows\system32\16384.exe
c:\windows\system32\16400.exe
c:\windows\system32\16403.exe
c:\windows\system32\16412.exe
c:\windows\system32\16441.exe
c:\windows\system32\16445.exe
c:\windows\system32\16446.exe
c:\windows\system32\1646.exe
c:\windows\system32\1647.exe
c:\windows\system32\16473.exe
c:\windows\system32\16509.exe
c:\windows\system32\1651.exe
c:\windows\system32\16512.exe
c:\windows\system32\16517.exe
c:\windows\system32\1652.exe
c:\windows\system32\16526.exe
c:\windows\system32\16529.exe
c:\windows\system32\16530.exe
c:\windows\system32\16535.exe
c:\windows\system32\16551.exe
c:\windows\system32\16556.exe
c:\windows\system32\16569.exe
c:\windows\system32\16581.exe
c:\windows\system32\1659.exe
c:\windows\system32\16598.exe
c:\windows\system32\16609.exe
c:\windows\system32\16628.exe
c:\windows\system32\16634.exe
c:\windows\system32\16643.exe
c:\windows\system32\16645.exe
c:\windows\system32\16648.exe
c:\windows\system32\16671.exe
c:\windows\system32\16673.exe
c:\windows\system32\16676.exe
c:\windows\system32\16691.exe
c:\windows\system32\16692.exe
c:\windows\system32\16697.exe
c:\windows\system32\16698.exe
c:\windows\system32\16706.exe
c:\windows\system32\16711.exe
c:\windows\system32\16719.exe
c:\windows\system32\16742.exe
c:\windows\system32\16752.exe
c:\windows\system32\16755.exe
c:\windows\system32\16771.exe
c:\windows\system32\16775.exe
c:\windows\system32\16779.exe
c:\windows\system32\16780.exe
c:\windows\system32\16783.exe
c:\windows\system32\16784.exe
c:\windows\system32\16798.exe
c:\windows\system32\16803.exe
c:\windows\system32\16813.exe
c:\windows\system32\16816.exe
c:\windows\system32\16820.exe
c:\windows\system32\16821.exe
c:\windows\system32\16838.exe
c:\windows\system32\16843.exe
c:\windows\system32\1686.exe
c:\windows\system32\16864.exe
c:\windows\system32\1687.exe
c:\windows\system32\16882.exe
c:\windows\system32\16891.exe
c:\windows\system32\16916.exe
c:\windows\system32\16919.exe
c:\windows\system32\16943.exe
c:\windows\system32\16964.exe
c:\windows\system32\16966.exe
c:\windows\system32\16967.exe
c:\windows\system32\1698.exe
c:\windows\system32\16985.exe
c:\windows\system32\16989.exe
c:\windows\system32\16999.exe
c:\windows\system32\17011.exe
c:\windows\system32\17014.exe
c:\windows\system32\17017.exe
c:\windows\system32\17034.exe
c:\windows\system32\17037.exe
c:\windows\system32\17054.exe
c:\windows\system32\17055.exe
c:\windows\system32\17059.exe
c:\windows\system32\17065.exe
c:\windows\system32\17069.exe
c:\windows\system32\17082.exe
c:\windows\system32\17099.exe
c:\windows\system32\17102.exe
c:\windows\system32\1711.exe
c:\windows\system32\17121.exe
c:\windows\system32\17123.exe
c:\windows\system32\17139.exe
c:\windows\system32\17140.exe
c:\windows\system32\17145.exe
c:\windows\system32\17153.exe
c:\windows\system32\17157.exe
c:\windows\system32\1716.exe
c:\windows\system32\17176.exe
c:\windows\system32\17177.exe
c:\windows\system32\17178.exe
c:\windows\system32\17187.exe
c:\windows\system32\17190.exe
c:\windows\system32\17192.exe
c:\windows\system32\17206.exe
c:\windows\system32\17208.exe
c:\windows\system32\17218.exe
c:\windows\system32\1722.exe
c:\windows\system32\17222.exe
c:\windows\system32\17224.exe
c:\windows\system32\17228.exe
c:\windows\system32\17235.exe
c:\windows\system32\17242.exe
c:\windows\system32\17244.exe
c:\windows\system32\17248.exe
c:\windows\system32\17250.exe
c:\windows\system32\17253.exe
c:\windows\system32\17260.exe
c:\windows\system32\17275.exe
c:\windows\system32\17294.exe
c:\windows\system32\17298.exe
c:\windows\system32\17304.exe
c:\windows\system32\17306.exe
c:\windows\system32\1731.exe
c:\windows\system32\17320.exe
c:\windows\system32\17324.exe
c:\windows\system32\17330.exe
c:\windows\system32\1734.exe
c:\windows\system32\17342.exe
c:\windows\system32\17347.exe
c:\windows\system32\17351.exe
c:\windows\system32\17368.exe
c:\windows\system32\17369.exe
c:\windows\system32\17382.exe
c:\windows\system32\17389.exe
c:\windows\system32\17397.exe
c:\windows\system32\17403.exe
c:\windows\system32\17411.exe
c:\windows\system32\17414.exe
c:\windows\system32\17417.exe
c:\windows\system32\17423.exe
c:\windows\system32\17425.exe
c:\windows\system32\1743.exe
c:\windows\system32\17436.exe
c:\windows\system32\17449.exe
c:\windows\system32\17450.exe
c:\windows\system32\17456.exe
c:\windows\system32\1746.exe
c:\windows\system32\17464.exe
c:\windows\system32\17467.exe
c:\windows\system32\17468.exe
c:\windows\system32\17477.exe
c:\windows\system32\17481.exe
c:\windows\system32\17487.exe
c:\windows\system32\17495.exe
c:\windows\system32\17506.exe
c:\windows\system32\17514.exe
c:\windows\system32\17515.exe
c:\windows\system32\17525.exe
c:\windows\system32\17564.exe
c:\windows\system32\17571.exe
c:\windows\system32\17573.exe
c:\windows\system32\17575.exe
c:\windows\system32\17577.exe
c:\windows\system32\17580.exe
c:\windows\system32\17586.exe
c:\windows\system32\1759.exe
c:\windows\system32\17591.exe
c:\windows\system32\17595.exe
c:\windows\system32\17597.exe
c:\windows\system32\17599.exe
c:\windows\system32\1760.exe
c:\windows\system32\17610.exe
c:\windows\system32\17612.exe
c:\windows\system32\17618.exe
c:\windows\system32\17623.exe
c:\windows\system32\1766.exe
c:\windows\system32\1767.exe
c:\windows\system32\17689.exe
c:\windows\system32\17697.exe
c:\windows\system32\177.exe
c:\windows\system32\17702.exe
c:\windows\system32\17705.exe
c:\windows\system32\17708.exe
c:\windows\system32\17714.exe
c:\windows\system32\17733.exe
c:\windows\system32\17743.exe
c:\windows\system32\17757.exe
c:\windows\system32\17770.exe
c:\windows\system32\17773.exe
c:\windows\system32\17788.exe
c:\windows\system32\1780.exe
c:\windows\system32\17810.exe
c:\windows\system32\17813.exe
c:\windows\system32\17821.exe
c:\windows\system32\17825.exe
c:\windows\system32\17838.exe
c:\windows\system32\17845.exe
c:\windows\system32\17847.exe
c:\windows\system32\17854.exe
c:\windows\system32\17858.exe
c:\windows\system32\17863.exe
c:\windows\system32\17882.exe
c:\windows\system32\17896.exe
c:\windows\system32\17905.exe
c:\windows\system32\17908.exe
c:\windows\system32\1791.exe
c:\windows\system32\17914.exe
c:\windows\system32\17921.exe
c:\windows\system32\17922.exe
c:\windows\system32\17951.exe
c:\windows\system32\1796.exe
c:\windows\system32\17962.exe
c:\windows\system32\17967.exe
c:\windows\system32\17971.exe
c:\windows\system32\17976.exe
c:\windows\system32\17979.exe
c:\windows\system32\17987.exe
c:\windows\system32\18.exe
c:\windows\system32\18003.exe
c:\windows\system32\18013.exe
c:\windows\system32\18019.exe
c:\windows\system32\18028.exe
c:\windows\system32\18035.exe
c:\windows\system32\18037.exe
c:\windows\system32\18042.exe
c:\windows\system32\18047.exe
c:\windows\system32\18050.exe
c:\windows\system32\18053.exe
c:\windows\system32\1806.exe
c:\windows\system32\18067.exe
c:\windows\system32\18075.exe
c:\windows\system32\18077.exe
c:\windows\system32\1809.exe
c:\windows\system32\18095.exe
c:\windows\system32\18108.exe
c:\windows\system32\18113.exe
c:\windows\system32\1812.exe
c:\windows\system32\18137.exe
c:\windows\system32\18143.exe
c:\windows\system32\18148.exe
c:\windows\system32\18156.exe
c:\windows\system32\18163.exe
c:\windows\system32\18165.exe
c:\windows\system32\18174.exe
c:\windows\system32\18178.exe
c:\windows\system32\1819.exe
c:\windows\system32\18196.exe
c:\windows\system32\18198.exe
c:\windows\system32\18200.exe
c:\windows\system32\18222.exe
c:\windows\system32\18224.exe
c:\windows\system32\18226.exe
c:\windows\system32\18231.exe
c:\windows\system32\18247.exe
c:\windows\system32\18261.exe
c:\windows\system32\18271.exe
c:\windows\system32\18292.exe
c:\windows\system32\18294.exe
c:\windows\system32\183.exe
c:\windows\system32\18330.exe
c:\windows\system32\18331.exe
c:\windows\system32\18338.exe
c:\windows\system32\18342.exe
c:\windows\system32\18345.exe
c:\windows\system32\18365.exe
c:\windows\system32\1837.exe
c:\windows\system32\18388.exe
c:\windows\system32\18390.exe
c:\windows\system32\18393.exe
c:\windows\system32\18395.exe
c:\windows\system32\18407.exe
c:\windows\system32\18410.exe
c:\windows\system32\18418.exe
c:\windows\system32\18420.exe
c:\windows\system32\18429.exe
c:\windows\system32\18434.exe
c:\windows\system32\18439.exe
c:\windows\system32\18440.exe
c:\windows\system32\18443.exe
c:\windows\system32\18448.exe
c:\windows\system32\18459.exe
c:\windows\system32\18467.exe
c:\windows\system32\18468.exe
c:\windows\system32\1847.exe
c:\windows\system32\18471.exe
c:\windows\system32\18476.exe
c:\windows\system32\18483.exe
c:\windows\system32\18487.exe
c:\windows\system32\18491.exe
c:\windows\system32\18494.exe
c:\windows\system32\18495.exe
c:\windows\system32\18527.exe
c:\windows\system32\18530.exe
c:\windows\system32\18531.exe
c:\windows\system32\18532.exe
c:\windows\system32\18537.exe
c:\windows\system32\18548.exe
c:\windows\system32\18561.exe
c:\windows\system32\18567.exe
c:\windows\system32\18569.exe
c:\windows\system32\18571.exe
c:\windows\system32\18572.exe
c:\windows\system32\18573.exe
c:\windows\system32\18578.exe
c:\windows\system32\1859.exe
c:\windows\system32\18591.exe
c:\windows\system32\18626.exe
c:\windows\system32\18629.exe
c:\windows\system32\18630.exe
c:\windows\system32\18636.exe
c:\windows\system32\18639.exe
c:\windows\system32\18645.exe
c:\windows\system32\18649.exe
c:\windows\system32\1867.exe
c:\windows\system32\18682.exe
c:\windows\system32\18685.exe
c:\windows\system32\18697.exe
c:\windows\system32\18706.exe
c:\windows\system32\18710.exe
c:\windows\system32\18716.exe
c:\windows\system32\1872.exe
c:\windows\system32\18736.exe
c:\windows\system32\18748.exe
c:\windows\system32\1875.exe
c:\windows\system32\18753.exe
c:\windows\system32\18763.exe
c:\windows\system32\18769.exe
c:\windows\system32\18774.exe
c:\windows\system32\18777.exe
c:\windows\system32\18792.exe
c:\windows\system32\18804.exe
c:\windows\system32\18808.exe
c:\windows\system32\18809.exe
c:\windows\system32\18822.exe
c:\windows\system32\18825.exe
c:\windows\system32\18828.exe
c:\windows\system32\18847.exe
c:\windows\system32\18848.exe
c:\windows\system32\18868.exe
c:\windows\system32\18874.exe
c:\windows\system32\18897.exe
c:\windows\system32\18903.exe
c:\windows\system32\18918.exe
c:\windows\system32\18945.exe
c:\windows\system32\18949.exe
c:\windows\system32\18954.exe
c:\windows\system32\18956.exe
c:\windows\system32\1896.exe
c:\windows\system32\18960.exe
c:\windows\system32\18965.exe
c:\windows\system32\18968.exe
c:\windows\system32\18972.exe
c:\windows\system32\18981.exe
c:\windows\system32\18988.exe
c:\windows\system32\18992.exe
c:\windows\system32\18996.exe
c:\windows\system32\19002.exe
c:\windows\system32\19005.exe
c:\windows\system32\19006.exe
c:\windows\system32\19007.exe
c:\windows\system32\19017.exe
c:\windows\system32\19020.exe
c:\windows\system32\19045.exe
c:\windows\system32\1905.exe
c:\windows\system32\19053.exe
c:\windows\system32\19054.exe
c:\windows\system32\19055.exe
c:\windows\system32\19060.exe
c:\windows\system32\19062.exe
c:\windows\system32\1907.exe
c:\windows\system32\19073.exe
c:\windows\system32\19084.exe
c:\windows\system32\19085.exe
c:\windows\system32\19090.exe
c:\windows\system32\1910.exe
c:\windows\system32\19100.exe
c:\windows\system32\19114.exe
c:\windows\system32\19119.exe
c:\windows\system32\1912.exe
c:\windows\system32\19122.exe
c:\windows\system32\19124.exe
c:\windows\system32\19150.exe
c:\windows\system32\19157.exe
c:\windows\system32\19159.exe
c:\windows\system32\19160.exe
c:\windows\system32\19177.exe
c:\windows\system32\19179.exe
c:\windows\system32\19185.exe
c:\windows\system32\19186.exe
c:\windows\system32\19187.exe
c:\windows\system32\19189.exe
c:\windows\system32\19197.exe
c:\windows\system32\192.exe
c:\windows\system32\19201.exe
c:\windows\system32\19202.exe
c:\windows\system32\19207.exe
c:\windows\system32\19210.exe
c:\windows\system32\19216.exe
c:\windows\system32\19220.exe
c:\windows\system32\19222.exe
c:\windows\system32\19223.exe
c:\windows\system32\19226.exe
c:\windows\system32\19236.exe
c:\windows\system32\19242.exe
c:\windows\system32\19251.exe
c:\windows\system32\19266.exe
c:\windows\system32\19272.exe
c:\windows\system32\19274.exe
c:\windows\system32\19288.exe
c:\windows\system32\19298.exe
c:\windows\system32\19299.exe
c:\windows\system32\19306.exe
c:\windows\system32\19312.exe
c:\windows\system32\19316.exe
c:\windows\system32\1933.exe
c:\windows\system32\19335.exe
c:\windows\system32\19340.exe
c:\windows\system32\19349.exe
c:\windows\system32\1935.exe
c:\windows\system32\19360.exe
c:\windows\system32\19362.exe
c:\windows\system32\19364.exe
c:\windows\system32\19365.exe
c:\windows\system32\1937.exe
c:\windows\system32\19375.exe
c:\windows\system32\19376.exe
c:\windows\system32\19389.exe
c:\windows\system32\19393.exe
c:\windows\system32\19398.exe
c:\windows\system32\19420.exe
c:\windows\system32\19421.exe
c:\windows\system32\19422.exe
c:\windows\system32\19426.exe
c:\windows\system32\19431.exe
c:\windows\system32\19433.exe
c:\windows\system32\19438.exe
c:\windows\system32\1944.exe
c:\windows\system32\19440.exe
c:\windows\system32\19451.exe
c:\windows\system32\19453.exe
c:\windows\system32\19457.exe
c:\windows\system32\19461.exe
c:\windows\system32\19463.exe
c:\windows\system32\19464.exe
c:\windows\system32\19470.exe
c:\windows\system32\1948.exe
c:\windows\system32\19488.exe
c:\windows\system32\19491.exe
c:\windows\system32\19495.exe
c:\windows\system32\19498.exe
c:\windows\system32\195.exe
c:\windows\system32\19507.exe
c:\windows\system32\19514.exe
c:\windows\system32\19517.exe
c:\windows\system32\19521.exe
c:\windows\system32\19537.exe
c:\windows\system32\1954.exe
c:\windows\system32\19541.exe
c:\windows\system32\19559.exe
c:\windows\system32\1956.exe
c:\windows\system32\19566.exe
c:\windows\system32\19574.exe
c:\windows\system32\19585.exe
c:\windows\system32\19588.exe
c:\windows\system32\19594.exe
c:\windows\system32\19595.exe
c:\windows\system32\19605.exe
c:\windows\system32\1961.exe
c:\windows\system32\19629.exe
c:\windows\system32\19631.exe
c:\windows\system32\1965.exe
c:\windows\system32\19652.exe
c:\windows\system32\19659.exe
c:\windows\system32\19666.exe
c:\windows\system32\19669.exe
c:\windows\system32\19675.exe
c:\windows\system32\19681.exe
c:\windows\system32\19689.exe
c:\windows\system32\19699.exe
c:\windows\system32\197.exe
c:\windows\system32\19720.exe
c:\windows\system32\19722.exe
c:\windows\system32\19723.exe
c:\windows\system32\19731.exe
c:\windows\system32\19733.exe
c:\windows\system32\19736.exe
c:\windows\system32\19742.exe
c:\windows\system32\19745.exe
c:\windows\system32\19746.exe
c:\windows\system32\19747.exe
c:\windows\system32\19749.exe
c:\windows\system32\19753.exe
c:\windows\system32\19757.exe
c:\windows\system32\19767.exe
c:\windows\system32\19768.exe
c:\windows\system32\19775.exe
c:\windows\system32\19781.exe
c:\windows\system32\19787.exe
c:\windows\system32\19796.exe
c:\windows\system32\198.exe
c:\windows\system32\19801.exe
c:\windows\system32\19806.exe
c:\windows\system32\19811.exe
c:\windows\system32\19818.exe
c:\windows\system32\19827.exe
c:\windows\system32\1983.exe
c:\windows\system32\19831.exe
c:\windows\system32\19838.exe
c:\windows\system32\19842.exe
c:\windows\system32\19849.exe
c:\windows\system32\19855.exe
c:\windows\system32\19871.exe
c:\windows\system32\19873.exe
c:\windows\system32\19874.exe
c:\windows\system32\19875.exe
c:\windows\system32\19879.exe
c:\windows\system32\19895.exe
c:\windows\system32\19897.exe
c:\windows\system32\199.exe
c:\windows\system32\19900.exe
c:\windows\system32\19927.exe
c:\windows\system32\19930.exe
c:\windows\system32\19934.exe
c:\windows\system32\19938.exe
c:\windows\system32\19943.exe
c:\windows\system32\19944.exe
c:\windows\system32\19946.exe
c:\windows\system32\19948.exe
c:\windows\system32\1995.exe
c:\windows\system32\19950.exe
c:\windows\system32\19955.exe
c:\windows\system32\19958.exe
c:\windows\system32\1996.exe
c:\windows\system32\19964.exe
c:\windows\system32\19968.exe
c:\windows\system32\19970.exe
c:\windows\system32\19974.exe
c:\windows\system32\19981.exe
c:\windows\system32\19992.exe
c:\windows\system32\19999.exe
c:\windows\system32\20000.exe
c:\windows\system32\20005.exe
c:\windows\system32\2001.exe
c:\windows\system32\20010.exe
c:\windows\system32\2002.exe
c:\windows\system32\20023.exe
c:\windows\system32\20028.exe
c:\windows\system32\20031.exe
c:\windows\system32\20035.exe
c:\windows\system32\20037.exe
c:\windows\system32\20045.exe
c:\windows\system32\20046.exe
c:\windows\system32\20048.exe
c:\windows\system32\20055.exe
c:\windows\system32\20058.exe
c:\windows\system32\20062.exe
c:\windows\system32\20074.exe
c:\windows\system32\20081.exe
c:\windows\system32\20084.exe
c:\windows\system32\20087.exe
c:\windows\system32\20088.exe
c:\windows\system32\20089.exe
c:\windows\system32\20094.exe
c:\windows\system32\20096.exe
c:\windows\system32\20098.exe
c:\windows\system32\20099.exe
c:\windows\system32\201.exe
c:\windows\system32\20121.exe
c:\windows\system32\20128.exe
c:\windows\system32\20139.exe
c:\windows\system32\20154.exe
c:\windows\system32\2016.exe
c:\windows\system32\20160.exe
c:\windows\system32\20163.exe
c:\windows\system32\2017.exe
c:\windows\system32\20190.exe
c:\windows\system32\20198.exe
c:\windows\system32\202.exe
c:\windows\system32\20209.exe
c:\windows\system32\2021.exe
c:\windows\system32\20213.exe
c:\windows\system32\20234.exe
c:\windows\system32\20246.exe
c:\windows\system32\2025.exe
c:\windows\system32\20251.exe
c:\windows\system32\20260.exe
c:\windows\system32\20263.exe
c:\windows\system32\20283.exe
c:\windows\system32\20284.exe
c:\windows\system32\20292.exe
c:\windows\system32\20299.exe
c:\windows\system32\203.exe
c:\windows\system32\20303.exe
c:\windows\system32\20305.exe
c:\windows\system32\20315.exe
c:\windows\system32\20317.exe
c:\windows\system32\20321.exe
c:\windows\system32\20328.exe
c:\windows\system32\20329.exe
c:\windows\system32\20330.exe
c:\windows\system32\20333.exe
c:\windows\system32\20335.exe
c:\windows\system32\20336.exe
c:\windows\system32\20337.exe
c:\windows\system32\20358.exe
c:\windows\system32\20359.exe
c:\windows\system32\20364.exe
c:\windows\system32\20368.exe
c:\windows\system32\20373.exe
c:\windows\system32\20390.exe
c:\windows\system32\20394.exe
c:\windows\system32\20395.exe
c:\windows\system32\2040.exe
c:\windows\system32\20403.exe
c:\windows\system32\20407.exe
c:\windows\system32\20413.exe
c:\windows\system32\20424.exe
c:\windows\system32\20438.exe
c:\windows\system32\20453.exe
c:\windows\system32\20454.exe
c:\windows\system32\20465.exe
c:\windows\system32\20478.exe
c:\windows\system32\20480.exe
c:\windows\system32\20488.exe
c:\windows\system32\20492.exe
c:\windows\system32\20498.exe
c:\windows\system32\20499.exe
c:\windows\system32\20502.exe
c:\windows\system32\20505.exe
c:\windows\system32\20506.exe
c:\windows\system32\20524.exe
c:\windows\system32\20526.exe
c:\windows\system32\20529.exe
c:\windows\system32\20546.exe
c:\windows\system32\20554.exe
c:\windows\system32\20555.exe
c:\windows\system32\20556.exe
c:\windows\system32\20565.exe
c:\windows\system32\20569.exe
c:\windows\system32\20570.exe
c:\windows\system32\20572.exe
c:\windows\system32\20600.exe
c:\windows\system32\20603.exe
c:\windows\system32\20605.exe
c:\windows\system32\20610.exe
c:\windows\system32\20611.exe
c:\windows\system32\20616.exe
c:\windows\system32\20625.exe
c:\windows\system32\20626.exe
c:\windows\system32\20640.exe
c:\windows\system32\20641.exe
c:\windows\system32\20647.exe
c:\windows\system32\20659.exe
c:\windows\system32\20660.exe
c:\windows\system32\20668.exe
c:\windows\system32\20669.exe
c:\windows\system32\20670.exe
c:\windows\system32\20671.exe
c:\windows\system32\20697.exe
c:\windows\system32\20707.exe
c:\windows\system32\20717.exe
c:\windows\system32\20718.exe
c:\windows\system32\20727.exe
c:\windows\system32\20735.exe
c:\windows\system32\20739.exe
c:\windows\system32\20750.exe
c:\windows\system32\20753.exe
c:\windows\system32\20754.exe
c:\windows\system32\20756.exe
c:\windows\system32\20757.exe
c:\windows\system32\20759.exe
c:\windows\system32\20769.exe
c:\windows\system32\2077.exe
c:\windows\system32\20774.exe
c:\windows\system32\20778.exe
c:\windows\system32\20789.exe
c:\windows\system32\20791.exe
c:\windows\system32\20792.exe
c:\windows\system32\20793.exe
c:\windows\system32\20795.exe
c:\windows\system32\20810.exe
c:\windows\system32\20814.exe
c:\windows\system32\20824.exe
c:\windows\system32\20825.exe
c:\windows\system32\20827.exe
c:\windows\system32\20832.exe
c:\windows\system32\20833.exe
c:\windows\system32\20839.exe
c:\windows\system32\20850.exe
c:\windows\system32\20860.exe
c:\windows\system32\20870.exe
c:\windows\system32\20873.exe
c:\windows\system32\20884.exe
c:\windows\system32\20885.exe
c:\windows\system32\20896.exe
c:\windows\system32\20899.exe
c:\windows\system32\20901.exe
c:\windows\system32\20904.exe
c:\windows\system32\20911.exe
c:\windows\system32\20928.exe
c:\windows\system32\20931.exe
c:\windows\system32\20932.exe
c:\windows\system32\20939.exe
c:\windows\system32\20956.exe
c:\windows\system32\20958.exe
c:\windows\system32\20961.exe
c:\windows\system32\20971.exe
c:\windows\system32\20975.exe
c:\windows\system32\20979.exe
c:\windows\system32\20985.exe
c:\windows\system32\20986.exe
c:\windows\system32\20989.exe
c:\windows\system32\20990.exe
c:\windows\system32\20998.exe
c:\windows\system32\21.exe
c:\windows\system32\2100.exe
c:\windows\system32\21003.exe
c:\windows\system32\21010.exe
c:\windows\system32\21016.exe
c:\windows\system32\21018.exe
c:\windows\system32\21027.exe
c:\windows\system32\21028.exe
c:\windows\system32\21030.exe
c:\windows\system32\21035.exe
c:\windows\system32\21042.exe
c:\windows\system32\21056.exe
c:\windows\system32\21058.exe
c:\windows\system32\21062.exe
c:\windows\system32\21067.exe
c:\windows\system32\21069.exe
c:\windows\system32\21073.exe
c:\windows\system32\21076.exe
c:\windows\system32\21077.exe
c:\windows\system32\21084.exe
c:\windows\system32\21087.exe
c:\windows\system32\21096.exe
c:\windows\system32\21100.exe
c:\windows\system32\21101.exe
c:\windows\system32\21119.exe
c:\windows\system32\21130.exe
c:\windows\system32\21145.exe
c:\windows\system32\2116.exe
c:\windows\system32\21162.exe
c:\windows\system32\21170.exe
c:\windows\system32\21174.exe
c:\windows\system32\21177.exe
c:\windows\system32\21181.exe
c:\windows\system32\21186.exe
c:\windows\system32\21187.exe
c:\windows\system32\21190.exe
c:\windows\system32\21221.exe
c:\windows\system32\21226.exe
c:\windows\system32\21230.exe
c:\windows\system32\21236.exe
c:\windows\system32\21237.exe
c:\windows\system32\21241.exe
c:\windows\system32\21243.exe
c:\windows\system32\21248.exe
c:\windows\system32\21254.exe
c:\windows\system32\21258.exe
c:\windows\system32\21260.exe
c:\windows\system32\21267.exe
c:\windows\system32\21274.exe
c:\windows\system32\21275.exe
c:\windows\system32\21276.exe
c:\windows\system32\21281.exe
c:\windows\system32\21286.exe
c:\windows\system32\2129.exe
c:\windows\system32\21293.exe
c:\windows\system32\21298.exe
c:\windows\system32\213.exe
c:\windows\system32\21323.exe
c:\windows\system32\21335.exe
c:\windows\system32\21354.exe
c:\windows\system32\21372.exe
c:\windows\system32\21380.exe
c:\windows\system32\21382.exe
c:\windows\system32\21383.exe
c:\windows\system32\21388.exe
c:\windows\system32\21392.exe
c:\windows\system32\21393.exe
c:\windows\system32\21399.exe
c:\windows\system32\2141.exe
c:\windows\system32\21413.exe
c:\windows\system32\21414.exe
c:\windows\system32\21415.exe
c:\windows\system32\21423.exe
c:\windows\system32\21424.exe
c:\windows\system32\21430.exe
c:\windows\system32\21432.exe
c:\windows\system32\21441.exe
c:\windows\system32\21442.exe
c:\windows\system32\21443.exe
c:\windows\system32\21447.exe
c:\windows\system32\21448.exe
c:\windows\system32\21451.exe
c:\windows\system32\21456.exe
c:\windows\system32\21466.exe
c:\windows\system32\21482.exe
c:\windows\system32\21491.exe
c:\windows\system32\21494.exe
c:\windows\system32\215.exe
c:\windows\system32\21500.exe
c:\windows\system32\21520.exe
c:\windows\system32\21540.exe
c:\windows\system32\21541.exe
c:\windows\system32\21542.exe
c:\windows\system32\21543.exe
c:\windows\system32\21547.exe
c:\windows\system32\21561.exe
c:\windows\system32\21564.exe
c:\windows\system32\21570.exe
c:\windows\system32\21577.exe
c:\windows\system32\2158.exe
c:\windows\system32\21597.exe
c:\windows\system32\21599.exe
c:\windows\system32\21619.exe
c:\windows\system32\21631.exe
c:\windows\system32\2164.exe
c:\windows\system32\21650.exe
c:\windows\system32\21652.exe
c:\windows\system32\21664.exe
c:\windows\system32\21667.exe
c:\windows\system32\21677.exe
c:\windows\system32\21681.exe
c:\windows\system32\21682.exe
c:\windows\system32\21688.exe
c:\windows\system32\21699.exe
c:\windows\system32\217.exe
c:\windows\system32\21700.exe
c:\windows\system32\21702.exe
c:\windows\system32\21708.exe
c:\windows\system32\21711.exe
c:\windows\system32\21712.exe
c:\windows\system32\21730.exe
c:\windows\system32\21733.exe
c:\windows\system32\21735.exe
c:\windows\system32\21737.exe
c:\windows\system32\21743.exe
c:\windows\system32\21749.exe
c:\windows\system32\21761.exe
c:\windows\system32\21765.exe
c:\windows\system32\21781.exe
c:\windows\system32\21785.exe
c:\windows\system32\21787.exe
c:\windows\system32\2180.exe
c:\windows\system32\21812.exe
c:\windows\system32\2182.exe
c:\windows\system32\21834.exe
c:\windows\system32\21856.exe
c:\windows\system32\21871.exe
c:\windows\system32\21873.exe
c:\windows\system32\2188.exe
c:\windows\system32\21891.exe
c:\windows\system32\21894.exe
c:\windows\system32\21897.exe
c:\windows\system32\21899.exe
c:\windows\system32\219.exe
c:\windows\system32\2190.exe
c:\windows\system32\21901.exe
c:\windows\system32\21906.exe
c:\windows\system32\21909.exe
c:\windows\system32\2191.exe
c:\windows\system32\21925.exe
c:\windows\system32\21926.exe
c:\windows\system32\21936.exe
c:\windows\system32\21939.exe
c:\windows\system32\21941.exe
c:\windows\system32\21972.exe
c:\windows\system32\21989.exe
c:\windows\system32\21992.exe
c:\windows\system32\21997.exe
c:\windows\system32\21998.exe
c:\windows\system32\22010.exe
c:\windows\system32\22017.exe
c:\windows\system32\22022.exe
c:\windows\system32\22030.exe
c:\windows\system32\22032.exe
c:\windows\system32\22034.exe
c:\windows\system32\22046.exe
c:\windows\system32\22047.exe
c:\windows\system32\22049.exe
c:\windows\system32\22051.exe
c:\windows\system32\22060.exe
c:\windows\system32\22064.exe
c:\windows\system32\22072.exe
c:\windows\system32\22073.exe
c:\windows\system32\22085.exe
c:\windows\system32\22093.exe
c:\windows\system32\22096.exe
c:\windows\system32\2211.exe
c:\windows\system32\22112.exe
c:\windows\system32\22122.exe
c:\windows\system32\22130.exe
c:\windows\system32\22131.exe
c:\windows\system32\22133.exe
c:\windows\system32\22141.exe
c:\windows\system32\22144.exe
c:\windows\system32\22146.exe
c:\windows\system32\22155.exe
c:\windows\system32\22157.exe
c:\windows\system32\22160.exe
c:\windows\system32\22168.exe
c:\windows\system32\22179.exe
c:\windows\system32\2218.exe
c:\windows\system32\22185.exe
c:\windows\system32\22202.exe
c:\windows\system32\22203.exe
c:\windows\system32\22234.exe
c:\windows\system32\22246.exe
c:\windows\system32\22248.exe
c:\windows\system32\22249.exe
c:\windows\system32\2225.exe
c:\windows\system32\22251.exe
c:\windows\system32\22258.exe
c:\windows\system32\2226.exe
c:\windows\system32\22262.exe
c:\windows\system32\22268.exe
c:\windows\system32\22271.exe
c:\windows\system32\22276.exe
c:\windows\system32\22282.exe
c:\windows\system32\22284.exe
c:\windows\system32\2229.exe
c:\windows\system32\22294.exe
c:\windows\system32\22299.exe
c:\windows\system32\2230.exe
c:\windows\system32\22303.exe
c:\windows\system32\22309.exe
c:\windows\system32\22313.exe
c:\windows\system32\22318.exe
c:\windows\system32\22321.exe
c:\windows\system32\22322.exe
c:\windows\system32\22331.exe
c:\windows\system32\22335.exe
c:\windows\system32\22339.exe
c:\windows\system32\22357.exe
c:\windows\system32\22362.exe
c:\windows\system32\22374.exe
c:\windows\system32\22384.exe
c:\windows\system32\22386.exe
c:\windows\system32\2239.exe
c:\windows\system32\22398.exe
c:\windows\system32\22406.exe
c:\windows\system32\2241.exe
c:\windows\system32\22411.exe
c:\windows\system32\22420.exe
c:\windows\system32\22429.exe
c:\windows\system32\22435.exe
c:\windows\system32\22440.exe
c:\windows\system32\22450.exe
c:\windows\system32\22451.exe
c:\windows\system32\22459.exe
c:\windows\system32\2247.exe
c:\windows\system32\22472.exe
c:\windows\system32\22478.exe
c:\windows\system32\22489.exe
c:\windows\system32\22490.exe
c:\windows\system32\22499.exe
c:\windows\system32\22501.exe
c:\windows\system32\22514.exe
c:\windows\system32\22521.exe
c:\windows\system32\22522.exe
c:\windows\system32\22529.exe
c:\windows\system32\2253.exe
c:\windows\system32\22549.exe
c:\windows\system32\22566.exe
c:\windows\system32\22570.exe
c:\windows\system32\22574.exe
c:\windows\system32\22583.exe
c:\windows\system32\2259.exe
c:\windows\system32\22599.exe
c:\windows\system32\22602.exe
c:\windows\system32\22605.exe
c:\windows\system32\22638.exe
c:\windows\system32\2264.exe
c:\windows\system32\22649.exe
c:\windows\system32\22656.exe
c:\windows\system32\22665.exe
c:\windows\system32\22668.exe
c:\windows\system32\2267.exe
c:\windows\system32\22674.exe
c:\windows\system32\22694.exe
c:\windows\system32\22695.exe
c:\windows\system32\22701.exe
c:\windows\system32\22707.exe
c:\windows\system32\22710.exe
c:\windows\system32\22720.exe
c:\windows\system32\22735.exe
c:\windows\system32\22738.exe
c:\windows\system32\22741.exe
c:\windows\system32\22743.exe
c:\windows\system32\22754.exe
c:\windows\system32\22759.exe
c:\windows\system32\22762.exe
c:\windows\system32\22763.exe
c:\windows\system32\22783.exe
c:\windows\system32\22792.exe
c:\windows\system32\22820.exe
c:\windows\system32\22823.exe
c:\windows\system32\22831.exe
c:\windows\system32\22832.exe
c:\windows\system32\22842.exe
c:\windows\system32\22843.exe
c:\windows\system32\22861.exe
c:\windows\system32\22862.exe
c:\windows\system32\22875.exe
c:\windows\system32\22877.exe
c:\windows\system32\22882.exe
c:\windows\system32\22897.exe
c:\windows\system32\22898.exe
c:\windows\system32\22899.exe
c:\windows\system32\22905.exe
c:\windows\system32\22908.exe
c:\windows\system32\22910.exe
c:\windows\system32\22916.exe
c:\windows\system32\22918.exe
c:\windows\system32\22919.exe
c:\windows\system32\22930.exe
c:\windows\system32\22939.exe
c:\windows\system32\22954.exe
c:\windows\system32\22960.exe
c:\windows\system32\22967.exe
c:\windows\system32\2297.exe
c:\windows\system32\22975.exe
c:\windows\system32\22985.exe
c:\windows\system32\22990.exe
c:\windows\system32\22998.exe
c:\windows\system32\230.exe
c:\windows\system32\23003.exe
c:\windows\system32\23007.exe
c:\windows\system32\2301.exe
c:\windows\system32\23044.exe
c:\windows\system32\23059.exe
c:\windows\system32\23064.exe
c:\windows\system32\23069.exe
c:\windows\system32\23086.exe
c:\windows\system32\23092.exe
c:\windows\system32\23093.exe
c:\windows\system32\2311.exe
c:\windows\system32\23121.exe
c:\windows\system32\23126.exe
c:\windows\system32\23146.exe
c:\windows\system32\23149.exe
c:\windows\system32\23158.exe
c:\windows\system32\23161.exe
c:\windows\system32\23166.exe
c:\windows\system32\23167.exe
c:\windows\system32\23169.exe
c:\windows\system32\23178.exe
c:\windows\system32\23191.exe
c:\windows\system32\23200.exe
c:\windows\system32\23213.exe
c:\windows\system32\23214.exe
c:\windows\system32\23229.exe
c:\windows\system32\2323.exe
c:\windows\system32\23233.exe
c:\windows\system32\23235.exe
c:\windows\system32\23238.exe
c:\windows\system32\23242.exe
c:\windows\system32\23249.exe
c:\windows\system32\23256.exe
c:\windows\system32\23257.exe
c:\windows\system32\23261.exe
c:\windows\system32\23262.exe
c:\windows\system32\23268.exe
c:\windows\system32\23276.exe
c:\windows\system32\23282.exe
c:\windows\system32\23284.exe
c:\windows\system32\2329.exe
c:\windows\system32\2330.exe
c:\windows\system32\23311.exe
c:\windows\system32\23318.exe
c:\windows\system32\23329.exe
c:\windows\system32\23331.exe
c:\windows\system32\23339.exe
c:\windows\system32\23341.exe
c:\windows\system32\23349.exe
c:\windows\system32\2336.exe
c:\windows\system32\23362.exe
c:\windows\system32\23367.exe
c:\windows\system32\23381.exe
c:\windows\system32\23385.exe
c:\windows\system32\2339.exe
c:\windows\system32\23405.exe
c:\windows\system32\23418.exe
c:\windows\system32\2342.exe
c:\windows\system32\23431.exe
c:\windows\system32\23441.exe
c:\windows\system32\23447.exe
c:\windows\system32\23455.exe
c:\windows\system32\23459.exe
c:\windows\system32\2346.exe
c:\windows\system32\23460.exe
c:\windows\system32\23463.exe
c:\windows\system32\23466.exe
c:\windows\system32\23472.exe
c:\windows\system32\23474.exe
c:\windows\system32\23494.exe
c:\windows\system32\23495.exe
c:\windows\system32\23497.exe
c:\windows\system32\23500.exe
c:\windows\system32\23532.exe
c:\windows\system32\23536.exe
c:\windows\system32\23539.exe
c:\windows\system32\23543.exe
c:\windows\system32\23551.exe
c:\windows\system32\23553.exe
c:\windows\system32\2356.exe
c:\windows\system32\23583.exe
c:\windows\system32\23593.exe
c:\windows\system32\23596.exe
c:\windows\system32\2360.exe
c:\windows\system32\23600.exe
c:\windows\system32\2361.exe
c:\windows\system32\23612.exe
c:\windows\system32\23617.exe
c:\windows\system32\23629.exe
c:\windows\system32\23633.exe
c:\windows\system32\23634.exe
c:\windows\system32\23640.exe
c:\windows\system32\23644.exe
c:\windows\system32\23650.exe
c:\windows\system32\2366.exe
c:\windows\system32\23661.exe
c:\windows\system32\23662.exe
c:\windows\system32\23668.exe
c:\windows\system32\2367.exe
c:\windows\system32\23673.exe
c:\windows\system32\23675.exe
c:\windows\system32\23680.exe
c:\windows\system32\23683.exe
c:\windows\system32\23685.exe
c:\windows\system32\23700.exe
c:\windows\system32\23702.exe
c:\windows\system32\2372.exe
c:\windows\system32\23723.exe
c:\windows\system32\23733.exe
c:\windows\system32\23735.exe
c:\windows\system32\23758.exe
c:\windows\system32\2376.exe
c:\windows\system32\23761.exe
c:\windows\system32\23769.exe
c:\windows\system32\23781.exe
c:\windows\system32\23788.exe
c:\windows\system32\23794.exe
c:\windows\system32\23795.exe
c:\windows\system32\23805.exe
c:\windows\system32\23808.exe
c:\windows\system32\23817.exe
c:\windows\system32\23831.exe
c:\windows\system32\23839.exe
c:\windows\system32\23845.exe
c:\windows\system32\23848.exe
c:\windows\system32\23864.exe
c:\windows\system32\23865.exe
c:\windows\system32\23868.exe
c:\windows\system32\23870.exe
c:\windows\system32\23872.exe
c:\windows\system32\2390.exe
c:\windows\system32\2392.exe
c:\windows\system32\23932.exe
c:\windows\system32\23935.exe
c:\windows\system32\23939.exe
c:\windows\system32\23947.exe
c:\windows\system32\23950.exe
c:\windows\system32\23951.exe
c:\windows\system32\2396.exe
c:\windows\system32\23965.exe
c:\windows\system32\23972.exe
c:\windows\system32\23987.exe
c:\windows\system32\23997.exe
c:\windows\system32\24002.exe
c:\windows\system32\24015.exe
c:\windows\system32\24017.exe
c:\windows\system32\24018.exe
c:\windows\system32\24022.exe
c:\windows\system32\24027.exe
c:\windows\system32\24030.exe
c:\windows\system32\24033.exe
c:\windows\system32\24037.exe
c:\windows\system32\2405.exe
c:\windows\system32\24067.exe
c:\windows\system32\24068.exe
c:\windows\system32\2408.exe
c:\windows\system32\24081.exe
c:\windows\system32\24097.exe
c:\windows\system32\24102.exe
c:\windows\system32\24103.exe
c:\windows\system32\24105.exe
c:\windows\system32\24112.exe
c:\windows\system32\24114.exe
c:\windows\system32\24126.exe
c:\windows\system32\24131.exe
c:\windows\system32\24143.exe
c:\windows\system32\24144.exe
c:\windows\system32\24146.exe
c:\windows\system32\24148.exe
c:\windows\system32\2415.exe
c:\windows\system32\24163.exe
c:\windows\system32\24168.exe
c:\windows\system32\24177.exe
c:\windows\system32\24186.exe
c:\windows\system32\24194.exe
c:\windows\system32\24210.exe
c:\windows\system32\24211.exe
c:\windows\system32\24213.exe
c:\windows\system32\2422.exe
c:\windows\system32\24242.exe
c:\windows\system32\24246.exe
c:\windows\system32\24254.exe
c:\windows\system32\24263.exe
c:\windows\system32\24265.exe
c:\windows\system32\24266.exe
c:\windows\system32\24267.exe
c:\windows\system32\24294.exe
c:\windows\system32\24295.exe
c:\windows\system32\243.exe
c:\windows\system32\24300.exe
c:\windows\system32\24304.exe
c:\windows\system32\24306.exe
c:\windows\system32\24310.exe
c:\windows\system32\24335.exe
c:\windows\system32\24344.exe
c:\windows\system32\24355.exe
c:\windows\system32\24363.exe
c:\windows\system32\24367.exe
c:\windows\system32\24373.exe
c:\windows\system32\24374.exe
c:\windows\system32\24380.exe
c:\windows\system32\24385.exe
c:\windows\system32\24394.exe
c:\windows\system32\24396.exe
c:\windows\system32\24401.exe
c:\windows\system32\24402.exe
c:\windows\system32\24409.exe
c:\windows\system32\2441.exe
c:\windows\system32\24411.exe
c:\windows\system32\24412.exe
c:\windows\system32\24418.exe
c:\windows\system32\24420.exe
c:\windows\system32\24430.exe
c:\windows\system32\24432.exe
c:\windows\system32\24437.exe
c:\windows\system32\24439.exe
c:\windows\system32\24444.exe
c:\windows\system32\24456.exe
c:\windows\system32\24457.exe
c:\windows\system32\24458.exe
c:\windows\system32\24470.exe
c:\windows\system32\24471.exe
c:\windows\system32\24473.exe
c:\windows\system32\24486.exe
c:\windows\system32\24493.exe
c:\windows\system32\24496.exe
c:\windows\system32\24497.exe
c:\windows\system32\24517.exe
c:\windows\system32\24526.exe
c:\windows\system32\24534.exe
c:\windows\system32\24536.exe
c:\windows\system32\24537.exe
c:\windows\system32\2455.exe
c:\windows\system32\24553.exe
c:\windows\system32\24555.exe
c:\windows\system32\24557.exe
c:\windows\system32\24560.exe
c:\windows\system32\24562.exe
c:\windows\system32\24574.exe
c:\windows\system32\24576.exe
c:\windows\system32\24584.exe
c:\windows\system32\24593.exe
c:\windows\system32\24618.exe
c:\windows\system32\24629.exe
c:\windows\system32\24638.exe
c:\windows\system32\24642.exe
c:\windows\system32\24657.exe
c:\windows\system32\2468.exe
c:\windows\system32\24692.exe
c:\windows\system32\24699.exe
c:\windows\system32\24700.exe
c:\windows\system32\24702.exe
c:\windows\system32\24711.exe
c:\windows\system32\24717.exe
c:\windows\system32\24718.exe
c:\windows\system32\24725.exe
c:\windows\system32\24732.exe
c:\windows\system32\24735.exe
c:\windows\system32\24743.exe
c:\windows\system32\24750.exe
c:\windows\system32\24776.exe
c:\windows\system32\24780.exe
c:\windows\system32\24783.exe
c:\windows\system32\24793.exe
c:\windows\system32\2480.exe
c:\windows\system32\24800.exe
c:\windows\system32\24804.exe
c:\windows\system32\24806.exe
c:\windows\system32\24815.exe
c:\windows\system32\24818.exe
c:\windows\system32\24825.exe
c:\windows\system32\24832.exe
c:\windows\system32\24833.exe
c:\windows\system32\24850.exe
c:\windows\system32\24854.exe
c:\windows\system32\24856.exe
c:\windows\system32\24859.exe
c:\windows\system32\24869.exe
c:\windows\system32\24877.exe
c:\windows\system32\24882.exe
c:\windows\system32\24902.exe
c:\windows\system32\24910.exe
c:\windows\system32\24913.exe
c:\windows\system32\24914.exe
c:\windows\system32\2492.exe
c:\windows\system32\24923.exe
c:\windows\system32\24932.exe
c:\windows\system32\24940.exe
c:\windows\system32\24949.exe
c:\windows\system32\2496.exe
c:\windows\system32\24961.exe
c:\windows\system32\24963.exe
c:\windows\system32\2497.exe
c:\windows\system32\24970.exe
c:\windows\system32\24982.exe
c:\windows\system32\24991.exe
c:\windows\system32\24999.exe
c:\windows\system32\25004.exe
c:\windows\system32\25012.exe
c:\windows\system32\25017.exe
c:\windows\system32\2502.exe
c:\windows\system32\25021.exe
c:\windows\system32\25028.exe
c:\windows\system32\2503.exe
c:\windows\system32\25031.exe
c:\windows\system32\25047.exe
c:\windows\system32\25048.exe
c:\windows\system32\25058.exe
c:\windows\system32\25078.exe
c:\windows\system32\25079.exe
c:\windows\system32\25084.exe
c:\windows\system32\25085.exe
c:\windows\system32\25086.exe
c:\windows\system32\25087.exe
c:\windows\system32\25109.exe
c:\windows\system32\25110.exe
c:\windows\system32\25112.exe
c:\windows\system32\25116.exe
c:\windows\system32\25140.exe
c:\windows\system32\25141.exe
c:\windows\system32\25155.exe
c:\windows\system32\25160.exe
c:\windows\system32\25165.exe
c:\windows\system32\2517.exe
c:\windows\system32\25177.exe
c:\windows\system32\25185.exe
c:\windows\system32\25188.exe
c:\windows\system32\25192.exe
c:\windows\system32\25194.exe
c:\windows\system32\25195.exe
c:\windows\system32\25202.exe
c:\windows\system32\25204.exe
c:\windows\system32\25208.exe
c:\windows\system32\25212.exe
c:\windows\system32\25213.exe
c:\windows\system32\25224.exe
c:\windows\system32\25230.exe
c:\windows\system32\25236.exe
c:\windows\system32\25239.exe
c:\windows\system32\25240.exe
c:\windows\system32\25252.exe
c:\windows\system32\25256.exe
c:\windows\system32\25289.exe
c:\windows\system32\25292.exe
c:\windows\system32\25298.exe
c:\windows\system32\25301.exe
c:\windows\system32\25303.exe
c:\windows\system32\25304.exe
c:\windows\system32\25311.exe
c:\windows\system32\25328.exe
c:\windows\system32\25332.exe
c:\windows\system32\25335.exe
c:\windows\system32\25336.exe
c:\windows\system32\25338.exe
c:\windows\system32\25341.exe
c:\windows\system32\2536.exe
c:\windows\system32\25367.exe
c:\windows\system32\25373.exe
c:\windows\system32\25397.exe
c:\windows\system32\25398.exe
c:\windows\system32\25412.exe
c:\windows\system32\25415.exe
c:\windows\system32\25417.exe
c:\windows\system32\25442.exe
c:\windows\system32\25452.exe
c:\windows\system32\25458.exe
c:\windows\system32\25461.exe
c:\windows\system32\25465.exe
c:\windows\system32\25471.exe
c:\windows\system32\25479.exe
c:\windows\system32\25483.exe
c:\windows\system32\25496.exe
c:\windows\system32\2550.exe
c:\windows\system32\2552.exe
c:\windows\system32\25521.exe
c:\windows\system32\25522.exe
c:\windows\system32\25524.exe
c:\windows\system32\25525.exe
c:\windows\system32\25528.exe
c:\windows\system32\25530.exe
c:\windows\system32\25542.exe
c:\windows\system32\25546.exe
c:\windows\system32\25560.exe
c:\windows\system32\25574.exe
c:\windows\system32\25577.exe
c:\windows\system32\25586.exe
c:\windows\system32\25592.exe
c:\windows\system32\25598.exe
c:\windows\system32\2560.exe
c:\windows\system32\25604.exe
c:\windows\system32\25606.exe
c:\windows\system32\25607.exe
c:\windows\system32\25610.exe
c:\windows\system32\25613.exe
c:\windows\system32\25614.exe
c:\windows\system32\25616.exe
c:\windows\system32\25624.exe
c:\windows\system32\25635.exe
c:\windows\system32\25650.exe
c:\windows\system32\25655.exe
c:\windows\system32\25661.exe
c:\windows\system32\25675.exe
c:\windows\system32\25687.exe
c:\windows\system32\25696.exe
c:\windows\system32\25699.exe
c:\windows\system32\25710.exe
c:\windows\system32\25714.exe
c:\windows\system32\25716.exe
c:\windows\system32\25736.exe
c:\windows\system32\25737.exe
c:\windows\system32\25738.exe
c:\windows\system32\25742.exe
c:\windows\system32\25753.exe
c:\windows\system32\2577.exe
c:\windows\system32\25771.exe
c:\windows\system32\25783.exe
c:\windows\system32\25806.exe
c:\windows\system32\25821.exe
c:\windows\system32\25823.exe
c:\windows\system32\25830.exe
c:\windows\system32\25835.exe
c:\windows\system32\25839.exe
c:\windows\system32\2584.exe
c:\windows\system32\25840.exe
c:\windows\system32\2585.exe
c:\windows\system32\25851.exe
c:\windows\system32\25862.exe
c:\windows\system32\25868.exe
c:\windows\system32\25874.exe
c:\windows\system32\2588.exe
c:\windows\system32\25880.exe
c:\windows\system32\25892.exe
c:\windows\system32\2590.exe
c:\windows\system32\25901.exe
c:\windows\system32\25907.exe
c:\windows\system32\25909.exe
c:\windows\system32\2591.exe
c:\windows\system32\25911.exe
c:\windows\system32\25921.exe
c:\windows\system32\25955.exe
c:\windows\system32\25958.exe
c:\windows\system32\25959.exe
c:\windows\system32\25961.exe
c:\windows\system32\25970.exe
c:\windows\system32\25971.exe
c:\windows\system32\25983.exe
c:\windows\system32\25990.exe
c:\windows\system32\25992.exe
c:\windows\system32\26.exe
c:\windows\system32\260.exe
c:\windows\system32\26001.exe
c:\windows\system32\26003.exe
c:\windows\system32\26004.exe
c:\windows\system32\26006.exe
c:\windows\system32\26010.exe
c:\windows\system32\26012.exe
c:\windows\system32\26030.exe
c:\windows\system32\26034.exe
c:\windows\system32\2604.exe
c:\windows\system32\26041.exe
c:\windows\system32\26043.exe
c:\windows\system32\2605.exe
c:\windows\system32\26051.exe
c:\windows\system32\26059.exe
c:\windows\system32\26065.exe
c:\windows\system32\26074.exe
c:\windows\system32\26090.exe
c:\windows\system32\26103.exe
c:\windows\system32\26113.exe
c:\windows\system32\2612.exe
c:\windows\system32\26124.exe
c:\windows\system32\26128.exe
c:\windows\system32\26132.exe
c:\windows\system32\26140.exe
c:\windows\system32\26157.exe
c:\windows\system32\26165.exe
c:\windows\system32\26166.exe
c:\windows\system32\26168.exe
c:\windows\system32\26171.exe
c:\windows\system32\26174.exe
c:\windows\system32\26176.exe
c:\windows\system32\26178.exe
c:\windows\system32\26188.exe
c:\windows\system32\2619.exe
c:\windows\system32\26196.exe
c:\windows\system32\2621.exe
c:\windows\system32\26220.exe
c:\windows\system32\26236.exe
c:\windows\system32\26278.exe
c:\windows\system32\26284.exe
c:\windows\system32\26286.exe
c:\windows\system32\26287.exe
c:\windows\system32\2629.exe
c:\windows\system32\26292.exe
c:\windows\system32\2630.exe
c:\windows\system32\26300.exe
c:\windows\system32\26301.exe
c:\windows\system32\26305.exe
c:\windows\system32\26308.exe
c:\windows\system32\26313.exe
c:\windows\system32\26322.exe
c:\windows\system32\26325.exe
c:\windows\system32\2633.exe
c:\windows\system32\26331.exe
c:\windows\system32\26334.exe
c:\windows\system32\26337.exe
c:\windows\system32\26340.exe
c:\windows\system32\26342.exe
c:\windows\system32\26346.exe
c:\windows\system32\26364.exe
c:\windows\system32\26365.exe
c:\windows\system32\2638.exe
c:\windows\system32\26385.exe
c:\windows\system32\26397.exe
c:\windows\system32\26409.exe
c:\windows\system32\2641.exe
c:\windows\system32\26417.exe
c:\windows\system32\26419.exe
c:\windows\system32\26423.exe
c:\windows\system32\26425.exe
c:\windows\system32\26428.exe
c:\windows\system32\26430.exe
c:\windows\system32\26432.exe
c:\windows\system32\26433.exe
c:\windows\system32\26439.exe
c:\windows\system32\26446.exe
c:\windows\system32\26472.exe
c:\windows\system32\26478.exe
c:\windows\system32\265.exe
c:\windows\system32\2650.exe
c:\windows\system32\26506.exe
c:\windows\system32\26509.exe
c:\windows\system32\26517.exe
c:\windows\system32\2652.exe
c:\windows\system32\26521.exe
c:\windows\system32\26523.exe
c:\windows\system32\26538.exe
c:\windows\system32\26546.exe
c:\windows\system32\26549.exe
c:\windows\system32\26566.exe
c:\windows\system32\26570.exe
c:\windows\system32\26571.exe
c:\windows\system32\26575.exe
c:\windows\system32\26587.exe
c:\windows\system32\26601.exe
c:\windows\system32\26622.exe
c:\windows\system32\26624.exe
c:\windows\system32\26629.exe
c:\windows\system32\26632.exe
c:\windows\system32\26635.exe
c:\windows\system32\26649.exe
c:\windows\system32\26652.exe
c:\windows\system32\26658.exe
c:\windows\system32\26666.exe
c:\windows\system32\26678.exe
c:\windows\system32\26681.exe
c:\windows\system32\2670.exe
c:\windows\system32\26700.exe
c:\windows\system32\26704.exe
c:\windows\system32\26708.exe
c:\windows\system32\26714.exe
c:\windows\system32\26715.exe
c:\windows\system32\26722.exe
c:\windows\system32\26725.exe
c:\windows\system32\26726.exe
c:\windows\system32\26740.exe
c:\windows\system32\26746.exe
c:\windows\system32\26747.exe
c:\windows\system32\26750.exe
c:\windows\system32\26757.exe
c:\windows\system32\26758.exe
c:\windows\system32\26771.exe
c:\windows\system32\26779.exe
c:\windows\system32\2678.exe
c:\windows\system32\26788.exe
c:\windows\system32\26791.exe
c:\windows\system32\26796.exe
c:\windows\system32\26803.exe
c:\windows\system32\26814.exe
c:\windows\system32\26818.exe
c:\windows\system32\26821.exe
c:\windows\system32\26822.exe
c:\windows\system32\26823.exe
c:\windows\system32\26848.exe
c:\windows\system32\26854.exe
c:\windows\system32\26860.exe
c:\windows\system32\26865.exe
c:\windows\system32\26875.exe
c:\windows\system32\26882.exe
c:\windows\system32\26894.exe
c:\windows\system32\269.exe
c:\windows\system32\26904.exe
c:\windows\system32\26918.exe
c:\windows\system32\26919.exe
c:\windows\system32\2692.exe
c:\windows\system32\26921.exe
c:\windows\system32\26931.exe
c:\windows\system32\26938.exe
c:\windows\system32\26958.exe
c:\windows\system32\26965.exe
c:\windows\system32\26970.exe
c:\windows\system32\26997.exe
c:\windows\system32\27000.exe
c:\windows\system32\27004.exe
c:\windows\system32\27006.exe
c:\windows\system32\27009.exe
c:\windows\system32\27012.exe
c:\windows\system32\27014.exe
c:\windows\system32\27036.exe
c:\windows\system32\27043.exe
c:\windows\system32\2705.exe
c:\windows\system32\27053.exe
c:\windows\system32\27055.exe
c:\windows\system32\27066.exe
c:\windows\system32\27070.exe
c:\windows\system32\27079.exe
c:\windows\system32\27092.exe
c:\windows\system32\27094.exe
c:\windows\system32\27098.exe
c:\windows\system32\2710.exe
c:\windows\system32\27103.exe
c:\windows\system32\27117.exe
c:\windows\system32\27120.exe
c:\windows\system32\27127.exe
c:\windows\system32\27130.exe
c:\windows\system32\27132.exe
c:\windows\system32\27139.exe
c:\windows\system32\27145.exe
c:\windows\system32\27146.exe
c:\windows\system32\27149.exe
c:\windows\system32\27154.exe
c:\windows\system32\27169.exe
c:\windows\system32\27170.exe
c:\windows\system32\27179.exe
c:\windows\system32\27184.exe
c:\windows\system32\27191.exe
c:\windows\system32\27192.exe
c:\windows\system32\27197.exe
c:\windows\system32\27200.exe
c:\windows\system32\27201.exe
c:\windows\system32\27203.exe
c:\windows\system32\27204.exe
c:\windows\system32\27205.exe
c:\windows\system32\27210.exe
c:\windows\system32\27212.exe
c:\windows\system32\27216.exe
c:\windows\system32\27218.exe
c:\windows\system32\27221.exe
c:\windows\system32\27236.exe
c:\windows\system32\27239.exe
c:\windows\system32\27241.exe
c:\windows\system32\27245.exe
c:\windows\system32\27249.exe
c:\windows\system32\2725.exe
c:\windows\system32\27252.exe
c:\windows\system32\27253.exe
c:\windows\system32\27258.exe
c:\windows\system32\27275.exe
c:\windows\system32\27279.exe
c:\windows\system32\27289.exe
c:\windows\system32\27299.exe
c:\windows\system32\27301.exe
c:\windows\system32\27303.exe
c:\windows\system32\2732.exe
c:\windows\system32\27320.exe
c:\windows\system32\27323.exe
c:\windows\system32\27327.exe
c:\windows\system32\27329.exe
c:\windows\system32\27330.exe
c:\windows\system32\27336.exe
c:\windows\system32\27338.exe
c:\windows\system32\27341.exe
c:\windows\system32\27342.exe
c:\windows\system32\27352.exe
c:\windows\system32\27357.exe
c:\windows\system32\27359.exe
c:\windows\system32\27362.exe
c:\windows\system32\27364.exe
c:\windows\system32\27366.exe
c:\windows\system32\2737.exe
c:\windows\system32\27374.exe
c:\windows\system32\27384.exe
c:\windows\system32\27386.exe
c:\windows\system32\27390.exe
c:\windows\system32\27392.exe
c:\windows\system32\27410.exe
c:\windows\system32\27420.exe
c:\windows\system32\27425.exe
c:\windows\system32\27426.exe
c:\windows\system32\27429.exe
c:\windows\system32\2743.exe
c:\windows\system32\27448.exe
c:\windows\system32\2747.exe
c:\windows\system32\27483.exe
c:\windows\system32\2749.exe
c:\windows\system32\275.exe
c:\windows\system32\2752.exe
c:\windows\system32\2754.exe
c:\windows\system32\27549.exe
c:\windows\system32\27554.exe
c:\windows\system32\27556.exe
c:\windows\system32\27560.exe
c:\windows\system32\27577.exe
c:\windows\system32\27579.exe
c:\windows\system32\27590.exe
c:\windows\system32\27591.exe
c:\windows\system32\27596.exe
c:\windows\system32\27600.exe
c:\windows\system32\2762.exe
c:\windows\system32\27622.exe
c:\windows\system32\27625.exe
c:\windows\system32\27634.exe
c:\windows\system32\27648.exe
c:\windows\system32\27660.exe
c:\windows\system32\27674.exe
c:\windows\system32\27687.exe
c:\windows\system32\27689.exe
c:\windows\system32\27707.exe
c:\windows\system32\27708.exe
c:\windows\system32\27721.exe
c:\windows\system32\27728.exe
c:\windows\system32\27731.exe
c:\windows\system32\27744.exe
c:\windows\system32\27746.exe
c:\windows\system32\27753.exe
c:\windows\system32\27758.exe
c:\windows\system32\27762.exe
c:\windows\system32\27767.exe
c:\windows\system32\27768.exe
c:\windows\system32\27772.exe
c:\windows\system32\27776.exe
c:\windows\system32\27777.exe
c:\windows\system32\27783.exe
c:\windows\system32\27789.exe
c:\windows\system32\27836.exe
c:\windows\system32\27848.exe
c:\windows\system32\27849.exe
c:\windows\system32\27858.exe
c:\windows\system32\27860.exe
c:\windows\system32\2788.exe
c:\windows\system32\27880.exe
c:\windows\system32\27881.exe
c:\windows\system32\27885.exe
c:\windows\system32\27891.exe
c:\windows\system32\2790.exe
c:\windows\system32\27906.exe
c:\windows\system32\27928.exe
c:\windows\system32\27929.exe
c:\windows\system32\2794.exe
c:\windows\system32\27949.exe
c:\windows\system32\2795.exe
c:\windows\system32\27951.exe
c:\windows\system32\27961.exe
c:\windows\system32\27967.exe
c:\windows\system32\27968.exe
c:\windows\system32\27969.exe
c:\windows\system32\27980.exe
c:\windows\system32\27990.exe
c:\windows\system32\27994.exe
c:\windows\system32\28001.exe
c:\windows\system32\28005.exe
c:\windows\system32\28013.exe
c:\windows\system32\28015.exe
c:\windows\system32\28025.exe
c:\windows\system32\28027.exe
c:\windows\system32\28030.exe
c:\windows\system32\28043.exe
c:\windows\system32\28048.exe
c:\windows\system32\28049.exe
c:\windows\system32\28051.exe
c:\windows\system32\28054.exe
c:\windows\system32\28060.exe
c:\windows\system32\28087.exe
c:\windows\system32\28096.exe
c:\windows\system32\2810.exe
c:\windows\system32\28103.exe
c:\windows\system32\28122.exe
c:\windows\system32\28125.exe
c:\windows\system32\28151.exe
c:\windows\system32\28154.exe
c:\windows\system32\28155.exe
c:\windows\system32\28159.exe
c:\windows\system32\28165.exe
c:\windows\system32\28168.exe
c:\windows\system32\28190.exe
c:\windows\system32\2820.exe
c:\windows\system32\28205.exe
c:\windows\system32\28221.exe
c:\windows\system32\28225.exe
c:\windows\system32\2823.exe
c:\windows\system32\28231.exe
c:\windows\system32\28244.exe
c:\windows\system32\28259.exe
c:\windows\system32\28266.exe
c:\windows\system32\2827.exe
c:\windows\system32\2828.exe
c:\windows\system32\28286.exe
c:\windows\system32\2829.exe
c:\windows\system32\28293.exe
c:\windows\system32\28297.exe
c:\windows\system32\28302.exe
c:\windows\system32\28303.exe
c:\windows\system32\28304.exe
c:\windows\system32\28306.exe
c:\windows\system32\28307.exe
c:\windows\system32\28321.exe
c:\windows\system32\28326.exe
c:\windows\system32\28333.exe
c:\windows\system32\28337.exe
c:\windows\system32\28339.exe
c:\windows\system32\28342.exe
c:\windows\system32\28345.exe
c:\windows\system32\2835.exe
c:\windows\system32\28353.exe
c:\windows\system32\28354.exe
c:\windows\system32\28355.exe
c:\windows\system32\28369.exe
c:\windows\system32\2837.exe
c:\windows\system32\2838.exe
c:\windows\system32\28387.exe
c:\windows\system32\28389.exe
c:\windows\system32\28395.exe
c:\windows\system32\28405.exe
c:\windows\system32\28408.exe
c:\windows\system32\28414.exe
c:\windows\system32\28418.exe
c:\windows\system32\28421.exe
c:\windows\system32\28423.exe
c:\windows\system32\2843.exe
c:\windows\system32\28430.exe
c:\windows\system32\28436.exe
c:\windows\system32\28443.exe
c:\windows\system32\28474.exe
c:\windows\system32\28475.exe
c:\windows\system32\28480.exe
c:\windows\system32\28481.exe
c:\windows\system32\28493.exe
c:\windows\system32\285.exe
c:\windows\system32\28504.exe
c:\windows\system32\2852.exe
c:\windows\system32\28523.exe
c:\windows\system32\28530.exe
c:\windows\system32\28532.exe
c:\windows\system32\2854.exe
c:\windows\system32\28545.exe
c:\windows\system32\28546.exe
c:\windows\system32\2855.exe
c:\windows\system32\28563.exe
c:\windows\system32\28570.exe
c:\windows\system32\28571.exe
c:\windows\system32\28576.exe
c:\windows\system32\28598.exe
c:\windows\system32\2860.exe
c:\windows\system32\28606.exe
c:\windows\system32\28611.exe
c:\windows\system32\28625.exe
c:\windows\system32\28628.exe
c:\windows\system32\2863.exe
c:\windows\system32\28631.exe
c:\windows\system32\28637.exe
c:\windows\system32\2865.exe
c:\windows\system32\28656.exe
c:\windows\system32\28657.exe
c:\windows\system32\28681.exe
c:\windows\system32\28689.exe
c:\windows\system32\28695.exe
c:\windows\system32\28711.exe
c:\windows\system32\28715.exe
c:\windows\system32\28730.exe
c:\windows\system32\2874.exe
c:\windows\system32\28757.exe
c:\windows\system32\2876.exe
c:\windows\system32\28762.exe
c:\windows\system32\28768.exe
c:\windows\system32\28775.exe
c:\windows\system32\28782.exe
c:\windows\system32\28783.exe
c:\windows\system32\28792.exe
c:\windows\system32\28798.exe
c:\windows\system32\28799.exe
c:\windows\system32\28805.exe
c:\windows\system32\28811.exe
c:\windows\system32\2882.exe
c:\windows\system32\28824.exe
c:\windows\system32\28843.exe
c:\windows\system32\28851.exe
c:\windows\system32\28855.exe
c:\windows\system32\28866.exe
c:\windows\system32\28881.exe
c:\windows\system32\28886.exe
c:\windows\system32\28920.exe
c:\windows\system32\28922.exe
c:\windows\system32\28929.exe
c:\windows\system32\28931.exe
c:\windows\system32\28937.exe
c:\windows\system32\28940.exe
c:\windows\system32\28950.exe
c:\windows\system32\28952.exe
c:\windows\system32\28953.exe
c:\windows\system32\28954.exe
c:\windows\system32\28957.exe
c:\windows\system32\28969.exe
c:\windows\system32\28970.exe
c:\windows\system32\28971.exe
c:\windows\system32\28980.exe
c:\windows\system32\28998.exe
c:\windows\system32\2900.exe
c:\windows\system32\29000.exe
c:\windows\system32\29002.exe
c:\windows\system32\29003.exe
c:\windows\system32\29016.exe
c:\windows\system32\29017.exe
c:\windows\system32\29023.exe
c:\windows\system32\29028.exe
c:\windows\system32\29037.exe
c:\windows\system32\29040.exe
c:\windows\system32\29041.exe
c:\windows\system32\2906.exe
c:\windows\system32\29076.exe
c:\windows\system32\29083.exe
c:\windows\system32\29089.exe
c:\windows\system32\29098.exe
c:\windows\system32\2910.exe
c:\windows\system32\29100.exe
c:\windows\system32\29116.exe
c:\windows\system32\29117.exe
c:\windows\system32\29119.exe
c:\windows\system32\29123.exe
c:\windows\system32\29124.exe
c:\windows\system32\29134.exe
c:\windows\system32\29135.exe
c:\windows\system32\29137.exe
c:\windows\system32\29141.exe
c:\windows\system32\29150.exe
c:\windows\system32\29161.exe
c:\windows\system32\29164.exe
c:\windows\system32\29190.exe
c:\windows\system32\29193.exe
c:\windows\system32\292.exe
c:\windows\system32\29206.exe
c:\windows\system32\29210.exe
c:\windows\system32\29214.exe
c:\windows\system32\29226.exe
c:\windows\system32\29236.exe
c:\windows\system32\29240.exe
c:\windows\system32\29250.exe
c:\windows\system32\29253.exe
c:\windows\system32\2927.exe
c:\windows\system32\29270.exe
c:\windows\system32\29271.exe
c:\windows\system32\29275.exe
c:\windows\system32\29278.exe
c:\windows\system32\29284.exe
c:\windows\system32\29293.exe
c:\windows\system32\29300.exe
c:\windows\system32\29317.exe
c:\windows\system32\29324.exe
c:\windows\system32\29330.exe
c:\windows\system32\29334.exe
c:\windows\system32\29336.exe
c:\windows\system32\29339.exe
c:\windows\system32\29340.exe
c:\windows\system32\29344.exe
c:\windows\system32\29349.exe
c:\windows\system32\29350.exe
c:\windows\system32\29352.exe
c:\windows\system32\29358.exe
c:\windows\system32\29361.exe
c:\windows\system32\29365.exe
c:\windows\system32\29368.exe
c:\windows\system32\29379.exe
c:\windows\system32\29394.exe
c:\windows\system32\29410.exe
c:\windows\system32\29413.exe
c:\windows\system32\29422.exe
c:\windows\system32\29430.exe
c:\windows\system32\29437.exe
c:\windows\system32\29439.exe
c:\windows\system32\29440.exe
c:\windows\system32\29449.exe
c:\windows\system32\29454.exe
c:\windows\system32\29456.exe
c:\windows\system32\29460.exe
c:\windows\system32\29463.exe
c:\windows\system32\29464.exe
c:\windows\system32\29468.exe
c:\windows\system32\29469.exe
c:\windows\system32\2947.exe
c:\windows\system32\29478.exe
c:\windows\system32\29486.exe
c:\windows\system32\29492.exe
c:\windows\system32\29493.exe
c:\windows\system32\29499.exe
c:\windows\system32\2952.exe
c:\windows\system32\29520.exe
c:\windows\system32\29526.exe
c:\windows\system32\29528.exe
c:\windows\system32\29538.exe
c:\windows\system32\29542.exe
c:\windows\system32\29553.exe
c:\windows\system32\29555.exe
c:\windows\system32\29561.exe
c:\windows\system32\29565.exe
c:\windows\system32\2957.exe
c:\windows\system32\29571.exe
c:\windows\system32\29572.exe
c:\windows\system32\29583.exe
c:\windows\system32\29594.exe
c:\windows\system32\29612.exe
c:\windows\system32\29618.exe
c:\windows\system32\29619.exe
c:\windows\system32\2962.exe
c:\windows\system32\29631.exe
c:\windows\system32\29633.exe
c:\windows\system32\29656.exe
c:\windows\system32\29657.exe
c:\windows\system32\29660.exe
c:\windows\system32\29665.exe
c:\windows\system32\29667.exe
c:\windows\system32\29672.exe
c:\windows\system32\29676.exe
c:\windows\system32\29678.exe
c:\windows\system32\29684.exe
c:\windows\system32\2969.exe
c:\windows\system32\29691.exe
c:\windows\system32\29695.exe
c:\windows\system32\29702.exe
c:\windows\system32\29705.exe
c:\windows\system32\29708.exe
c:\windows\system32\2971.exe
c:\windows\system32\29715.exe
c:\windows\system32\29717.exe
c:\windows\system32\29724.exe
c:\windows\system32\29733.exe
c:\windows\system32\29736.exe
c:\windows\system32\29745.exe
c:\windows\system32\29750.exe
c:\windows\system32\29752.exe
c:\windows\system32\29773.exe
c:\windows\system32\29781.exe
c:\windows\system32\29784.exe
c:\windows\system32\29787.exe
c:\windows\system32\29792.exe
c:\windows\system32\29800.exe
c:\windows\system32\29815.exe
c:\windows\system32\29817.exe
c:\windows\system32\29831.exe
c:\windows\system32\29834.exe
c:\windows\system32\29835.exe
c:\windows\system32\29836.exe
c:\windows\system32\29844.exe
c:\windows\system32\29848.exe
c:\windows\system32\29852.exe
c:\windows\system32\29862.exe
c:\windows\system32\29863.exe
c:\windows\system32\29871.exe
c:\windows\system32\29875.exe
c:\windows\system32\29879.exe
c:\windows\system32\2988.exe
c:\windows\system32\29886.exe
c:\windows\system32\29894.exe
c:\windows\system32\29895.exe
c:\windows\system32\29896.exe
c:\windows\system32\29899.exe
c:\windows\system32\29914.exe
c:\windows\system32\2992.exe
c:\windows\system32\29920.exe
c:\windows\system32\29925.exe
c:\windows\system32\29929.exe
c:\windows\system32\29933.exe
c:\windows\system32\29943.exe
c:\windows\system32\29949.exe
c:\windows\system32\2996.exe
c:\windows\system32\29971.exe
c:\windows\system32\29977.exe
c:\windows\system32\29991.exe
c:\windows\system32\29999.exe
c:\windows\system32\30003.exe
c:\windows\system32\30006.exe
c:\windows\system32\30012.exe
c:\windows\system32\30015.exe
c:\windows\system32\30019.exe
c:\windows\system32\30035.exe
c:\windows\system32\30036.exe
c:\windows\system32\30038.exe
c:\windows\system32\30039.exe
c:\windows\system32\30042.exe
c:\windows\system32\30048.exe
c:\windows\system32\30053.exe
c:\windows\system32\30056.exe
c:\windows\system32\30057.exe
c:\windows\system32\30060.exe
c:\windows\system32\30063.exe
c:\windows\system32\30065.exe
c:\windows\system32\30074.exe
c:\windows\system32\30075.exe
c:\windows\system32\30081.exe
c:\windows\system32\30084.exe
c:\windows\system32\30097.exe
c:\windows\system32\30103.exe
c:\windows\system32\30105.exe
c:\windows\system32\30107.exe
c:\windows\system32\30112.exe
c:\windows\system32\30118.exe
c:\windows\system32\30119.exe
c:\windows\system32\30129.exe
c:\windows\system32\30136.exe
c:\windows\system32\30139.exe
c:\windows\system32\30141.exe
c:\windows\system32\30150.exe
c:\windows\system32\30153.exe
c:\windows\system32\30157.exe
c:\windows\system32\30175.exe
c:\windows\system32\30185.exe
c:\windows\system32\30189.exe
c:\windows\system32\30207.exe
c:\windows\system32\30213.exe
c:\windows\system32\30214.exe
c:\windows\system32\30231.exe
c:\windows\system32\30237.exe
c:\windows\system32\30238.exe
c:\windows\system32\30244.exe
c:\windows\system32\30248.exe
c:\windows\system32\3025.exe
c:\windows\system32\30268.exe
c:\windows\system32\30270.exe
c:\windows\system32\30272.exe
c:\windows\system32\30278.exe
c:\windows\system32\3028.exe
c:\windows\system32\30283.exe
c:\windows\system32\30285.exe
c:\windows\system32\30287.exe
c:\windows\system32\30296.exe
c:\windows\system32\3030.exe
c:\windows\system32\30317.exe
c:\windows\system32\30319.exe
c:\windows\system32\30326.exe
c:\windows\system32\30333.exe
c:\windows\system32\30340.exe
c:\windows\system32\30342.exe
c:\windows\system32\30355.exe
c:\windows\system32\30356.exe
c:\windows\system32\30357.exe
c:\windows\system32\30365.exe
c:\windows\system32\30366.exe
c:\windows\system32\30370.exe
c:\windows\system32\30378.exe
c:\windows\system32\30381.exe
c:\windows\system32\30384.exe
c:\windows\system32\30388.exe
c:\windows\system32\30394.exe
c:\windows\system32\30399.exe
c:\windows\system32\30411.exe
c:\windows\system32\30412.exe
c:\windows\system32\30424.exe
c:\windows\system32\30429.exe
c:\windows\system32\30445.exe
c:\windows\system32\30452.exe
c:\windows\system32\30458.exe
c:\windows\system32\30459.exe
c:\windows\system32\30471.exe
c:\windows\system32\30476.exe
c:\windows\system32\30480.exe
c:\windows\system32\30484.exe
c:\windows\system32\30498.exe
c:\windows\system32\30500.exe
c:\windows\system32\30507.exe
c:\windows\system32\30518.exe
c:\windows\system32\3052.exe
c:\windows\system32\30526.exe
c:\windows\system32\30536.exe
c:\windows\system32\30538.exe
c:\windows\system32\3055.exe
c:\windows\system32\30554.exe
c:\windows\system32\30555.exe
c:\windows\system32\30561.exe
c:\windows\system32\3057.exe
c:\windows\system32\30570.exe
c:\windows\system32\30577.exe
c:\windows\system32\30579.exe
c:\windows\system32\30589.exe
c:\windows\system32\30590.exe
c:\windows\system32\30591.exe
c:\windows\system32\30601.exe
c:\windows\system32\30606.exe
c:\windows\system32\30607.exe
c:\windows\system32\30609.exe
c:\windows\system32\3062.exe
c:\windows\system32\30629.exe
c:\windows\system32\30643.exe
c:\windows\system32\30654.exe
c:\windows\system32\30656.exe
c:\windows\system32\3066.exe
c:\windows\system32\30662.exe
c:\windows\system32\30664.exe
c:\windows\system32\30666.exe
c:\windows\system32\30667.exe
c:\windows\system32\30669.exe
c:\windows\system32\30674.exe
c:\windows\system32\30679.exe
c:\windows\system32\30686.exe
c:\windows\system32\30691.exe
c:\windows\system32\30692.exe
c:\windows\system32\30698.exe
c:\windows\system32\30699.exe
c:\windows\system32\30704.exe
c:\windows\system32\30711.exe
c:\windows\system32\30729.exe
c:\windows\system32\30732.exe
c:\windows\system32\30739.exe
c:\windows\system32\30742.exe
c:\windows\system32\30759.exe
c:\windows\system32\30760.exe
c:\windows\system32\30762.exe
c:\windows\system32\30784.exe
c:\windows\system32\30795.exe
c:\windows\system32\30796.exe
c:\windows\system32\30799.exe
c:\windows\system32\30804.exe
c:\windows\system32\30813.exe
c:\windows\system32\30816.exe
c:\windows\system32\30818.exe
c:\windows\system32\3082.exe
c:\windows\system32\30821.exe
c:\windows\system32\30837.exe
c:\windows\system32\30838.exe
c:\windows\system32\30844.exe
c:\windows\system32\30845.exe
c:\windows\system32\30850.exe
c:\windows\system32\30865.exe
c:\windows\system32\30868.exe
c:\windows\system32\30871.exe
c:\windows\system32\30872.exe
c:\windows\system32\30880.exe
c:\windows\system32\30886.exe
c:\windows\system32\30888.exe
c:\windows\system32\30889.exe
c:\windows\system32\30908.exe
c:\windows\system32\30912.exe
c:\windows\system32\30930.exe
c:\windows\system32\30931.exe
c:\windows\system32\3094.exe
c:\windows\system32\30940.exe
c:\windows\system32\30942.exe
c:\windows\system32\30952.exe
c:\windows\system32\30956.exe
c:\windows\system32\30959.exe
c:\windows\system32\30978.exe
c:\windows\system32\30987.exe
c:\windows\system32\30992.exe
c:\windows\system32\30993.exe
c:\windows\system32\31016.exe
c:\windows\system32\31036.exe
c:\windows\system32\31039.exe
c:\windows\system32\31042.exe
c:\windows\system32\31068.exe
c:\windows\system32\3107.exe
c:\windows\system32\31071.exe
c:\windows\system32\31074.exe
c:\windows\system32\3109.exe
c:\windows\system32\31090.exe
c:\windows\system32\31095.exe
c:\windows\system32\31104.exe
c:\windows\system32\31115.exe
c:\windows\system32\31120.exe
c:\windows\system32\31121.exe
c:\windows\system32\31122.exe
c:\windows\system32\31131.exe
c:\windows\system32\31135.exe
c:\windows\system32\3115.exe
c:\windows\system32\31150.exe
c:\windows\system32\31155.exe
c:\windows\system32\31158.exe
c:\windows\system32\31163.exe
c:\windows\system32\31164.exe
c:\windows\system32\31170.exe
c:\windows\system32\31171.exe
c:\windows\system32\3118.exe
c:\windows\system32\31180.exe
c:\windows\system32\31184.exe
c:\windows\system32\31186.exe
c:\windows\system32\31189.exe
c:\windows\system32\31196.exe
c:\windows\system32\31216.exe
c:\windows\system32\31217.exe
c:\windows\system32\31226.exe
c:\windows\system32\31243.exe
c:\windows\system32\31252.exe
c:\windows\system32\31269.exe
c:\windows\system32\31273.exe
c:\windows\system32\31290.exe
c:\windows\system32\31307.exe
c:\windows\system32\3131.exe
c:\windows\system32\31312.exe
c:\windows\system32\31323.exe
c:\windows\system32\31334.exe
c:\windows\system32\31340.exe
c:\windows\system32\3135.exe
c:\windows\system32\31360.exe
c:\windows\system32\31365.exe
c:\windows\system32\31368.exe
c:\windows\system32\31381.exe
c:\windows\system32\31392.exe
c:\windows\system32\31401.exe
c:\windows\system32\31404.exe
c:\windows\system32\31417.exe
c:\windows\system32\31421.exe
c:\windows\system32\31435.exe
c:\windows\system32\31437.exe
c:\windows\system32\31440.exe
c:\windows\system32\31441.exe
c:\windows\system32\31442.exe
c:\windows\system32\31449.exe
c:\windows\system32\31453.exe
c:\windows\system32\31468.exe
c:\windows\system32\31471.exe
c:\windows\system32\3149.exe
c:\windows\system32\31497.exe
c:\windows\system32\31498.exe
c:\windows\system32\31500.exe
c:\windows\system32\31508.exe
c:\windows\system32\31509.exe
c:\windows\system32\31523.exe
c:\windows\system32\31525.exe
c:\windows\system32\31531.exe
c:\windows\system32\31532.exe
c:\windows\system32\31534.exe
c:\windows\system32\31536.exe
c:\windows\system32\31544.exe
c:\windows\system32\31568.exe
c:\windows\system32\31579.exe
c:\windows\system32\31580.exe
c:\windows\system32\31590.exe
c:\windows\system32\31591.exe
c:\windows\system32\31594.exe
c:\windows\system32\31598.exe
c:\windows\system32\31615.exe
c:\windows\system32\31654.exe
c:\windows\system32\31658.exe
c:\windows\system32\31673.exe
c:\windows\system32\31674.exe
c:\windows\system32\31680.exe
c:\windows\system32\31682.exe
c:\windows\system32\31685.exe
c:\windows\system32\31686.exe
c:\windows\system32\31687.exe
c:\windows\system32\31692.exe
c:\windows\system32\31702.exe
c:\windows\system32\31704.exe
c:\windows\system32\31713.exe
c:\windows\system32\31735.exe
c:\windows\system32\31738.exe
c:\windows\system32\31740.exe
c:\windows\system32\31741.exe
c:\windows\system32\31745.exe
c:\windows\system32\31755.exe
c:\windows\system32\31757.exe
c:\windows\system32\3176.exe
c:\windows\system32\3177.exe
c:\windows\system32\31779.exe
c:\windows\system32\31782.exe
c:\windows\system32\31784.exe
c:\windows\system32\3179.exe
c:\windows\system32\31798.exe
c:\windows\system32\318.exe
c:\windows\system32\31803.exe
c:\windows\system32\31806.exe
c:\windows\system32\31811.exe
c:\windows\system32\31846.exe
c:\windows\system32\31878.exe
c:\windows\system32\31886.exe
c:\windows\system32\31889.exe
c:\windows\system32\31892.exe
c:\windows\system32\31907.exe
c:\windows\system32\31918.exe
c:\windows\system32\31920.exe
c:\windows\system32\31926.exe
c:\windows\system32\31930.exe
c:\windows\system32\31946.exe
c:\windows\system32\31947.exe
c:\windows\system32\31953.exe
c:\windows\system32\3197.exe
c:\windows\system32\31980.exe
c:\windows\system32\31985.exe
c:\windows\system32\31991.exe
c:\windows\system32\32.exe
c:\windows\system32\32014.exe
c:\windows\system32\32025.exe
c:\windows\system32\32031.exe
c:\windows\system32\32042.exe
c:\windows\system32\32054.exe
c:\windows\system32\32074.exe
c:\windows\system32\32077.exe
c:\windows\system32\32081.exe
c:\windows\system32\32084.exe
c:\windows\system32\32092.exe
c:\windows\system32\32097.exe
c:\windows\system32\321.exe
c:\windows\system32\32107.exe
c:\windows\system32\32110.exe
c:\windows\system32\32119.exe
c:\windows\system32\32127.exe
c:\windows\system32\32132.exe
c:\windows\system32\32135.exe
c:\windows\system32\32138.exe
c:\windows\system32\32139.exe
c:\windows\system32\32147.exe
c:\windows\system32\32159.exe
c:\windows\system32\32169.exe
c:\windows\system32\32173.exe
c:\windows\system32\32190.exe
c:\windows\system32\32199.exe
c:\windows\system32\32215.exe
c:\windows\system32\32219.exe
c:\windows\system32\32244.exe
c:\windows\system32\32246.exe
c:\windows\system32\32266.exe
c:\windows\system32\32267.exe
c:\windows\system32\32278.exe
c:\windows\system32\3228.exe
c:\windows\system32\32280.exe
c:\windows\system32\32281.exe
c:\windows\system32\32285.exe
c:\windows\system32\32290.exe
c:\windows\system32\32302.exe
c:\windows\system32\32311.exe
c:\windows\system32\32316.exe
c:\windows\system32\32319.exe
c:\windows\system32\3232.exe
c:\windows\system32\3233.exe
c:\windows\system32\32340.exe
c:\windows\system32\32350.exe
c:\windows\system32\32352.exe
c:\windows\system32\32386.exe
c:\windows\system32\3239.exe
c:\windows\system32\32401.exe
c:\windows\system32\32403.exe
c:\windows\system32\32414.exe
c:\windows\system32\32419.exe
c:\windows\system32\3242.exe
c:\windows\system32\32420.exe
c:\windows\system32\32428.exe
c:\windows\system32\32433.exe
c:\windows\system32\32436.exe
c:\windows\system32\32438.exe
c:\windows\system32\32444.exe
c:\windows\system32\32452.exe
c:\windows\system32\32458.exe
c:\windows\system32\32480.exe
c:\windows\system32\32502.exe
c:\windows\system32\32503.exe
c:\windows\system32\32505.exe
c:\windows\system32\32510.exe
c:\windows\system32\32514.exe
c:\windows\system32\32537.exe
c:\windows\system32\32541.exe
c:\windows\system32\32546.exe
c:\windows\system32\32553.exe
c:\windows\system32\32560.exe
c:\windows\system32\32566.exe
c:\windows\system32\32568.exe
c:\windows\system32\32575.exe
c:\windows\system32\32587.exe
c:\windows\system32\32592.exe
c:\windows\system32\32598.exe
c:\windows\system32\326.exe
c:\windows\system32\32602.exe
c:\windows\system32\32605.exe
c:\windows\system32\32610.exe
c:\windows\system32\32611.exe
c:\windows\system32\32613.exe
c:\windows\system32\32614.exe
c:\windows\system32\32626.exe
c:\windows\system32\32631.exe
c:\windows\system32\32636.exe
c:\windows\system32\32640.exe
c:\windows\system32\32652.exe
c:\windows\system32\32659.exe
c:\windows\system32\32663.exe
c:\windows\system32\32703.exe
c:\windows\system32\32707.exe
c:\windows\system32\32720.exe
c:\windows\system32\32727.exe
c:\windows\system32\32728.exe
c:\windows\system32\32729.exe
c:\windows\system32\32737.exe
c:\windows\system32\32739.exe
c:\windows\system32\32742.exe
c:\windows\system32\32749.exe
c:\windows\system32\32754.exe
c:\windows\system32\32755.exe
c:\windows\system32\3281.exe
c:\windows\system32\3288.exe
c:\windows\system32\329.exe
c:\windows\system32\3290.exe
c:\windows\system32\3295.exe
c:\windows\system32\3303.exe
c:\windows\system32\331.exe
c:\windows\system32\3313.exe
c:\windows\system32\3315.exe
c:\windows\system32\3320.exe
c:\windows\system32\3324.exe
c:\windows\system32\3330.exe
c:\windows\system32\3336.exe
c:\windows\system32\3341.exe
c:\windows\system32\3345.exe
c:\windows\system32\3349.exe
c:\windows\system32\3355.exe
c:\windows\system32\3356.exe
c:\windows\system32\3358.exe
c:\windows\system32\336.exe
c:\windows\system32\3364.exe
c:\windows\system32\3367.exe
c:\windows\system32\3374.exe
c:\windows\system32\3387.exe
c:\windows\system32\3390.exe
c:\windows\system32\3394.exe
c:\windows\system32\342.exe
c:\windows\system32\3422.exe
c:\windows\system32\3424.exe
c:\windows\system32\3427.exe
c:\windows\system32\3443.exe
c:\windows\system32\3467.exe
c:\windows\system32\3469.exe
c:\windows\system32\3470.exe
c:\windows\system32\3480.exe
c:\windows\system32\3501.exe
c:\windows\system32\351.exe
c:\windows\system32\3514.exe
c:\windows\system32\352.exe
c:\windows\system32\3520.exe
c:\windows\system32\3525.exe
c:\windows\system32\3526.exe
c:\windows\system32\3534.exe
c:\windows\system32\3535.exe
c:\windows\system32\3537.exe
c:\windows\system32\3540.exe
c:\windows\system32\3559.exe
c:\windows\system32\3560.exe
c:\windows\system32\3567.exe
c:\windows\system32\3571.exe
c:\windows\system32\3577.exe
c:\windows\system32\3589.exe
c:\windows\system32\359.exe
c:\windows\system32\3590.exe
c:\windows\system32\36.exe
c:\windows\system32\3604.exe
c:\windows\system32\361.exe
c:\windows\system32\3611.exe
c:\windows\system32\3619.exe
c:\windows\system32\3636.exe
c:\windows\system32\3644.exe
c:\windows\system32\3647.exe
c:\windows\system32\3654.exe
c:\windows\system32\3662.exe
c:\windows\system32\3669.exe
c:\windows\system32\369.exe
c:\windows\system32\37.exe
c:\windows\system32\3715.exe
c:\windows\system32\3722.exe
c:\windows\system32\3728.exe
c:\windows\system32\3732.exe
c:\windows\system32\3736.exe
c:\windows\system32\3739.exe
c:\windows\system32\3742.exe
c:\windows\system32\3745.exe
c:\windows\system32\3748.exe
c:\windows\system32\3758.exe
c:\windows\system32\3770.exe
c:\windows\system32\3772.exe
c:\windows\system32\3774.exe
c:\windows\system32\3780.exe
c:\windows\system32\38.exe
c:\windows\system32\3808.exe
c:\windows\system32\381.exe
c:\windows\system32\3811.exe
c:\windows\system32\3814.exe
c:\windows\system32\3816.exe
c:\windows\system32\3839.exe
c:\windows\system32\3841.exe
c:\windows\system32\3845.exe
c:\windows\system32\3852.exe
c:\windows\system32\3859.exe
c:\windows\system32\3862.exe
c:\windows\system32\3879.exe
c:\windows\system32\3885.exe
c:\windows\system32\3891.exe
c:\windows\system32\390.exe
c:\windows\system32\3908.exe
c:\windows\system32\3912.exe
c:\windows\system32\3915.exe
c:\windows\system32\3923.exe
c:\windows\system32\3939.exe
c:\windows\system32\3959.exe
c:\windows\system32\3976.exe
c:\windows\system32\3978.exe
c:\windows\system32\3984.exe
c:\windows\system32\3988.exe
c:\windows\system32\399.exe
c:\windows\system32\3990.exe
c:\windows\system32\4007.exe
c:\windows\system32\4014.exe
c:\windows\system32\4019.exe
c:\windows\system32\402.exe
c:\windows\system32\4022.exe
c:\windows\system32\4040.exe
c:\windows\system32\405.exe
c:\windows\system32\4050.exe
c:\windows\system32\4065.exe
c:\windows\system32\4067.exe
c:\windows\system32\4082.exe
c:\windows\system32\4091.exe
c:\windows\system32\4105.exe
c:\windows\system32\4109.exe
c:\windows\system32\4111.exe
c:\windows\system32\4113.exe
c:\windows\system32\4123.exe
c:\windows\system32\4140.exe
c:\windows\system32\4146.exe
c:\windows\system32\4147.exe
c:\windows\system32\415.exe
c:\windows\system32\4153.exe
c:\windows\system32\4164.exe
c:\windows\system32\4167.exe
c:\windows\system32\417.exe
c:\windows\system32\4190.exe
c:\windows\system32\4192.exe
c:\windows\system32\4208.exe
c:\windows\system32\4217.exe
c:\windows\system32\4220.exe
c:\windows\system32\423.exe
c:\windows\system32\4233.exe
c:\windows\system32\4236.exe
c:\windows\system32\4259.exe
c:\windows\system32\4265.exe
c:\windows\system32\427.exe
c:\windows\system32\4274.exe
c:\windows\system32\4287.exe
c:\windows\system32\4291.exe
c:\windows\system32\4302.exe
c:\windows\system32\4308.exe
c:\windows\system32\4309.exe
c:\windows\system32\4313.exe
c:\windows\system32\4318.exe
c:\windows\system32\4322.exe
c:\windows\system32\4330.exe
c:\windows\system32\4334.exe
c:\windows\system32\4341.exe
c:\windows\system32\4355.exe
c:\windows\system32\4361.exe
c:\windows\system32\4362.exe
c:\windows\system32\4367.exe
c:\windows\system32\4371.exe
c:\windows\system32\4373.exe
c:\windows\system32\4379.exe
c:\windows\system32\4401.exe
c:\windows\system32\4403.exe
c:\windows\system32\4405.exe
c:\windows\system32\4406.exe
c:\windows\system32\4413.exe
c:\windows\system32\4416.exe
c:\windows\system32\4425.exe
c:\windows\system32\4426.exe
c:\windows\system32\4432.exe
c:\windows\system32\4448.exe
c:\windows\system32\4456.exe
c:\windows\system32\4462.exe
c:\windows\system32\4468.exe
c:\windows\system32\4476.exe
c:\windows\system32\4478.exe
c:\windows\system32\4502.exe
c:\windows\system32\4504.exe
c:\windows\system32\4509.exe
c:\windows\system32\4510.exe
c:\windows\system32\4532.exe
c:\windows\system32\4533.exe
c:\windows\system32\4555.exe
c:\windows\system32\4571.exe
c:\windows\system32\4576.exe
c:\windows\system32\4589.exe
c:\windows\system32\4592.exe
c:\windows\system32\460.exe
c:\windows\system32\4601.exe
c:\windows\system32\4622.exe
c:\windows\system32\4628.exe
c:\windows\system32\4631.exe
c:\windows\system32\4634.exe
c:\windows\system32\4664.exe
c:\windows\system32\4670.exe
c:\windows\system32\4671.exe
c:\windows\system32\4688.exe
c:\windows\system32\4698.exe
c:\windows\system32\4699.exe
c:\windows\system32\4703.exe
c:\windows\system32\4708.exe
c:\windows\system32\4709.exe
c:\windows\system32\4719.exe
c:\windows\system32\4721.exe
c:\windows\system32\4726.exe
c:\windows\system32\473.exe
c:\windows\system32\4736.exe
c:\windows\system32\4737.exe
c:\windows\system32\4738.exe
c:\windows\system32\475.exe
c:\windows\system32\4750.exe
c:\windows\system32\4765.exe
c:\windows\system32\4768.exe
c:\windows\system32\4770.exe
c:\windows\system32\4778.exe
c:\windows\system32\4784.exe
c:\windows\system32\4796.exe
c:\windows\system32\48.exe
c:\windows\system32\481.exe
c:\windows\system32\4814.exe
c:\windows\system32\4821.exe
c:\windows\system32\4825.exe
c:\windows\system32\483.exe
c:\windows\system32\4830.exe
c:\windows\system32\4835.exe
c:\windows\system32\4848.exe
c:\windows\system32\4851.exe
c:\windows\system32\4854.exe
c:\windows\system32\4855.exe
c:\windows\system32\4857.exe
c:\windows\system32\4860.exe
c:\windows\system32\4872.exe
c:\windows\system32\4877.exe
c:\windows\system32\4884.exe
c:\windows\system32\4919.exe
c:\windows\system32\4922.exe
c:\windows\system32\4933.exe
c:\windows\system32\4945.exe
c:\windows\system32\4961.exe
c:\windows\system32\4969.exe
c:\windows\system32\4972.exe
c:\windows\system32\4974.exe
c:\windows\system32\4976.exe
c:\windows\system32\4977.exe
c:\windows\system32\498.exe
c:\windows\system32\4981.exe
c:\windows\system32\4982.exe
c:\windows\system32\4985.exe
c:\windows\system32\4992.exe
c:\windows\system32\5003.exe
c:\windows\system32\5009.exe
c:\windows\system32\5019.exe
c:\windows\system32\5020.exe
c:\windows\system32\5021.exe
c:\windows\system32\5027.exe
c:\windows\system32\5037.exe
c:\windows\system32\5039.exe
c:\windows\system32\5049.exe
c:\windows\system32\5051.exe
c:\windows\system32\5053.exe
c:\windows\system32\5055.exe
c:\windows\system32\5060.exe
c:\windows\system32\5063.exe
c:\windows\system32\5072.exe
c:\windows\system32\5089.exe
c:\windows\system32\5097.exe
c:\windows\system32\510.exe
c:\windows\system32\5100.exe
c:\windows\system32\5108.exe
c:\windows\system32\5110.exe
c:\windows\system32\5113.exe
c:\windows\system32\5115.exe
c:\windows\system32\5120.exe
c:\windows\system32\5122.exe
c:\windows\system32\5124.exe
c:\windows\system32\5126.exe
c:\windows\system32\513.exe
c:\windows\system32\5138.exe
c:\windows\system32\5140.exe
c:\windows\system32\5146.exe
c:\windows\system32\515.exe
c:\windows\system32\5153.exe
c:\windows\system32\5162.exe
c:\windows\system32\5167.exe
c:\windows\system32\5173.exe
c:\windows\system32\5177.exe
c:\windows\system32\5178.exe
c:\windows\system32\5179.exe
c:\windows\system32\5180.exe
c:\windows\system32\5182.exe
c:\windows\system32\5187.exe
c:\windows\system32\5196.exe
c:\windows\system32\5203.exe
c:\windows\system32\5207.exe
c:\windows\system32\521.exe
c:\windows\system32\5216.exe
c:\windows\system32\5221.exe
c:\windows\system32\5238.exe
c:\windows\system32\5257.exe
c:\windows\system32\5279.exe
c:\windows\system32\5281.exe
c:\windows\system32\5286.exe
c:\windows\system32\5298.exe
c:\windows\system32\5302.exe
c:\windows\system32\531.exe
c:\windows\system32\5316.exe
c:\windows\system32\5319.exe
c:\windows\system32\5324.exe
c:\windows\system32\5326.exe
c:\windows\system32\5329.exe
c:\windows\system32\5332.exe
c:\windows\system32\5339.exe
c:\windows\system32\534.exe
c:\windows\system32\5359.exe
c:\windows\system32\5368.exe
c:\windows\system32\537.exe
c:\windows\system32\5373.exe
c:\windows\system32\5377.exe
c:\windows\system32\538.exe
c:\windows\system32\5381.exe
c:\windows\system32\5387.exe
c:\windows\system32\5398.exe
c:\windows\system32\5400.exe
c:\windows\system32\5402.exe
c:\windows\system32\5404.exe
c:\windows\system32\5410.exe
c:\windows\system32\5424.exe
c:\windows\system32\5436.exe
c:\windows\system32\5452.exe
c:\windows\system32\5459.exe
c:\windows\system32\5468.exe
c:\windows\system32\5479.exe
c:\windows\system32\5490.exe
c:\windows\system32\5495.exe
c:\windows\system32\5510.exe
c:\windows\system32\5513.exe
c:\windows\system32\5522.exe
c:\windows\system32\5532.exe
c:\windows\system32\5534.exe
c:\windows\system32\5538.exe
c:\windows\system32\5542.exe
c:\windows\system32\5545.exe
c:\windows\system32\5551.exe
c:\windows\system32\5552.exe
c:\windows\system32\5563.exe
c:\windows\system32\5566.exe
c:\windows\system32\5570.exe
c:\windows\system32\5580.exe
c:\windows\system32\5598.exe
c:\windows\system32\560.exe
c:\windows\system32\5623.exe
c:\windows\system32\5625.exe
c:\windows\system32\5628.exe
c:\windows\system32\5636.exe
c:\windows\system32\5646.exe
c:\windows\system32\5650.exe
c:\windows\system32\5656.exe
c:\windows\system32\5663.exe
c:\windows\system32\5664.exe
c:\windows\system32\5672.exe
c:\windows\system32\5675.exe
c:\windows\system32\5690.exe
c:\windows\system32\5694.exe
c:\windows\system32\5710.exe
c:\windows\system32\5718.exe
c:\windows\system32\5728.exe
c:\windows\system32\5733.exe
c:\windows\system32\574.exe
c:\windows\system32\5749.exe
c:\windows\system32\5775.exe
c:\windows\system32\5776.exe
c:\windows\system32\5778.exe
c:\windows\system32\5799.exe
c:\windows\system32\5803.exe
c:\windows\system32\5816.exe
c:\windows\system32\5819.exe
c:\windows\system32\5828.exe
c:\windows\system32\583.exe
c:\windows\system32\5834.exe
c:\windows\system32\5857.exe
c:\windows\system32\5864.exe
c:\windows\system32\5874.exe
c:\windows\system32\5875.exe
c:\windows\system32\5877.exe
c:\windows\system32\5885.exe
c:\windows\system32\59.exe
c:\windows\system32\5904.exe
c:\windows\system32\5911.exe
c:\windows\system32\5919.exe
c:\windows\system32\5924.exe
c:\windows\system32\5937.exe
c:\windows\system32\5947.exe
c:\windows\system32\5954.exe
c:\windows\system32\5958.exe
c:\windows\system32\5964.exe
c:\windows\system32\5972.exe
c:\windows\system32\5988.exe
c:\windows\system32\5997.exe
c:\windows\system32\5999.exe
c:\windows\system32\6010.exe
c:\windows\system32\6020.exe
c:\windows\system32\6022.exe
c:\windows\system32\6023.exe
c:\windows\system32\6045.exe
c:\windows\system32\6066.exe
c:\windows\system32\6074.exe
c:\windows\system32\6111.exe
c:\windows\system32\6112.exe
c:\windows\system32\6142.exe
c:\windows\system32\6144.exe
c:\windows\system32\6148.exe
c:\windows\system32\6157.exe
c:\windows\system32\6158.exe
c:\windows\system32\6160.exe
c:\windows\system32\6168.exe
c:\windows\system32\6169.exe
c:\windows\system32\617.exe
c:\windows\system32\6170.exe
c:\windows\system32\6173.exe
c:\windows\system32\6177.exe
c:\windows\system32\618.exe
c:\windows\system32\6180.exe
c:\windows\system32\6193.exe
c:\windows\system32\6199.exe
c:\windows\system32\62.exe
c:\windows\system32\6200.exe
c:\windows\system32\6203.exe
c:\windows\system32\6211.exe
c:\windows\system32\6212.exe
c:\windows\system32\6213.exe
c:\windows\system32\6218.exe
c:\windows\system32\622.exe
c:\windows\system32\6229.exe
c:\windows\system32\623.exe
c:\windows\system32\6239.exe
c:\windows\system32\625.exe
c:\windows\system32\6250.exe
c:\windows\system32\6252.exe
c:\windows\system32\6255.exe
c:\windows\system32\6264.exe
c:\windows\system32\6269.exe
c:\windows\system32\6282.exe
c:\windows\system32\6300.exe
c:\windows\system32\6312.exe
c:\windows\system32\632.exe
c:\windows\system32\6325.exe
c:\windows\system32\633.exe
c:\windows\system32\6335.exe
c:\windows\system32\634.exe
c:\windows\system32\6346.exe
c:\windows\system32\6353.exe
c:\windows\system32\6355.exe
c:\windows\system32\6362.exe
c:\windows\system32\638.exe
c:\windows\system32\6384.exe
c:\windows\system32\6398.exe
c:\windows\system32\6400.exe
c:\windows\system32\6401.exe
c:\windows\system32\6405.exe
c:\windows\system32\6418.exe
c:\windows\system32\642.exe
c:\windows\system32\6445.exe
c:\windows\system32\6447.exe
c:\windows\system32\6455.exe
c:\windows\system32\647.exe
c:\windows\system32\6471.exe
c:\windows\system32\6479.exe
c:\windows\system32\6490.exe
c:\windows\system32\6493.exe
c:\windows\system32\6502.exe
c:\windows\system32\6504.exe
c:\windows\system32\6506.exe
c:\windows\system32\652.exe
c:\windows\system32\6522.exe
c:\windows\system32\6524.exe
c:\windows\system32\6534.exe
c:\windows\system32\6536.exe
c:\windows\system32\6538.exe
c:\windows\system32\6545.exe
c:\windows\system32\6553.exe
c:\windows\system32\6557.exe
c:\windows\system32\6564.exe
c:\windows\system32\6565.exe
c:\windows\system32\6572.exe
c:\windows\system32\6576.exe
c:\windows\system32\6579.exe
c:\windows\system32\6582.exe
c:\windows\system32\6595.exe
c:\windows\system32\6597.exe
c:\windows\system32\6608.exe
c:\windows\system32\6612.exe
c:\windows\system32\6639.exe
c:\windows\system32\6646.exe
c:\windows\system32\6659.exe
c:\windows\system32\667.exe
c:\windows\system32\6680.exe
c:\windows\system32\6692.exe
c:\windows\system32\6697.exe
c:\windows\system32\670.exe
c:\windows\system32\6701.exe
c:\windows\system32\6705.exe
c:\windows\system32\6706.exe
c:\windows\system32\6708.exe
c:\windows\system32\673.exe
c:\windows\system32\6730.exe
c:\windows\system32\6766.exe
c:\windows\system32\6768.exe
c:\windows\system32\6772.exe
c:\windows\system32\678.exe
c:\windows\system32\6802.exe
c:\windows\system32\6815.exe
c:\windows\system32\6823.exe
c:\windows\system32\6825.exe
c:\windows\system32\6828.exe
c:\windows\system32\6831.exe
c:\windows\system32\6845.exe
c:\windows\system32\685.exe
c:\windows\system32\686.exe
c:\windows\system32\6868.exe
c:\windows\system32\687.exe
c:\windows\system32\6874.exe
c:\windows\system32\6877.exe
c:\windows\system32\6882.exe
c:\windows\system32\6885.exe
c:\windows\system32\6887.exe
c:\windows\system32\6896.exe
c:\windows\system32\6903.exe
c:\windows\system32\6913.exe
c:\windows\system32\6922.exe
c:\windows\system32\6934.exe
c:\windows\system32\6939.exe
c:\windows\system32\6943.exe
c:\windows\system32\6952.exe
c:\windows\system32\6968.exe
c:\windows\system32\6974.exe
c:\windows\system32\6980.exe
c:\windows\system32\6986.exe
c:\windows\system32\6990.exe
c:\windows\system32\6993.exe
c:\windows\system32\6998.exe
c:\windows\system32\7006.exe
c:\windows\system32\701.exe
c:\windows\system32\7011.exe
c:\windows\system32\7028.exe
c:\windows\system32\703.exe
c:\windows\system32\7030.exe
c:\windows\system32\7033.exe
c:\windows\system32\705.exe
c:\windows\system32\7057.exe
c:\windows\system32\7058.exe
c:\windows\system32\7088.exe
c:\windows\system32\7102.exe
c:\windows\system32\7104.exe
c:\windows\system32\711.exe
c:\windows\system32\7122.exe
c:\windows\system32\7130.exe
c:\windows\system32\7131.exe
c:\windows\system32\7138.exe
c:\windows\system32\7141.exe
c:\windows\system32\7146.exe
c:\windows\system32\7163.exe
c:\windows\system32\7168.exe
c:\windows\system32\7180.exe
c:\windows\system32\7183.exe
c:\windows\system32\7185.exe
c:\windows\system32\7191.exe
c:\windows\system32\7222.exe
c:\windows\system32\7236.exe
c:\windows\system32\724.exe
c:\windows\system32\7245.exe
c:\windows\system32\7246.exe
c:\windows\system32\7257.exe
c:\windows\system32\7261.exe
c:\windows\system32\7262.exe
c:\windows\system32\7266.exe
c:\windows\system32\7269.exe
c:\windows\system32\727.exe
c:\windows\system32\7281.exe
c:\windows\system32\7305.exe
c:\windows\system32\7308.exe
c:\windows\system32\7312.exe
c:\windows\system32\7314.exe
c:\windows\system32\7341.exe
c:\windows\system32\7348.exe
c:\windows\system32\7353.exe
c:\windows\system32\7359.exe
c:\windows\system32\737.exe
c:\windows\system32\7374.exe
c:\windows\system32\7383.exe
c:\windows\system32\7386.exe
c:\windows\system32\739.exe
c:\windows\system32\7407.exe
c:\windows\system32\7442.exe
c:\windows\system32\7456.exe
c:\windows\system32\7458.exe
c:\windows\system32\7466.exe
c:\windows\system32\7471.exe
c:\windows\system32\7481.exe
c:\windows\system32\7495.exe
c:\windows\system32\7497.exe
c:\windows\system32\7499.exe
c:\windows\system32\7504.exe
c:\windows\system32\7527.exe
c:\windows\system32\7536.exe
c:\windows\system32\7539.exe
c:\windows\system32\7540.exe
c:\windows\system32\7547.exe
c:\windows\system32\7553.exe
c:\windows\system32\7558.exe
c:\windows\system32\757.exe
c:\windows\system32\7576.exe
c:\windows\system32\759.exe
c:\windows\system32\7595.exe
c:\windows\system32\7596.exe
c:\windows\system32\7598.exe
c:\windows\system32\7599.exe
c:\windows\system32\760.exe
c:\windows\system32\7607.exe
c:\windows\system32\7617.exe
c:\windows\system32\762.exe
c:\windows\system32\7625.exe
c:\windows\system32\7636.exe
c:\windows\system32\7641.exe
c:\windows\system32\7643.exe
c:\windows\system32\7645.exe
c:\windows\system32\7649.exe
c:\windows\system32\765.exe
c:\windows\system32\7680.exe
c:\windows\system32\7683.exe
c:\windows\system32\7692.exe
c:\windows\system32\7695.exe
c:\windows\system32\7696.exe
c:\windows\system32\7701.exe
c:\windows\system32\7709.exe
c:\windows\system32\7718.exe
c:\windows\system32\7720.exe
c:\windows\system32\7725.exe
c:\windows\system32\7728.exe
c:\windows\system32\7732.exe
c:\windows\system32\7748.exe
c:\windows\system32\7774.exe
c:\windows\system32\7776.exe
c:\windows\system32\7778.exe
c:\windows\system32\7779.exe
c:\windows\system32\7789.exe
c:\windows\system32\7794.exe
c:\windows\system32\780.exe
c:\windows\system32\7802.exe
c:\windows\system32\7808.exe
c:\windows\system32\7814.exe
c:\windows\system32\7825.exe
c:\windows\system32\7836.exe
c:\windows\system32\7839.exe
c:\windows\system32\7849.exe
c:\windows\system32\7851.exe
c:\windows\system32\7854.exe
c:\windows\system32\7855.exe
c:\windows\system32\7866.exe
c:\windows\system32\7867.exe
c:\windows\system32\7881.exe
c:\windows\system32\7888.exe
c:\windows\system32\789.exe
c:\windows\system32\7905.exe
c:\windows\system32\7909.exe
c:\windows\system32\7913.exe
c:\windows\system32\7918.exe
c:\windows\system32\7920.exe
c:\windows\system32\7930.exe
c:\windows\system32\7951.exe
c:\windows\system32\7959.exe
c:\windows\system32\7964.exe
c:\windows\system32\7971.exe
c:\windows\system32\7973.exe
c:\windows\system32\7979.exe
c:\windows\system32\7983.exe
c:\windows\system32\7991.exe
c:\windows\system32\8009.exe
c:\windows\system32\8019.exe
c:\windows\system32\8021.exe
c:\windows\system32\8029.exe
c:\windows\system32\8038.exe
c:\windows\system32\8042.exe
c:\windows\system32\8043.exe
c:\windows\system32\8053.exe
c:\windows\system32\8063.exe
c:\windows\system32\8069.exe
c:\windows\system32\8072.exe
c:\windows\system32\8075.exe
c:\windows\system32\8076.exe
c:\windows\system32\8081.exe
c:\windows\system32\8097.exe
c:\windows\system32\8099.exe
c:\windows\system32\81.exe
c:\windows\system32\8108.exe
c:\windows\system32\8112.exe
c:\windows\system32\8113.exe
c:\windows\system32\8123.exe
c:\windows\system32\8138.exe
c:\windows\system32\8159.exe
c:\windows\system32\8173.exe
c:\windows\system32\8176.exe
c:\windows\system32\8178.exe
c:\windows\system32\8181.exe
c:\windows\system32\819.exe
c:\windows\system32\8194.exe
c:\windows\system32\8196.exe
c:\windows\system32\8208.exe
c:\windows\system32\8211.exe
c:\windows\system32\8242.exe
c:\windows\system32\8243.exe
c:\windows\system32\8245.exe
c:\windows\system32\8247.exe
c:\windows\system32\8250.exe
c:\windows\system32\8262.exe
c:\windows\system32\8266.exe
c:\windows\system32\8271.exe
c:\windows\system32\8273.exe
c:\windows\system32\8276.exe
c:\windows\system32\8284.exe
c:\windows\system32\830.exe
c:\windows\system32\8302.exe
c:\windows\system32\8306.exe
c:\windows\system32\8318.exe
c:\windows\system32\8327.exe
c:\windows\system32\8332.exe
c:\windows\system32\8339.exe
c:\windows\system32\8347.exe
c:\windows\system32\835.exe
c:\windows\system32\8372.exe
c:\windows\system32\8374.exe
c:\windows\system32\8380.exe
c:\windows\system32\8386.exe
c:\windows\system32\8387.exe
c:\windows\system32\8396.exe
c:\windows\system32\8397.exe
c:\windows\system32\8401.exe
c:\windows\system32\841.exe
c:\windows\system32\8415.exe
c:\windows\system32\8416.exe
c:\windows\system32\8420.exe
c:\windows\system32\8421.exe
c:\windows\system32\8446.exe
c:\windows\system32\8448.exe
c:\windows\system32\8453.exe
c:\windows\system32\8466.exe
c:\windows\system32\8467.exe
c:\windows\system32\8485.exe
c:\windows\system32\8494.exe
c:\windows\system32\85.exe
c:\windows\system32\850.exe
c:\windows\system32\8506.exe
c:\windows\system32\8508.exe
c:\windows\system32\8512.exe
c:\windows\system32\8513.exe
c:\windows\system32\8519.exe
c:\windows\system32\8521.exe
c:\windows\system32\8537.exe
c:\windows\system32\8543.exe
c:\windows\system32\8549.exe
c:\windows\system32\8550.exe
c:\windows\system32\8555.exe
c:\windows\system32\8559.exe
c:\windows\system32\8583.exe
c:\windows\system32\8594.exe
c:\windows\system32\8602.exe
c:\windows\system32\8604.exe
c:\windows\system32\8608.exe
c:\windows\system32\861.exe
c:\windows\system32\8610.exe
c:\windows\system32\8618.exe
c:\windows\system32\863.exe
c:\windows\system32\8639.exe
c:\windows\system32\864.exe
c:\windows\system32\8640.exe
c:\windows\system32\8641.exe
c:\windows\system32\8650.exe
c:\windows\system32\8656.exe
c:\windows\system32\8663.exe
c:\windows\system32\8673.exe
c:\windows\system32\869.exe
c:\windows\system32\8697.exe
c:\windows\system32\8699.exe
c:\windows\system32\8706.exe
c:\windows\system32\8707.exe
c:\windows\system32\871.exe
c:\windows\system32\8735.exe
c:\windows\system32\8738.exe
c:\windows\system32\8748.exe
c:\windows\system32\8750.exe
c:\windows\system32\8758.exe
c:\windows\system32\8761.exe
c:\windows\system32\8774.exe
c:\windows\system32\8778.exe
c:\windows\system32\8783.exe
c:\windows\system32\8799.exe
c:\windows\system32\88.exe
c:\windows\system32\8801.exe
c:\windows\system32\8803.exe
c:\windows\system32\8815.exe
c:\windows\system32\8818.exe
c:\windows\system32\8829.exe
c:\windows\system32\8841.exe
c:\windows\system32\8855.exe
c:\windows\system32\8866.exe
c:\windows\system32\8871.exe
c:\windows\system32\8876.exe
c:\windows\system32\8877.exe
c:\windows\system32\8885.exe
c:\windows\system32\89.exe
c:\windows\system32\8901.exe
c:\windows\system32\8903.exe
c:\windows\system32\8914.exe
c:\windows\system32\8927.exe
c:\windows\system32\894.exe
c:\windows\system32\8945.exe
c:\windows\system32\8968.exe
c:\windows\system32\8981.exe
c:\windows\system32\8986.exe
c:\windows\system32\8997.exe
c:\windows\system32\9004.exe
c:\windows\system32\9006.exe
c:\windows\system32\9031.exe
c:\windows\system32\9032.exe
c:\windows\system32\9038.exe
c:\windows\system32\9051.exe
c:\windows\system32\9074.exe
c:\windows\system32\9075.exe
c:\windows\system32\9077.exe
c:\windows\system32\9081.exe
c:\windows\system32\9099.exe
c:\windows\system32\9101.exe
c:\windows\system32\9102.exe
c:\windows\system32\9109.exe
c:\windows\system32\9131.exe
c:\windows\system32\9136.exe
c:\windows\system32\9142.exe
c:\windows\system32\9150.exe
c:\windows\system32\9157.exe
c:\windows\system32\9174.exe
c:\windows\system32\9176.exe
c:\windows\system32\9183.exe
c:\windows\system32\9189.exe
c:\windows\system32\9194.exe
c:\windows\system32\9195.exe
c:\windows\system32\92.exe
c:\windows\system32\9204.exe
c:\windows\system32\9209.exe
c:\windows\system32\9214.exe
c:\windows\system32\9222.exe
c:\windows\system32\9226.exe
c:\windows\system32\9231.exe
c:\windows\system32\9233.exe
c:\windows\system32\9241.exe
c:\windows\system32\9246.exe
c:\windows\system32\9252.exe
c:\windows\system32\9262.exe
c:\windows\system32\9265.exe
c:\windows\system32\9272.exe
c:\windows\system32\9283.exe
c:\windows\system32\9292.exe
c:\windows\system32\9295.exe
c:\windows\system32\9301.exe
c:\windows\system32\9302.exe
c:\windows\system32\9312.exe
c:\windows\system32\9316.exe
c:\windows\system32\9339.exe
c:\windows\system32\9342.exe
c:\windows\system32\935.exe
c:\windows\system32\9357.exe
c:\windows\system32\9361.exe
c:\windows\system32\9369.exe
c:\windows\system32\9374.exe
c:\windows\system32\9375.exe
c:\windows\system32\9383.exe
c:\windows\system32\9391.exe
c:\windows\system32\9392.exe
c:\windows\system32\9399.exe
c:\windows\system32\9406.exe
c:\windows\system32\9418.exe
c:\windows\system32\9420.exe
c:\windows\system32\9423.exe
c:\windows\system32\9432.exe
c:\windows\system32\9433.exe
c:\windows\system32\9435.exe
c:\windows\system32\9442.exe
c:\windows\system32\945.exe
c:\windows\system32\9458.exe
c:\windows\system32\9460.exe
c:\windows\system32\947.exe
c:\windows\system32\9479.exe
c:\windows\system32\9482.exe
c:\windows\system32\9486.exe
c:\windows\system32\9489.exe
c:\windows\system32\9490.exe
c:\windows\system32\9492.exe
c:\windows\system32\9495.exe
c:\windows\system32\9517.exe
c:\windows\system32\9522.exe
c:\windows\system32\9528.exe
c:\windows\system32\9534.exe
c:\windows\system32\9537.exe
c:\windows\system32\9541.exe
c:\windows\system32\9547.exe
c:\windows\system32\956.exe
c:\windows\system32\9564.exe
c:\windows\system32\9568.exe
c:\windows\system32\9575.exe
c:\windows\system32\9579.exe
c:\windows\system32\9590.exe
c:\windows\system32\9593.exe
c:\windows\system32\960.exe
c:\windows\system32\961.exe
c:\windows\system32\9612.exe
c:\windows\system32\9613.exe
c:\windows\system32\962.exe
c:\windows\system32\9628.exe
c:\windows\system32\9643.exe
c:\windows\system32\9658.exe
c:\windows\system32\9662.exe
c:\windows\system32\9667.exe
c:\windows\system32\9671.exe
c:\windows\system32\9679.exe
c:\windows\system32\9684.exe
c:\windows\system32\9695.exe
c:\windows\system32\9704.exe
c:\windows\system32\9705.exe
c:\windows\system32\9712.exe
c:\windows\system32\9720.exe
c:\windows\system32\9723.exe
c:\windows\system32\9727.exe
c:\windows\system32\9729.exe
c:\windows\system32\9733.exe
c:\windows\system32\9746.exe
c:\windows\system32\9755.exe
c:\windows\system32\9774.exe
c:\windows\system32\9786.exe
c:\windows\system32\979.exe
c:\windows\system32\9796.exe
c:\windows\system32\9797.exe
c:\windows\system32\980.exe
c:\windows\system32\9800.exe
c:\windows\system32\9810.exe
c:\windows\system32\9818.exe
c:\windows\system32\9824.exe
c:\windows\system32\9841.exe
c:\windows\system32\9854.exe
c:\windows\system32\9870.exe
c:\windows\system32\9887.exe
c:\windows\system32\9888.exe
c:\windows\system32\9889.exe
c:\windows\system32\9903.exe
c:\windows\system32\9914.exe
c:\windows\system32\9926.exe
c:\windows\system32\9934.exe
c:\windows\system32\9942.exe
c:\windows\system32\9957.exe
c:\windows\system32\9962.exe
c:\windows\system32\9964.exe
c:\windows\system32\9968.exe
c:\windows\system32\9978.exe
c:\windows\system32\9985.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\dopejujo.exe
c:\windows\system32\gohumuke.exe
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\karumuta.exe
c:\windows\system32\rundll32 .exe
c:\windows\Tasks.\yxyaursg.job
c:\windows\Tasks.\yxyaursg.job . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://77.74.48.118
hxxp://85.12.18.120
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\$NtServicePackUninstall$\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-04-16 to 2010-05-16 )))))))))))))))))))))))))))))))
.

2010-05-16 02:06 . 2004-08-04 10:00 50176 ----a-w- c:\windows\system32\proquota.exe
2010-05-15 19:43 . 2010-05-15 19:43 -------- d-----w- c:\documents and settings\Sandra\Application Data\MSNInstaller
2010-05-15 18:41 . 2010-05-15 18:56 -------- d-----w- C:\george17333g
2010-05-15 07:18 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-15 07:18 . 2010-05-15 07:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 07:18 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-15 07:04 . 2010-05-15 07:04 -------- d-----w- C:\_OTL
2010-05-13 22:12 . 2010-05-13 22:12 -------- d-----w- c:\documents and settings\Sandra\Application Data\Malwarebytes
2010-05-13 22:09 . 2010-05-13 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 22:07 . 2010-05-13 22:07 -------- d-----w- c:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 19:49 . 2009-01-04 16:30 -------- d-----w- c:\program files\Common Files\Apple
2010-05-15 19:44 . 2008-07-28 04:40 -------- d-----w- c:\program files\Google
2010-05-15 19:41 . 2009-09-23 01:07 -------- d-----w- c:\program files\Yahoo!
2010-05-15 19:39 . 2009-09-23 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-13 23:01 . 2009-11-20 21:47 -------- d-----w- c:\program files\McAfee
2010-05-08 19:02 . 2009-09-30 19:58 -------- d-----w- c:\program files\Reg Tool
2009-12-11 20:19 . 2009-12-11 20:19 2098 --sh--w- c:\windows\system32\bakemana.exe
2009-09-15 08:19 . 2009-09-15 08:19 512 --sha-w- c:\windows\system32\gizababi.exe
2009-12-19 08:26 . 2009-12-19 08:26 2098 --sh--w- c:\windows\system32\nuweyeho.exe
2009-12-13 08:20 . 2009-12-13 08:20 2098 --sh--w- c:\windows\system32\woyupide.exe
.
<pre>
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\roxwatchtray9 .exe
c:\program files\CyberLink\PowerDVD DX\pdvddxsrv .exe
c:\program files\Dell\Media Experience\pcmservice .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\McAfee\MHN\mcenui .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\McAfee.com\Agent\mcupda~1 .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\defmgr .exe
c:\program files\PureEdge\Viewer 6.5\masqform .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Real\RealPlayer\realplay .exe
c:\program files\Reg Tool\reg tool  .exe
c:\program files\SymNetDrv\sndwarn .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Yahoo!\Search Protection\searchprotection .exe
c:\windows\system32\DLA\tfswctrl .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [N/A]
"Advanced Virus Remover"="c:\program files\AdvancedVirusRemover\AVR.exe" [N/A]

c:\documents and settings\Sandra\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-28 02:51 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2009-10-29 13:54 1218008 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
2009-07-08 04:02 1176808 ----a-w- c:\progra~1\McAfee\MHN\McENUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/20/2009 3:56 PM 203280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SharedTaskScheduler-{0c984f89-2bd0-4b32-9739-09e9690af765} - c:\windows\system32\sarinavo.dll
SharedTaskScheduler-{a813d942-31ff-4a7b-af3a-1d3ef61c50eb} - c:\windows\system32\wahewefa.dll
SSODL-didogupow-{0c984f89-2bd0-4b32-9739-09e9690af765} - c:\windows\system32\sarinavo.dll
SSODL-newisuvuy-{a813d942-31ff-4a7b-af3a-1d3ef61c50eb} - c:\windows\system32\wahewefa.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-15 20:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(208)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\defrag.exe
c:\windows\system32\DfrgNtfs.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-05-15 21:13:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-16 03:13

Pre-Run: 580,427,776 bytes free
Post-Run: 357,629,952 bytes free

- - End Of File - - D1B0D34BB9F4525DB901EDC37EC17137
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,148 posts
  • MVP
Looks like the malware were having a convention in your PC.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\bakemana.exe
c:\windows\system32\gizababi.exe
c:\windows\system32\nuweyeho.exe
c:\windows\system32\woyupide.exe

RenV::
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\roxwatchtray9 .exe
c:\program files\CyberLink\PowerDVD DX\pdvddxsrv .exe
c:\program files\Dell\Media Experience\pcmservice .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\McAfee\MHN\mcenui .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\McAfee.com\Agent\mcupda~1 .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\defmgr .exe
c:\program files\PureEdge\Viewer 6.5\masqform .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Real\RealPlayer\realplay .exe
c:\program files\Reg Tool\reg tool  .exe
c:\program files\SymNetDrv\sndwarn .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Yahoo!\Search Protection\searchprotection .exe
c:\windows\system32\DLA\tfswctrl .exe

Folder::

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="-
"Advanced Virus Remover"=-



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Also do the BitDefender scan

http://www.bitdefend...nline/free.html

and post the log it generates.

I think you will need to uninstall McAfee and if it is a paid up subscription download a new copy and reinstall it. If it's not it would be better to download the free Avast!
http://www.avast.com...avast-home.html


Ron

Edited by RKinner, 17 May 2010 - 07:41 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP